19 posts • joined 24 Jul 2009
No one ever heard of risk analysis?
When I was named disaster recovery coordinator for a company over 30 years ago, the first thing I did was create and publish a policy for how many employees could be on the same transport vehicle, and which officers could NOT travel together. Some stories state that the 100 best and brightest AIDs researchers were on this one plane. That scares the heck out of me to think of what other conference have this risk associated with them.
Choice versus forced...
It was pretty obvious that Microsoft software was designed from the ground up to be complicated enough that it kept IT staff and helpdesk agents employed. Therefore, their software was mandated by many IT departments. If you've tried to add a printer on Windows versus a Mac or iPad, you know exactly what I am saying.
Now that the end users have a choice, they have voted on this strategy by buying products that are intuitive to use and don't need an army of sysadmins to configure and use.
The solution is so clear...
SPYRUS has been making secure USB flash drives for years, and they are always exhibiting at government shows. Not only is the drive encrypted, but it can be locked down to a specific computer or set of computers - and remotely wiped if if manages to sneak out the door. WTF is any government agency or organization thinking when they let unencrypted, uncontrolled USB flash drives on the premises?
Malwarebytes' flagged core Windows system files as malicious
Yes, yes it is... malicious, that is. One more reason to switch operating systems to something that's not malicious.
I bought one of the first ones delivered to California and my only complaint revolves around the new audio/nav system. Rather than the 12 hard keys in the previous model, this one has far fewer and everything is on a very sloggy menu system with multiple levels before you can get to the function that you want. I have to take my eyes off the road much more often to get the same work done than I did with the previous generation.
Frankly, I only use PayPal because ebay doesn't give you a choice in the matter. PayPal sucks on so many levels, especially as a seller. They double dip and have zero customer support if you need help, like a customer claiming that their package never arrived even though you have proof of delivery. Three cheers for the competition.
SPYRUS makes drives that can help prevent this
On the Hydra Privacy Card, every file is encrypted under its own key. Even if you unlock the drive to get to your files, the files are still encrypted until you explicitly decrypt them. Since you can set a policy on the drive that will only allow encrypted data to be stored, it it impossible for malware to run - since it cannot be put there in the first place.
Thank the maker
I am really sick of all of the cross-posting that I see, especially Twitter feeds on FaceBook and LinkedIn. For gosh sakes, I really don't need to see tweets in 3 locations - and AFAIK there is no way to tell FB or LI that I really don't want to see them. There also is no way to tell FB that while I want to see my friends' typed updates, I could care less that they planted another frikkin' carrot on FarmVille.
I can't believe MS customers put up with this...
There are how many client versions of Windows 7 out there? Home Basic, Home Premium, Professional, Enterprise, and Ultimate? And how many versions of MS Office? Office Home and Student, Office Home and Business, and Office Professional. Apple has it right; one client OS and one productivity suite for the desktop, and one client OS and one productivity suite for phones / tablets.
The Citrix Play?
If HP and Microsoft announce a major virtualization alliance, that could mean the death of Citrix's XenServer division as we know it.
Google - The bastard child of Microsoft
Google has a hard act to follow - Microsoft did the same when it knifed its partners in the PlaysForSure alliance. Zune didn't support the PlaysForSure DRM and the Zune DRM wasn't open to the PlaysForSure alliance.
In case you don't know, Microsoft's Zune works only with its own content service called Zune Marketplace, not PlaysForSure. Microsoft announced that as of August 31, 2008, PlaysForSure content from their retired MSN Music store would need to be licensed to play before this date or burned permanently to CD, although this decision was later reversed due to the screaming of both alliance members and fucked-over customers.
Cloud computing, who's watching your back?
Cloud computing is all the rage this year, with Amazon’s Elastic Compute Cloud (EC2) and Simple Storage Service (S3), Agathon Group, ElasticHosts, and dozens of other providers available to you. Amazon S3 was down for nearly 8 hours on July 20, 2008, Gmail has suffered multiple outages of up to 2 1/2 hours affecting more than 113 million users, Ma.gnolia bookmarking service suffered a database failure, and Carbonite lost data belonging to 7,500 customers. Would an outage of any length affect your company? Do you have a business continuity plan should your hosted applications or data go offline, become corrupted, or destroyed?
Before you can develop a plan to respond to cloud computing issues, you need to understand what those issues are (risk analysis) and how they affect you (business impact analysis). Do you need to think about geographic dispersal of your application? Have you investigated trans-border data issues (Especially important if you serve customers in Europe)? So what questions should you be asking your cloud provider before you migrate your applications to their infrastructure? Here is my start on a checklist:
- What is the hosting provider’s overall uptime guarantee for a specific software instance (not the overall environment uptime)?
- Do you have a choice of data center(s) where your application will run?
- Will your application run on high availability (HA) systems?
- What is their disaster recovery plan, including response to a pandemic?
- How is the environment monitored for OS / DB / application failures and how are you notified?
