News about Oracle's Solaris and Sun Hardware
System News
Oct 22nd, 2012 — Oct 28th, 2012 Generate the Custom HTML Email for this Issue
System News System News for Sun Users
Volume 176, Issue 4 << Previous Issue | Next Issue >>
Sections in this issue:
click to jump to section

Oracle White Papers on SPARC SuperCluster
Jeff Victor Chooses Four of Several

Oracle has recently published several white papers on uses and characteristics of the SPARC SuperCluster product, and Jeff Victor presents links to four of them in his blog, which are:

  • A Technical Overview of the Oracle SPARC SuperCluster T4-4

  • SPARC SuperCluster T4-4 Platform Security Principles and Capabilities

  • Consolidating Oacle E-Business Suite on Oracle's SPARC SuperCluster

  • Oracle Optimized Solution for Oracle PeopleSoft Human Capital Management on SPARC SuperCluster

Read on.

Epsilon Easily Manages 40% Annual Data Growth Rate with Oracle Solutions
Oracle Exdata Database Machine, Oracle Enterprise Manager Help to Manage Data Warehousing Operations
Implementing Oracle Exadata Database Machine running Oracle Linux and Oracle Enterprise Manager to power its data warehouse system has enabled Epsilon to meet customers’ real-time data requirements and service level agreements at previously unattainable rates in its operations that typically have demonstrated a data growth rate of 40 percent per year. Part of Epsilon's service portfolio involves management of customer loyalty programs for its clients that generate massive amounts of data and require high-performance transaction processing, tracking, configuring, logging, and campaign execution capabilities. Systems administrators an now significantly increase efficiency and productivity, and IT staff has been freed to focus on higher priority tasks.
Updates for Oracle VM Manager 3.1.1, Oracle VM Server for x86 3.1.1 Available
Validation Is Complete for Oracle VM Manager 3.1.1-478 with Oracle VM Server 3.1.1-485
Users can now download the latest update for Oracle VM Manager 3.1.1 update and the update for Oracle VM Server for x86 3.1.1. In addition, Honglin Su posts, Oracle VM Manager 3.1.1-478 has been validated in combination with Oracle VM Server 3.1.1-485. Download instructions are on OTN. The post advises users to read the README files of these patches and, as they suggest, schedule a maintenance window and apply the patch updates to their Oracle VM 3.1.1 environment. The post also suggests that users sign up to receive notification on the software update delivered to Oracle Unbreakable Linux Network for Oracle VM.
IT - Storage
7 Costly IAM Mistakes
Dark Reading October 23, 2012
"While IAM (Identity and Access) project failures may not quite rank up there with the biggest ERP blunders on record, they still rank high among some of IT security's most embarrassing wastes of investment. When organizations fail to properly align business processes with technology, don't account for the dynamic demands of users in accessing IT assets, and don't confer with the right stakeholders prior to deployment, IAM initiatives are put at risk. The following are the most expensive IAM mistakes many enterprises make today."
HDD Data Storage Remains Viable Despite Falling SSD Prices
eWeek October 18, 2012
"There was a lot of talk at the Storage Network World conference here about how steadily falling prices for solid state drives and Flash memory threaten the viability of hard disk drives in the computer industry.

While breakout sessions on SSD and Flash memory technology dominated the schedule during the conference Oct. 16-19, the general conclusion appeared to be that although price declines are eliminating the cost premium for Flash, it’s still too early to relegate HDDs to the IT scrap heap..."

Hybrid Hard Drives: How They Work and Why They Matter
NetworkWorld October 19, 2012
"An SSD can read and write data many times faster than the best mechanical hard drive. On the downside, flash memory is many times more expensive than the innards of a typical hard drive, so manufacturers have limited their SSD capacities to hit reasonable price points: A 128GB SSD costs about $130, and for that same price tag, you can buy a 3.5-inch desktop hard drive that delivers 2TB of storage, or a 2.5-inch laptop drive that provides 1TB of storage..."
Cloud Storage Specification Gets ISO approval
ComputerWorld October 19, 2012
"The International Organization for Standardization (ISO) has ratified the Cloud Data Management Interface (CDMI), a set of protocols defining how companies can safely move data between private and public clouds.

The Storage Networking Industry Association's (SNIA) Cloud Storage Initiative Group submitted the standard for approval by the ISO last spring. CDMI is the first industry-developed open standard specifically for data storage as a service..."

Facebook to Use 'Cold Storage' to Deal with Vast Amounts of Data
ComputerWorld October 17, 2012
"Facebook is rethinking the way it stores data to cope with the seven petabytes of new photos the social network's users upload every month. As the number of photos grows, Facebook needs to find cheaper, less power-hungry ways to store them all, according to the company's vice president of infrastructure engineering.

Users upload about 300 million photos a day, more on special occasions, Facebook's Jay Parikh told the Structure Europe conference in Amsterdam on Wednesday..."

Java Technology
Java Spotlight Episode 105: Mark Reinhold on the Future of Java
Java Veteran Is Oracle's Chief Architect, Java Platform Group
The guest on Episode 105 of the Java Spotlight is Mark Reinhold, Chief Architect of the Java Platform Group at Oracle, where he works on the Java Platform, Standard Edition, and OpenJDK. His past contributions to the platform include character-stream readers and writers, reference objects, shutdown hooks, the NIO high-performance I/O APIs, library generification, and service loaders. Mark was the lead engineer for the 1.2 and 5.0 releases and the specification lead for Java SE 6. He is currently leading the Jigsaw and JDK 7 Projects in the OpenJDK Community.
IT - Technology
45 Years of Creative Evolution In the IT Industry And Beyond
ComputerWorld October 22, 2012
"How different is the world of computing now from when the first issue of Computerworld rolled off the presses in 1967?

