Internets of Interest for 13th April 2012


Collection of useful, relevant or just fun places on the Internets for 13th April 2012 and a bit commentary about what I’ve found interesting about them:

When you share personal data with Facebook friends, you’re sharing your personal data with every app your friends use – raganwald’s posterous –

Facebook prefers that you share your behaviour with as much of the world as possible. It’s possible to control what you share using now-you-see-them, now-you-don’t controls that they provide. For example, you can say that you are only sharing your Work History with friends, but not with friends of friends. If Tom’s your friend, Tom can see that you used to work for Initech, but his buddy Jerry can’t.

Except that now Facebook does.

Should Amazon Define Cloud Standards? – Network Computing – Hysterical debate from server admininstrators (ie cloud operators) who have never had to deal with multi-vendor standards before. I look on and laugh as the rest of infrastructure learns how to interoperate and co-operate. It’s going to be painful for them, they’ve never had think about it before. Note: C++, Ruby, Python and Perl don’t count as “standards”.

The Inevitable Devolution of Standards Into Compliance Regimes – The Falcon’s View – Solid ideas, but overly wordy for me. Think this could be reduced to a few bullet points and be more useful.

The last question that all of this may raise is if it’s worth it, and if so, how to measure it? The answer is two-fold. At the operational level, measuring the state of compliance should be sufficient, combined with monitoring and response capabilities, assuming that proper risk management consideration has gone into the specification of control requirements. At the strategic level, there is then an increasingly important need for a formal, well-defined, well-documented risk management process that leads to legally defensible decisions that help the business establish reasonable risk tolerance and risk capacity levels, and that ensures business survivability (because survivability should be the goal, rather than the failed perspective of trying to stop all badness from happening).

Creating culture of IT innovation includes rewarding failure –

A second barrier is process. “I truly believe process kills innovation,” he said. “I’d never come into an organization in my career outside of the government that was as process-bound as [Kimberly-Clark] was.”

marvellous story. Simply marvellous. If we could get more leadership like this, IT would be a better place.

Think 4G is 10 times faster? Think again — Tech News and Analysis – Although Apptivity product from Riverbed wrote this entirely self interested post, I’d like ot point out that this is the fortieth or fiftieth product I’ve seen in ten years that does app acceleration and I fully expect this product to fail too.

When it comes to Web performance, you need to invest in the areas that have the highest likelihood for significant returns. The networks are already fast enough. We need to find other areas that promise more return on performance investments.

How Google is using OpenFlow to lower its network costs — Cloud Computing News – Two things. One, a live OpenFlow/SDN deployment

Google is trying the protocol out between data centers, although Hölzle didn’t disclose details about how much Google is saving and how widespread the implementation is. Hölzle said the search giant was trying to see how it could make its wide-area network and long-distance network more flexible and speed up the delivery of services to users without adding costs. However, costs for Google aren’t just measured in terms of bandwidth, but also in terms of people required to operate the network or configuring it.

No mention of the developers and managers who wrote the controller and app that runs the system. You need to understand the whole system, not just part of it to make these statements. You don’t save money on OpenFlow/SDN, you just spend it somewhere else.

Let’s not be friends – Great discussion on why Facebook is losing ground with a lot of people. Facebook is a like a friend who is into Amway – after  a while they can’t help but try and sell you dish drops or something. You don’t stay friends for long……..

So we started meeting up for lunch every couple of weeks. And like clockwork, about 30 minutes into the meal, he would reach into his bag and pull out a catalog of stuff he was selling to support some of his entrepreneurial endeavors. I mean, every single time we met he would try to sell me stuff. Aggressively.

How many people are still checking Facebook regularly ?

Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results – Short version – yes. Enterprise grade AV/Malware software detected nothing for an active attack. Script kiddies maybe.

If anyone needs just a little proof that you are using A/V products to mainly defend against low-skilled attackers, then there it is. I asked that the attack team use skills learned in most Penetration Testing courses. They didn’t use anything really advanced, which is one of the reasons many argue that even the “Advanced Persistence Threat” isn’t really that advanced. We even made many mistakes during the attack. Even then… nothing was found and nothing was automatically blocked. If this were a real compromise, we could have been on this network for months or years prior to anyone finding us. Just like in the real world.

A must read.

Create Your Own Network Assessment Appliance | The Little Things

I often find myself assessing a foreign network infrastructure for performance or other issues. Depending on the size of the environment, digesting everything can be daunting without the help of some third party tools. I’ve been using a custom Linux VM on my workstation that has all kinds of tools specifically for gathering information about a network’s performance, layout, and statistics. I’ve decided to retool the VM I currently use and take better notes on what I install so others may do the same if they so desire.

Zachary Loeber provides a run down on a whole bunch of Open Source tools that I didn’t know about, including installation tips. Nedi, Observium, Xerela, Smokeping, Nipper-NG. Must bookmark.

Java: The OSX and Cross-Platform Nightmare | threatpost

Even if Apple closes the patch gap the cross-platform Java problem remains. Oracle really needs to step up its game. Its security team should have an easy time getting the necessary resources. After all, these days Microsoft and Adobe generally get praised for their approaches to security. So there’s really no excuse for Oracle here.

Until the day comes where Oracle visibly commits to security the best course of action is to uninstall Java. Regardless of what platform you’re on. Hopefully that will encourage Oracle to improve the overall security of its products.