- Who is responsible for bringing a crashed environment / application back online?
- Does the provider back up your data or is that left to the customer?
- How many generations of backup are maintained in case you need to recover from a data corruption issue?
- What is your RPO (recovery point objective) guarantee?
- Are backups protected from theft and damage?
- Are backups encrypted?
- How are the encryption keys rotated and managed?
- Are backups stored off-site?
- How is backup data secured from loss or theft?
- How does the service provider know who at your company is authorized to contact them by snail mail, email, or telephone and how do they authenticate the contact before making changes or releasing information?
Ron LaPedis, MBCP, MBCI, CISSP-ISSAP, ISSMP
In the spirit of Kevin Bloody Wilson
This falls right in line with Aussie Kevin Bloody Wilson's "Ho Ho F*cking Ho" Christmas Carol.
"Why wasn't there SAN replication?"
SAN replication may not have helped if the primary DB was corrupted, since it would also corrupt the replicate. The only way to recover from a corrupted DB is to load an online backup taken before the corruption occurred then replay the transaction logs up until just before the time of first corruption.
The risk here is that you can lose TX made to the DB after the first corruption happened, so you may need to re-enter those TX manually.
Been there, done that
HP NonStop Remote Database Facility has had cascading replication for at least 10 years. One of its major selling points is synchronous replication to a close-by site (for 0 RPO) with async replication to a further site for protection.
Yep, you are correct that SOME timeshare systems offered dialup, but surely Hunt the Wumpus didn't need to be as secure as Stanford's financials - which in theory should have been on another system. LHS also offered dial up, but again, nothing secure was supposed to be on the system.
Cloud Computing is Just Time Sharing Warmed Over
Cloud Computing is what graybeards used to call Time Sharing. When computers filled rooms and cost millions of dollars, many companies had a dumb terminal like a Teletype, IBM 3270 or ADM-2, or a combination card reader/printer in their office which was connected by a point-to-point leased telephone line to a central computer somewhere. Customers were billed for time and storage just as they are billed for computing in the cloud.
Compute jobs would be sent to the central computer and the results would come back a few minutes to several hours later. Hundreds of universities had rooms full of terminals that connected somewhere else. In the San Francisco Bay Area many schools connected to the LHS Decision time sharing system at the Lawrence Hall of Science to play Trek73, one of the earliest computer games.
Here are some of the main differences between Time Sharing and Cloud Computing:
- Time Sharing used a direct data connection from premise to premise
- Only one customer used the computer at a time or it was partitioned physically or logically (virtualized) to keep the users completely separated
- There was no possibility of public access to the system of any kind (i.e. not on a network)
With CPU cycles and software so cheap, does it make sense to move your business to the cloud? It might if you are a small or medium business (SMB) and either can’t or don’t want to pay for an IT staff. However, if you are a large corporation, you may not save much because the cost of your IT staff and infrastructure is spread over a lot of employees. In fact, a report issued earlier this month by international business consulting firm McKinsey & Company threw some cold water on the cloud computing hype, pointing to the technology’s limits in terms of cost scalability. McKinsey focused its cautionary advice on big companies, warning that “current cloud computing services are generally not cost effective for larger enterprises.”
There are also security and availability worries when your data no longer is under your own control. ”There are legitimate questions enterprises should ask about the security, scalability, availability and reliability of a cloud computing solution,” says John Sloan, an analyst with Info-Tech Research Group in London, Ontario.
Hackers have yet to siphon data out of a cloud (that we know of…), but the services themselves have experienced some serious outages – which could put you out of business if you don’t have a contingency plan in place. For example, last July 20, Amazon S3 went down for seven hours – the service’s second outage in 2008. What would happen to your business if access to email, accounting, and other information just stopped? I’m not saying this is an insurmountable problem, just that you need to be aware of the trade-offs between cost, availability, and security. If you want to take advantage of cloud computing to save money, that’s your decision. Just be sure that you carefully research your vendor, perform a risk analysis and business impact analysis then add up the numbers before you make the move. Remember that 99% uptime means 87 hours of downtime a year.
Many reasons for Desktop Virtualization
I've blogged extensively on desktop virtualization. It's great for BYOC (bring your own computer to work), to allow companies to build and maintain one and only on image for all PCs in the company, and finally to prevent data leakage. You can read my blog here:
"...and stop food distribution"
I have a quick solution to that one. Don't buy processed food and buy locally. As for the rest of it, yes, in theory, North Korea could do an EMP above the Pacific ocean and take out US, China, and Japan. Life's a bitch sometimes...
- iPad? More like iFAD: We reveal why Apple ran off to IBM
- +Analysis Microsoft: We're making ONE TRUE WINDOWS to rule us all
- Climate: 'An excuse for tax hikes', scientists 'don't know what they're talking about'
- Analysis Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
- Apple: We'll unleash OS X Yosemite beta on the MASSES July 24