Here's a glimpse: One day around that time, Edward Glaser, chairman of computer science at Case Western Reserve University, was giving some of his students a tour of the rooms that held the school's Univac 1107. As he stood in front of the computer's flashing lights, the sound of tape spinning in the background, Glaser said, "By the time you're my age, maybe 20 years from now, you'll be able to hold all this computing power in something the size of a book."

Computers That Defined the Information Age Brought Back To Life
TechRepublic October 15, 2012
"It's only fitting that the engineer Tony Sale should lend his name to an award honouring projects that keep the memory of early computers alive.

Sale, who passed away last year, embarked on a 14-year rebuild of the World War II Colossus - the computer which helped crack ciphers used to protect Hitler's communications with his generals - with nothing more than eight photos of the machine.

Last week the winner of the Tony Sale Award for computer conservation was announced in London by the Computer Conservation Society (CCS)..."

    Gartner: 10 Critical IT Trends for the Next Five Years
    NetworkWorld October 22, 2012
    "Trying to stay ahead of the curve when it comes to IT issues is not a job for the faint of heart. That point was driven home at Gartner's IT annual IT Symposium fest here where analyst David Cappuccio outlined what he called "new forces that are not easily controlled by IT are pushing themselves to the forefront of IT spending."

    The forces of cloud computing, social media/networking, mobility and information management are all evolving at a rapid pace. These evolutions are largely happening despite the controls that IT normally places on the use of technologies, Cappuccio stated..."

    Gartner: Top 10 Strategic Technology Trends For 2013
    NetworkWorld October 23, 2012
    "If some of the top 10 strategic technology trends going into 2013 look familiar it's because quite a few -- like cloud computing and mobile trends -- have been around for awhile but are now either morphing or changing in ways that will continue to impact IT in the next year.

    That was but one of the conclusions emanating from Gartner's annual "Top 10 strategic technology trends for 2013" presentation here at the Gartner Symposium/ITxpo..."

    Origin of Quantum Mechanics in Under 5 minutes
    IT World October 15, 2012
    "This week on MinutePhysics, we get a guest lecturer - Neil Turok from the CBC's Massey Lectures - who brings us a discussion of how Planck discovered quantum mechanics when trying to figure out how to maximize the energy from a light bulb..."
      IDC White Paper Finds Growing Customer Comfort with Oracle Solaris Operating System
      Integrated, Optimized Solutions for the SPARC and x86 Systems Are Proving Attractive
      With a demonstrated commitment to the Solaris OS on both SPARC and x86 systems, and to Linux on x86, Oracle is clearly gaining the confidence of IT customers that the company is prepared to assist users to more fully implement its deep bench of software products, integrated and optimized with Oracle hardware, to run in enterprise applications, conclude Gary Chen and Al Gillen of IDC in their white paper "Oracle Delivers Unique Value with Oracle Solaris." The authors cite the increased level of consumer comfort vis-a-vis Oracle Solaris and competitive Unix solutions revealed in IDC's 2012 Server Platform Migration Multiclient Study.
      Download Oracle Solaris 11.1
      Links to Resources Also Available

      Oracle Solaris 11.1 is in GA and available for download, Oracle has announced, bring such improvements as the following:

      • 8x faster database startup and shutdown and online resizing of the database SGA with a new optimized shared memory interface between the database and Oracle Solaris 11.1
      • Up to 20% throughput increases for Oracle Real Application Clusters
      • Expanded support for Software Defined Networks (SDN) with Edge Virtual Bridging enhancements
      • 4x faster Solaris Zone updates with parallel operations shorten maintenance windows
      • New built-in memory predictor monitors application memory use and provides optimized memory page sizes and resource location

      Existing customers can quickly and simply update using the network based repository.

      Oracle Releases MySQL for Excel 1.1.0 GA
      Adds New Edit MySQL Data Feature
      MySQL for Excel 1.1.0 GA has been released, Javier Treviño posts, adding that users can download the release."] He notes that a new feature, Edit MySQL Data, is a valuable and attractive addition that enables users to edit the data in a MySQL table using MS Excel in a very friendly and intuitive way. Edit Data supports inserting new rows, deleting existing rows and updating existing data as easy as playing with data in an Excel’s spreadsheet and pushing changes back to the server, he writes. He also enumerates in detail the several bug fixes that are included in the release.
      IT - Cloud
      Don't Just Blame the Cloud for the Amazon Web Services Outage
      InfoWorld October 23, 2012
      "Amazon Web Services has once again found itself in the unenviable position of being the poster-boy-turned-whipping-boy for the cloud computing world due to another high-profile service disruption that severely slowed down or knocked out a handful of heavily trafficked websites and services, including Netflix, Reddit, Airbnb, imgur, Pinterest, Heroku, and Foursquare.

      Like clockwork, the outage has generated a healthy debate around the blogosphere..."

      Amazon Outage Started Small, Snowballed Into 12-Hour Event
      NetworkWorld October 23, 2012
      "Amazon Web Services has almost fully recovered from a more than 12-hour event that appears to have started by only impacting a small number of customers but quickly snowballed into a larger issue that took down major sites including Reddit, Imgur and others yesterday.

      AWS has not yet said what caused the failure, but the company posted frequent updates throughout the day. It noted a number of times that customers who have architected their systems according to AWS's best practices of spreading workloads across multiple availability zones were less likely to have experienced issues..."

      Anatomy of an SLA: Compensation When Things Go Wrong
      TechRepublic October 23, 2012
      "The first element of most SLAs is the definitions of service levels and guarantees, which is what we covered the last time around. To give a quick recap: infrastructure-as-a-service providers usually have SLAs covering networking, hardware and VM uptime, but not the software that runs on top of the VMs; platform-as-a-service providers have SLAs that cover availability of the APIs used to perform actions on the platform; and finally software-as-a-service providers have SLAs that cover application and data availability. But what happens when the promises made aren’t kept?..."
      Customers Wait and See as Cloud Wars Rage
      InfoWorld October 22, 2012
      "We often hear about companies that dove feet first into cloud computing. What we don't hear, though, is that these businesses are typically larger, more aggressive firms that put a value on trying new things to get strategic advantage -- and their example is meant to egg you on to following the same path.

      These companies are distinctly in the minority. Although most enterprises have some storage-as-a-service providers and a SaaS or two, they still haven't created a cloud computing strategy, nor do they have major cloud computing deployments planned..."

      For A Good Cloud Contract, Start with an RFP
      IT World October 23, 2012
      "One way to ensure that your cloud-computing contract covers all the issues that will be important to your company is to begin the process of exploring cloud vendors with a request for proposal (RFP). A solid RFP can be an effective way to compare and identify the best cloud services to meet your needs while also serving as the starting point for your cloud-computing contract..."
        It Came From The Cloud! 3 Terrors Lurking In Wait
        InfoWorld October 23, 2012
        "It's that time of the year again: Ghost shows and monster movies are constantly on TV, there's plenty of candy in the office, and memos are issued on appropriate costumes for the workplace. I love Halloween.

        Not much scares me this time of year -- except in the world of cloud computing. In fact, certain developments in cloud computing strike fear in my heart. Be afraid -- very afraid -- of these three things..."

        Planning for E-Discovery and Security in the Cloud
        Information Management October 22, 2012
        "In challenging economic times, anything that can save companies significant money is a hot topic, like cloud computing, which promises to reduce the costs of storing information and implementing applications. But companies that store information in the cloud without regard for how it will be secured and accessed may be setting themselves up for nightmares down the road. Any company utilizing cloud-based solutions should create granular e-discovery and security requirements before moving any information to the cloud..."
        The Lesson from the Amazon Outage: It's Time to Layer the Cloud
        InfoWorld October 25, 2012
        "The recent Amazon Web Services outage reminded us once again that cloud computing is not yet a perfect science. That said, perhaps it's also time we define formal methods, models, and approaches to make cloud computing easier to understand -- and more reliable.

        Most organizations that implement cloud computing view clouds as a simple collection of services or APIs; they use the cloud functions, such as storage and compute, through these services. When they implement cloud computing services, they see it as just a matter of mixing and matching these services in an application or process to form the solution..."

        IT - CxO
        Business Users Satisfied With IT? Think Again
        InformationWeek October 23, 2012
        "It's been said that IT is the Rodney Dangerfield of the enterprise: IT just gets no respect. To be fair, it's hard to get respect when you're working with a subsistence budget and bound by rules that outside competitors, like SaaS providers, can ignore with impunity. This isn't news. But quantifying how IT thinks it's doing versus how the business really views IT's performance, that's a tougher job, one we tackled with our IT Perception Survey..."
        Eight Ways to Do More With Less
        Baseline October 22, 2012
        "If you've spent any time working in an enterprise, you've likely heard C-suite executives repeat the mantra, 'Do more with less.' (We know: It's easier to say this than it is to make it happen.) But the book The Laws of Subtraction: 6 Simple Rules for Winning in the Age of Excess Everything (McGraw-Hill) lends clarity to professionals who are charged with working faster, better and smarter—with far fewer resources than they had before..."
          How to Use a 'Moneyball' Approach to Building a Better IT Team
          InfoWorld October 24, 2012
          "If you aren't familiar with the term, "Moneyball," it originates with the Oakland A's general manager Billy Beane's (and his mentor Sandy Alderson). The Moneyball method helped Oakland build a playoff baseball team on a smaller budget by relying on statistical analysis to acquire new players. When it came to baseball talent, Oakland knew it could never financially go head to head with the biggest teams in major league baseball, so the team started using an unheard of method in baseball, the Sabermetric principles..."
            IT Has Changed, but IT Budgets Haven't
            InformationWeek October 24, 2012
            "The demands on IT departments keep changing, but their budgeting processes aren't keeping pace. Those that succeed have this in common: a relentless drive to increase business productivity and cut costs, but also the creativity and agility to drive new business opportunities and revenue. The expectation for IT to drive revenue is new at many companies..."
              Targeting Key Competencies Every CIO Must Have
              Accelerating IT Success October 25, 2012
              "Business leaders today rely on information technology more than ever before and, as a result, the role of the CIO has never been more important. The implications for the CIO are dramatic. As a CIO you need to be more strategic in the way you work, think, behave, and interact with your co-workers. This poses three essential questions:.

              1. Why are CIO’s more involved in the development of business strategy today than ever before?

              2. What does strategy really mean?

              3. And what are the key competencies a CIO should Leverage in developing a strategic capability?"

              The Evolving Role of the CDO
              Wall Street & Technology October 25, 2012
              "During the height of the financial crisis, John Bottega was right where he needed to be: at the Federal Reserve Bank of New York. As the New York Fed’s chief data officer, a role he assumed in February 2009, Bottega was at the epicenter of financial data collection, analysis and dissemination while the bank worked with many of the world’s largest financial institutions, the U.S. Treasury and the newly created Office of Financial Research..."
                Ten Leadership Traits Learned from Jazz
                CIO Insight October 17, 2012
                "It involves intense collaboration with other highly qualified professionals in pursuit of creation, and keen instincts for adaptability when the tempo changes. And the whole becomes something greater than a collection of parts. We're talking about the classic jazz and clever improvisation that defined masters such as John Coltrane and Miles Davis. CIOs could take a cue from these maestros in cultivating their own leadership skills..."
                  Why CIOs Struggle As Board Members
                  TechRepublic October 22, 2012
                  "It’s commonplace for company C-level executives to assume positions as board members for other companies, especially if these organizations are largely-owned subsidiaries of the parent companies they are officers in. The reason behind this is simple. You get board members who see both the parent company and the subsidiary sides of the business. They can bring deep knowledge of both sides into the equation-and this often creates such synergy that some of the parent company know-how transfers to the smaller company and provides advantage.

                  But there are also incumbent struggles that many board members face-and for CIOs, these challenges can be doubly difficult..."

                    Renegotiating Outsourcing Contracts to Fit New Reality
                    ComputerWeekly October 22, 2012
                    "Organisations in many sectors seek to renew the terms in their contractual agreements as they adjust to the economic climate. IT outsourcing is going through a period of major change as the result of an economic downturn of extreme proportions alongside major advances in technology.

                    Tight budgets amid recession and increased service options as a result of new technologies, such as the cloud, mean many IT outsourcing contracts are no longer fit for purpose or the best option available..."

                    Opportunities and Challenges Fuel Job Satisfaction
                    Baseline October 12, 2012
                    "The majority of professionals are happy at work, according to this year's annual “2012 Job Satisfaction and Engagement Research Report” from the Society for Human Resource Management (SHRM). And this state of contentment is about more than just job security and money. The findings show that employees are highly engaged because of the abundance of fulfilling challenges they're tackling at work..."
                    ARTstor Selects OracleÂs Sun ZFS Storage 7420 Appliances
                    Meets the Needs of a 1TB/Month Digital Image Library Growth Rate
                    Oracle’s Sun ZFS Storage 7420 Appliances have enabled ARTstor, a non-profit that makes available a digital image library for teaching, research and study, to manage and share images as well as a software platform and tools that deliver support for a library of more than 1.5 million images used by over 1,450 organizations in 42 countries worldwide. As ARTstor’s library continues to grow at a rate of nearly one Terabyte (TB) per month, ARTStor estimates that the Sun ZFS Storage Appliances will enable the company to accommodate 10x more images over the next three years than their previous storage solution. .
                    IT - DR
                    Contacts Are Key in Emergency Management
                    Emergency Management October 12, 2012
                    "I don’t think there’s anyone I know who will not say that individual relationships are key to a successful emergency management program. People talk and write about it and espouse it in any number of venues and publications. But what are we really after? ..."
                    3 MORE Tabletop Exercises for Business Continuity
                    IT Solution Journal October 22, 2012
                    "This set of 3 tabletop exercises has proven popular over the intervening years, so here's another troika for testing your processes for resilience or recovery.

                    You know the drill: Appoint a moderator, gather a team representing multiple departments within the organization (and ideally some outside business partners as well) and work through a scenario, one stage at a time. Allow interaction and discussion after each segment's information is released.

                    Does each department have the necessary processes in place to handle the given sequence of events? How will the necessary communication take place? What unforeseen employee needs might arise? Are business partners adequately prepared?"

                      Do Alert Notifications Fail to Live up to Expectations?
                      Emergency Management October 3, 2012
                      "Wildfires that threatened lives and property of Colorado residents in El Paso and Teller counties this year were the most destructive wildfires in state history — 29 square miles around Colorado Springs burned, destroying more than 340 homes, and causing two deaths and personal property damage exceeding $352 million.

                      To facilitate evacuations, authorities used a jointly operated telephone alerting system and made fire-related calls to the public in the Waldo Canyon area on 48 different occasions..."

                        IT - PM
                        Delivering Large-Scale IT Projects On Time, On Budget, and On Value
                        Information Management October 24, 2012
                        "As IT systems become an important competitive element in many industries, technology projects are getting larger, touching more parts of the organization, and posing a risk to the company if something goes wrong. Unfortunately, things often do go wrong. Our research, conducted in collaboration with the University of Oxford, suggests that half of all large IT projects—defined as those with initial price tags exceeding $15 million—massively blow their budgets. On average, large IT projects run 45 percent over budget and 7 percent over time, while delivering 56 percent less value than predicted. Software projects run the highest risk of cost and schedule overruns..."
                          IT Project Management: Think Small
                          Enterprise Efficiency October 11, 2012
                          "Some international corporations say they can't have data stored in the US or by any US cloud provider, under any circumstances, because of the USA Patriot Act. The fact that the law gives some agencies, such as the FBI (through National Security Letters) the authority to compel companies to hand over data without judicial control is unacceptable for companies handling regulated data or with concerns about intellectual property or industrial secrets..."
                          What do Abbott and Costello Have to do with Good Project Management?
                          Project Management Hut April 9, 2012
                          "When you were a teenager were you afraid to ask someone to dance? I was. Self-confidence was a scarce commodity back then and it can still creep up on me even these days but back then, woah! Look out, man. It had a hold on me. I was rich with don’t know how to act without tripping over my own tongue, totally awkward, gangly, bumbling-ness. You could set your clock to it and you could take that to the bank!"
                            SPARC 25th Anniversary at Computer History Museum in San Francisco on November 1, 2012
                            Video of the Festivities Is Promised
                            "SPARC at 25: Past, Present and Future" is the program scheduled for November 1, 2012, at the Computer History Museum in San Francisco. According to Larry Wake, various luminaries connected with SPARC will be on hand to share their recollections. These individuals include Sun Microsystems founders Bill Joy and Andy Bechtolsheim, SPARC luminaries such as Anant Agrawal and David Patterson, former Sun VP Bernard Lacroute, plus Oracle executives Mark Hurd, John Fowler and Rick Hetherington. Wake adds that, for those not in the Bay Area that day, plans are to make a video of the event available. Registration is required.
                            IT - Networks
                            Can A New TCP Scheme Give Wireless A 16-Fold Boost?
                            The Register October 25, 2012
                            "A group of MIT researchers is touting a change to TCP – the transmission control protocol – that it says can yield sixteenfold and better improvements in performance in lossy networks.

                            The claim, made by Muriel Médard’s Network Coding and Reliable Communications group at MIT, has been published in Technology Review. In this article, startling performance improvements are claimed: on a network with 2 percent packet loss, user throughput is described as lifting from 1 Mbps to 16 Mbps; on a network with 5 percent packet loss, “the method boosted bandwidth from 0.5 megabits per second to 13.5 megabits per second”, the article states..."

                            How to Address WAN Jitter Issues for Real-Time Applications
                            NetworkWorld October 23, 2012
                            "Last time we covered those techniques that address the variable queuing congestion-based component of WAN latency, also known as jitter, as it affects TCP-based interactive applications or other data transfer applications. Today, we address the smaller number of techniques for dealing with jitter for real-time applications like VoIP or videoconferencing.

                            With TCP applications, high amounts of jitter cause applications to perform poorly, but at least they still perform at the end of the day, however frustrating the slow performance may become. High jitter for a real-time application can make them unusable, as meaningful two-way communication becomes impossible..."

                            MIT's Wireless Research Projects That Can 'Change Our Lives'
                            NetworkWorld October 18, 2012
                            "MIT recently opened its new Center for Wireless Networks and Mobile Computing, nicknamed Wireless@MIT, where university researchers will collaborate with partners from Microsoft, Cisco, and Intel, among others. Here are some of the most innovative projects, some of which MIT say have the potential to “change our lives,” that are already underway..."
                            Security at Today's Network Speeds
                            NetworkComputing October 16, 2012
                            "Switch vendors make it sound so appealing and easy: Slap the latest 10 or 40 Gbps Ethernet switch into your rack, add some inexpensive PCIe adapters to your servers and magically boost application performance by double-digit percentages.

                            It’s a great story, if the only things on your network are servers and switches..."

                            Top Five Tips for Network Protection
                            HelpNet Security October 23, 2012
                            "This year has seen a continued rise in targeted attacks and insider threats designed to steal confidential data. Nowadays, any organization that houses valuable intellectual property can find itself in the crosshairs of a sophisticated attack.

                            "With the rising prevalence of APT and insider attacks, organizations must move beyond locking down the perimeter and arm their security professionals with the tools they need to hunt for attackers lurking inside the network," said Tom Cross, director of security research at Lancope. "Government and enterprise IT organizations can no longer just sit back and hope that their security tools will block attacks while they sleep."

                            What Penetration Testers Find Inside Your Network
                            Dark Reading October 19, 2012
                            "In our previous Tech Insight, we focused on some of the top vulnerabilities that professional penetration testers discover when performing an external penetration test. This time, we are turning inward and looking at the prominent vulnerabilities found in an internal penetration test. So what's the difference? With an external assessment, the penetration testers should be simulating the attacks that an attacker outside of your organization would be performing. They will be looking at perimeter defenses, exposed services, and anything that will gain them a foothold into the network from the outside. Often, an external test is validating that the security controls put in place at the perimeter are actually effective..."
                            IT - Operations
                            Better Airflow Management
                            Processor October 19, 2012
                            "Of all problems data managers face, airflow management often represents the greatest opportunity for improvement, says Lars Strong, senior engineer at Upsite Technologies ... 'Knowledge of this is what is driving the attention on containment strategies and the myriad of other ‘solutions’ showing up in the industry today,' he says... 60% of conditioned air leaving a raised loor came out of unmanaged openings..."
                            Intuit Forces IT, Engineers into Room Until They Get It Right
                            ComputerWorld October 19, 2012
                            "Prior to instituting a change management program, the IT group at financial and tax preparation software company Intuit took eight weeks to complete a business developer's service ticket.

                            As in many businesses, at Intuit IT and business rarely if ever mixed. IT did what it thought it needed to in order to fulfill requests and advance technology, and business users did what they could to avoid IT.

                            But, after a radical change management program was instituted by Intuit's new CIO, the eight-week project fulfillments dropped to one day..."

                            IT - Security
                            Firewalls Don't Cut It Anymore As the First Line Of Defense
                            NetworkWorld October 19, 2012
                            "We are learning more about the distributed denial-of-service (DDoS) attacks that hit eight U.S. banks in September and October. Security experts now believe that multiple well-organized attackers rather than a single attacker are behind the events that caused daylong slowdowns and, at times, complete outages at Bank of America, JPMorgan Chase, Wells Fargo, US Bank, PNC Bank, Capital One, SunTrust Bank and Regions Financial Corp..."
                            Five Habits of Companies That Catch Insiders
                            Dark Reading October 22, 2012
                            "Technology is only part of any long-term solution to minimize the potential damage that could be caused by insiders, according to a survey of 40 businesses that have successfully dealt with insider threats.

                            The survey, conducted by security firm Imperva, shows that businesses that build close relationships with employees and had regular habits regarding intellectual property tend to have greater success at protecting their business' valuable data. The most effective companies identified their important data, established strong ties with employees, spearheaded cross-disciplinary security efforts, and enforced policy with technology, states the report, released today..."

                            Learn To Use Strong Passwords
                            IT World October 22, 2012
                            "Passwords protect every part of your online life. If you don't treat them properly, you're exposing yourself to a whole mess of trouble.

                            I'm not answering a reader's question today. Instead, I'm offering some advice that everyone on the Internet needs. Imagine that you had one key that unlocked your house, your garage, your office, and your car. Then, to make sure you always had the key handy, you made about 80 copies. And engraved your address on every one before leaving them in convenient locations.

                            That's about the level of security you have if you use the same easy-to-guess password for multiple purposes. Far too many people do just that..."

                            Most Effective Ways to Stop Insider Threat
                            HelpNet Security October 25, 2012
                            "Imperva examined the psychological, legal and technological tactics employed by leading organizations to mitigate insider threats, a class of enterprise risk perpetuated by a trusted person who has access to intellectual property or data, but uses that information outside of acceptable business requirements..."
                              Next-Generation Firewalls: Security without Compromising Performance
                              TechRepublic October 18, 2012
                              "IT managers in corporate and mid-size businesses have to balance both network performance and network security concerns. While security requirements are critical to the enterprise, organizations should not have to sacrifice throughput and productivity for security. Next-generation firewalls (NGFWs) have emerged as the solution to this thorny problem.

                              Earlier-generation firewalls pose a serious security risk to organizations today. Their technology has effectively become obsolete as they fail to inspect the data payload of network packets circulated by today’s Internet criminals...."

                              Shore Up Security
                              Processor October 19, 2012
                              "Among all the duties the IT department is responsible for, security is arguably the most important. Security is also arguably IT’s most dificult task, as threats consistently come from all corners, including the enterprise’s own employees. Here are some tips for helping to identify and solve common security weaknesses..."
                              The Elephant In The Security Monitoring Room
                              Dark Reading October 21, 2012
                              "If you think about it, a firewall is an exception: Just connecting to the Internet is a risk, and a firewall is there to allow in (or out) the things you need despite that risk. Even when you have a full set of policies in place that govern how your infrastructure is configured, not everything will follow the rules. For every setting, there is an equal and opposite exception. CISOs spend a lot of time granting and tracking these exceptions -- and then explaining them to an auditor..."
                              Tips for protecting your privacy
                              HelpNet Security October 19, 2012
                              "Every month more than 5,000 people take to Twitter to complain about how their mobile device has been snooped on or their visual privacy invaded. Who can’t resist eavesdropping on a conversation or glancing over at what someone is reading or working on?

                              According to a recent survey, 43 percent of respondents admit to glancing at a stranger’s mobile device, and younger people (ages 18-24) are even more curious with 66 percent admitting to snooping on a stranger’s device.

                              Pablos Holman and 3M offer the following advice to protect personal information:..."

                                Using Security Metrics to Measure Human Awareness
                                CSO Online October 16, 2012
                                "It's been said that security is hard to measure. Producing measurable results around a lack of problems or incidents is challenging. But the field of security metrics has evolved considerably in recent years, giving security managers more resources to make the case for investing in security programs and technologies.

                                Now the SANS Institute, through their Securing the Human Program, is offering a set of free metric tools designed to give security leaders the ability to track and measure the impact of their own security awareness programs..."

                                Why the Government's Cybersecurity Plan Will End in Catastrophe
                                ComputerWorld October 19, 2012
                                "Last week Defense Secretary Leon E. Panetta presented his case for an invasive system to monitor the nation's private systems in order to better identify and respond to cyber threats.

                                Panetta correctly points out that the likelihood of a 9/11 scale cyber attack is real-and if something isn't done, large sections of the U.S. infrastructure could fail. He uses as an example the successful attack on ARAMCO, a Saudi Arabian state owned oil company, which wiped 30,000 computers, causing massive data loss and rendering them temporarily useless..."

                                IT - Careers
                                Do You Just Hate Everything?
                                TechRepublic October 22, 2012
                                "Years ago, there was a commercial for Life cereal in which two little boys push a bowl of cereal over to their little brother to see if it tastes good. “Let’s get Mikey. He hates everything,” they say. The little brother is adorable and it’s a cute little ad spot.

                                But when an adult is known for “hating everything,” it’s not so cute, especially in the workplace. Some people confuse negativity with superior intelligence, as in “I am cognitively able to find the hole in every plan.”..."

                                  Dutch Government Seeks to Let Law Enforcement Hack Foreign Computers
                                  IT World October 19, 2012
                                  "The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations.

                                  In a letter that was sent to the lower house of the Dutch parliament on Monday, the Dutch Minister of Security and Justice Ivo Opstelten outlined the government's plan to draft a bill in upcoming months that would provide law enforcement authorities with new investigative powers on the Internet..."

                                  IT - Social Media
                                  Big Data and Social Media: A Match Made in Heaven?
                                  TechRepublic October 23, 2012
                                  "With the increased interest in Big Data and the capabilities it provides, suddenly everyone is looking for questions that Big Data can answer. Many of these questions involve another relatively new technology: social media. In the public space, the marriage of these two has been prominently featured during the most recent Olympics and the U.S. Presidential debates. Twitter and Facebook are the two “usual suspects” on the social media front, and news organizations have been attempting to glean some sort of signal from the social media noise, offering analysis based on everything from keyword searches of Facebook posts to “tweets per second” during the debates as a measure of key topics mentioned in the debates..."
                                  Five Rules on How Not to Use Social Media
                                  MarketingProfs October 22, 2012
                                  "Social media is a very powerful thing, but like any powerful thing it can wreak havoc if misused or misdirected. First of all, always remember that social media is built around being social. Being personable, honest, and entertaining is the best way to get users to interact with and about a business. You want users to trust and be entertained by your company, product, slogan, or marketing campaign, so then they turn around and do the rest of the buzz work for you..."
                                    IT - Virtualization
                                    SDN and Virtual Networking Seen As a Key To Growing Hybrid Clouds
                                    NetworkWorld October 18, 2012
                                    "If the OpenStack Summit held this week is any indication, virtual networking is a hot IT topic.

                                    A panel discussion about virtual networking in the cloud featuring representatives from HP, Big Switch and Midokura was packed to the brim. Talks by engineers from eBay and Nicira about their software-defined networking implementations in an even larger conference room were standing room only..."

                                    Virtual Desktops: User Tips from the Trenches
                                    NetworkWorld October 18, 2012
                                    "The lure of virtual desktop infrastructure - less costs for endpoints, reduced power requirements, lower management costs, better security - is compelling but mastering the environment is tricky, say users that have embraced the technology.

                                    VDI is not for everybody, customers agree, but despite its pricey initial costs and the need to tweak in order to keep performance high, interest in the technology is growing, says IDC, with sales of virtual client computing to grow from an actual $2.3 billion in 2011 to a projected $3 billion-plus by 2015, a third of that specifically VDI..."

                                    IT - Database
                                    Nightmare on Database Street: 5 Database Security Horror Stories
                                    Dark Reading October 25, 2012
                                    "Database security may not be quite as sexy as a teenage party in a classic horror film. But when it's done wrong, technology executives, CEOs, and customers alike would shiver at the consequences. Don't think so? Then read just a few of the horror stories laid out by some of the grizzled penetration tester vets we quizzed here. Their exploits show how scary bad database security can really be..."
                                    Using DTrace to Understand What's Happening to VMWare's VM I/O in Real-time
                                    The Key to Good Performance: Large Caches, Large Pipes (Read Infiniband)
                                    A 10+-minute video featuring Art Licht, Director, Oracle Enterprise Solutions Group, presents a demonstration of the analytics feature of Oracle's Sun ZFS Storage Appliance with large caches and large (Infiniband) pipes with VMware. The NFS shares are presented to an ESX server with multiple Windows environments running in VMs, each of which is doing a different workload and each having its own E:-drive raw disks. DTrace shows good performance for a random workload, he asserts, because the fine grain observations delivered by DTrace enable users to employ more VMs in a single storage system with a good understanding of the operations within each one.
                                    IT - Mobile
                                    BYON: New Acronym, Same Problem
                                    NetworkComputing October 22, 2012
                                    "First came BYOD. Now there's talk of BYON, or Bring Your Own Network, a new twist on mobile threats. BYON broadly describes an increasing number of devices – be they laptops, tablets, or smartphones – that link to corporate content via external networks, ranging from free access points at airports and cafés to the hot spots users can create ad hoc by tethering a mobile phone's cellular connection to some other device..."
                                    Fast 11ac Adoption Seen for Smartphones
                                    NetworkWorld October 18, 2012
                                    "'Super' Wi-Fi will be available on seven of 10 smartphones in 2015, according to a market analysis by ABI Research. And they'll have more advanced Bluetooth radios and near-field communications (NFC) as well.

                                    Because of the benefits of the emerging 802.11ac standard for Wi-Fi, ABI Senior Analyst Josh Flood forecasts very rapid adoption in smartphones and other mobile devices, though backward compatibility with 802.11n will let them link with existing access points and hot spots for a long time to come..."

                                      New Oz Road Rules Forbid Touching Mobes
                                      The Register October 19, 2012
                                      "Motorists in Australia's most populous state, New South Wales, will not be permitted to even touch their mobile phones while their car engine is running, under new laws to take effect on November 1st.

                                      Outlined in this document (PDF), the new road rules state that “While a vehicle is moving or stationary (but not parked), a driver may only use a mobile phone to make or receive a call or use the audio playing function … if the mobile phone is secured in a fixed mounting..."

                                        IT - Big Data
                                        Big Data: Technical or Organizational Problem?
                                        Insurance Technology October 22, 2012
                                        "You see the term “big data” everywhere. What exactly does it mean? The trouble is that there are many definitions. For clarity’s sake, I’ll pick one from Gartner Research: “Big data is the term adopted by the market to describe extreme information management and processing issues which exceed the capability of traditional information technology along one or multiple dimensions to support the use of the information assets.” Gartner's definition points out that there is an array of software and hardware solutions available to solve these big data problems..."
                                        Machine-To-Machine (M2M)Communications Will Generate Really Big Data
                                        IT World October 18, 2012
                                        "Wireless communications carriers may soon be faced with an unprecedented dilemma: Will they give preference on their networks to people chatting and texting on their mobile devices or to things jabbering with each other?

                                        Few of us doubt the rise of machine-to-machine (M2M) communications. We see it happening around us every day. According to Pike Research, in 2008 a mere 4% of the planet’s 1.5 billion electric utility meters were smart meters; today that has jumped to 18% of electric meters installed. European utilities, which are depending on the technology to help the European Union reach its greenhouse gas emission goals by 2020, expects to have deployed 237 million intelligent meters by that year..."

                                          Unlocking the Value of Big Data
                                          InfoWorld October 22, 2012
                                          "My favorite buzz phrase associated with the big data trend is: "Data is the new oil." It implies that, at last, we can think of data almost as a natural resource, rather than simply a burden on data center infrastructure.

                                          That exciting sense of potential is the reason we just launched InfoWorld's big data channel, which features a new blog, Think Big Data, by contributor Andrew Lampitt, who has been involved in a number of big data startups and has a clear sense of how the trend is taking shape. Andrew will focus on case studies that highlight the practical value of new technologies to explore and analyze vast quantities of data..."

                                          When Data Errors Don't Matter
                                          Dark Reading October 24, 2012
                                          "I ran across this short video comparing MySQL to MongoDB, and it really made me laugh. A tormented MySQL engineer is arguing platform choices with a Web programming newbie who only understands big data at a buzzword level. Do be careful if you watch the video with the sound on because the latter portion is not child-friendly, but this comical post captures the essence of the argument relational DB architects have against NoSQL: Big data systems fail system architects' criteria for data accuracy and consistency. Their reasoning is if the data's not accurate, who care's whether it's "Web scale?" It's garbage in, garbage out, so why bother?.."
                                          IT - BYOD
                                          Employees Can't Do Their Jobs Effectively Without Their Mobile Devices
                                          GCN October 22, 2012
                                          "As more and more government departments allow or even encourage employees to use smart phones, tablets and other mobile devices to perform their jobs in or out of the office, everyone involved is beginning to see just how beneficial they are. Not only do mobile devices increase employees’ productivity and effectiveness, but they further enable telework and otherwise increase employee satisfaction..."
                                            The BYOD Culture Inspires Innovation
                                            CIO Insight October 18, 2012
                                            "One-fourth of all global information workers have empowered themselves to use multiple personally-owned devices and applications to get work done, according to a recent survey report commissioned by Unisys and conducted by Forrester Consulting. Welcome to the world of the "mobile elite", a class of professionals who overwhelmingly opt to use their own tools because they claim these devices and applications make them far more productive than products supported and distributed by IT..."
                                              Top Ten Articles for last few Issues
                                              Vol 176 Issues 1, 2 and 3; Vol 175 Issues 1, 2, 3 and 4; Vol 174 Issue 5
                                              We track how frequently each article is viewed on the web site to determine which the readers consider the most important. For last week, the top 10 articles were:

                                              • Oracle Solaris Videos on YouTube
                                              • Watch the Google Datacenter Street View Tour
                                              • Survey Finds Early Adopters of Oracle Enterprise Manager 12c Report Agility and Productivity Benefits
                                              • Cloud Architecture Patterns: New Title from O'Reilly
                                              • Provisioning Capabilities of Oracle Enterprise Ops Center Manager 12c
                                              • Disks from the Perspective of a File System
                                              • SPARC T4 Servers Set World Record Mark for Siebel PSPP Benchmark
                                              • Maximizing Your SPARC T4 Oracle Solaris Application Performance'
                                              • World Record Oracle E-Business Consolidated Workload on SPARC T4-2, T4-4
                                              • Consolidating Oracle E-Business Suite R12 on Oracle's SPARC SuperCluster

                                              The longer version of this article has list of top ten articles for the last 8 weeks.

                                                IT - Encryption
                                                Weak Crypto Allowed Spoofing Emails from Google, PayPal Domains
                                                HelpNet Security October 24, 2012
                                                "Zach Harris, a Florida-based mathematician, discovered that Google and many other big Internet companies use weak cryptographic keys for certifying the emails sent from their corporate domains - a weakness that can easily be exploited by spammers and phishers to deliver emails that, for all intents and purposes, look like they were sent by the companies in question.

                                                According to Wired, he discovered that almost by chance after receiving an email from a Google job recruiter. Doubting its authenticity, he checked the e-mail’s header information, and it seemed legitimate..."

                                                IT - Server
                                                Why Admins Should Know How To Code
                                                InfoWorld October 22, 2012
                                                "... Bottom line: Admins need to be at least passable with some sort of scripting language for their chosen platform; ideally, they should be familiar with several. They may be VB and PowerShell on Windows or Bash and Perl on *nix. These are the pathways that open up all kinds of possibilities for problem resolution and the aforementioned elegant solutions..."
                                                IT - Tape
                                                IBM Prepares to Demo 125TB MONSTER Tape
                                                The Register October 19, 2012
                                                "IBM has revealed it is preparing a technology demonstration of a 125TB tape, and has revealed that LTO-6 tapes use shingling, with overlapped data tracks.

                                                In January 2010, IBM demonstrated a tape with 35TB of raw capacity. Apply LTO-6's 2.5:1 compression ratio to that and you get 87.5TB. This contrasted with the then-current LTO-5 tape's raw capacity of 1.5TB.

                                                The LTO consortium has a roadmap of two more formats: LTO-7 with 6.48TB raw capacity, and LTO-8 with 12.8TB. Assuming that the upcoming LTO format capacity doubling, IBM's 35TB tape, created with the help of Fujifilm, would fit between a conceivable LTO-9 with around $25TB and an LTO-10 with 50TB..."

                                                The Document Foundation Announces LibreOffice 3.5.7
                                                Probable Final Update for LibreOffice 3.5 Family
                                                The Document Foundation, which released LibreOffice 3.6.2 in early October 2012, also released LibreOffice 3.5.7, likely the final version in the organization's 3.5 family, at its LiboCon gathering in Berlin. The Document Foundation says that 3.5.7 solves additional bugs and regressions, and offers stability improvements over LibreOffice 3.5.6. Users are urged to download the version and its extensions and to view the change logs, all of which are available online.
                                                Oracle Announces GA for Oracle Application Development Framework Mobile
                                                Cross-platform Capability Boosts Productivity, Protects Investment
                                                Oracle has announced GA of its new HTML5 and Java-based Oracle Application Development Framework Mobile that enables developers to build hybrid mobile applications for multiple platforms, including iOS and Android. Oracle ADF Mobile, which is based on a next-generation hybrid mobile development architecture, allows developers to increase productivity while protecting investments by enabling code reuse through a flexible, open standards-based architecture. With Oracle ADF Mobile, developers using its write once and deploy-to-many capability can extend enterprise applications to mobile devices across platform interfaces even as technology shifts occur.
                                                Trending in
                                                Vol 234, Issue 3
                                                Trending IT Articles