News about Oracle's Solaris and Sun Hardware
System News
Sep 30th, 2013 — Oct 6th, 2013 Generate the Custom HTML Email for this Issue
System News System News for Sun Users
Volume 188, Issue 1 << Previous Issue | Next Issue >>
Sections in this issue:
click to jump to section

Maximizing Application Reliability and Availability with the SPARC M6-32 Server
An Oracle Technical White Paper, September 2013 (42 Pages)
Oracle's SPARC M6-32 server is a high-performance system that has been designed, tested, and integrated to run a wide array of enterprise applications. It is well suited for web, database, and application components. This versatility, along with powerful, bundled virtualization capabilities, makes it an ideal platform on which to consolidate large numbers of applications, databases, and middleware workloads or to deploy complex, multiuser development, test, and deployment environments.

The reliability, availability, and serviceability (RAS) characteristics of the SPARC M6-32 server go well beyond its highly reliable components. Redundant hardware is combined with software RAS capabilities and advanced and integrated management and monitoring. Together, these technologies enable the SPARC M6-32 server to deliver mission-critical uptime and reliability. The SPARC M6-32 server architecture enables a high degree of isolation between concurrently deployed applications, which might have varied security, reliability, and performance requirements.

IT - Storage
Look Who's Coming to Town - OpenStorage Summit at the Santa Clara Convention Center
October 23-24 at the Santa Clara Convention Center
OpenStorage Summit has a strong line-up of presentations for this 2-day event, October 23-24 at the Santa Clara Convention Center. There are keynotes and panels with such companies as SanDisk, Microsoft, Samsung and so many more, covering topics from cloud hosting to enterprise capabilities.

Just to whet your curiosity, below are some of the exciting presentations at the OpenStorage Summit:

  • Industry Analyst, Ben Woo, Managing Director at Neuralytix,Inc. will be presenting on "Object Storage - The Revolution Lives" as well as participating on a panel discussion on "Software Defined Storage - What's behind the name?"

  • Sheng Liang, CTO Cloud Platforms for Citrix will participate on a panel on "Cloud hosting and open storage; A match made in heaven"

  • Nexenta's own Chief Strategy Officer, Evan Powell, will present "Why the Adoption Rate for Open Storage Is Accelerating". He will also moderate on a few panels.

See more of the agenda and register now! Register using priority code Nexenta to receive a $200 full conference pass!

Using All-Flash Arrays To Solve Tier-1 Database Problems
Storage Switzerland, October 2nd, 2013
"To solve tier-1 database performance problems, it is important to understand the nature of tier-1 applications. Standard definitions of tier-1 include: (i) extremely high cost, extremely high performance applications - sometimes referred to as 'tier-0' (e.g., Wall Street trading platforms) and (ii) business critical applications with very high (not extreme) performance requirements, where high availability and manageability are key. Not surprisingly, the majority of tier-1 applications are in the latter category..."
Object Storage Can Reduce Hadoop Storage Costs
Storage Switzerland, October 3rd, 2013
"Hadoop is an open source software framework licensed by the Apache Software Foundation that uses a distributed compute infrastructure to handle large, batch analytics jobs on very large data sets. It does this by breaking these projects down into a number of smaller component jobs, each of which can be processed (simultaneously) by separate compute engines. While Hadoop brings new capabilities to large data analytics, the cost of storage has the potential to overshadow those gains..."
How To Design A Storage Array: NOT LIKE THAT, Buddy
The Register, October 3rd, 2013
"We've had a few announcements from vendors recently and I've seen all manner of storage roadmaps. If I had one comment to make on all of these, it would be to say that if I were to design an array or a storage product, I probably wouldn't start from where most of these guys are starting.

There appears to be a real fixation on the past, with lots of architectures which are simply re-inventing what has gone before. And although I understand why, I don't understand why. Stick with me here..."

    IT - Technology
    3D Printing: If You Can Imagine It, You Can Make It
    eWeek, September 30th, 2013
    "Last week's Inside 3D Printing Conference and Expo in San Jose showcased the impressive advances being made in 3D printing, which is used for everything from constructing buildings to constructing lunch. Here's some of the interesting projects that were on display..."

    • 3D printed guitar
    • 3D printed food
    • 3D printed artery
    • 3D printed ceramic pot
    • 3D printed exoskeleton
    • 3D printed cordless drill
    • 3D printed dental mold
    • 3D printed engine block
    • 3D printed human face mold
    • 3D printed shoe

    Read on for more examples and details.

    18 Supercool Objects Made with 3D Printers
    IT World, September 27th, 2013
    "Last week's Inside 3D Printing Conference and Expo in San Jose showcased the impressive advances being made in 3D printing, which is used for everything from constructing buildings to constructing lunch. Here's some of the interesting projects that were on display..."

    • 3D printed guitar
    • 3D printed food
    • 3D printed artery
    • 3D printed ceramic pot
    • 3D printed exoskeleton
    • 3D printed cordless drill
    • 3D printed dental mold
    • 3D printed engine block
    • 3D printed human face mold
    • 3D printed shoe

    Read on for more examples and details.

    How Japan's Olympics will Revolutionize Tech
    Network World, October 3, 2013
    "Last month's awarding of the 2020 Olympic Games to Tokyo could be great news for technology.

    Pushed by a desire to showcase their expertise to the world, some of the country's biggest companies are now targeting 2020 for the deployment of new technologies that could revolutionize mobile telecommunications, consumer electronics, automobiles and even the way people watch the Olympic Games on television..."

    Replacing Silicon with Nanotubes Could Revolutionize Tech
    ComputerWorld, September 30th, 2013
    "Replacing silicon transistors with carbon nanotubes could make any electronic device -- smartphones, laptops, tablets and supercomputers -- smaller and more powerful.

    "This could be a revolutionary technological leap," said Dan Olds, an analyst at The Gabriel Consulting Group..."

      Robots Taking All Our Jobs? Ridiculous
      InformationWeek, September 26, 2013
      "With unemployment rates so high for so long, one explanation making the rounds is that 'the robots are taking our jobs.' This neo-Luddite, anti-technology narrative argues that high productivity driven by increasingly powerful IT-enabled 'machines' is the main cause of U.S. labor market problems, and accelerating technological change will only make those problems worse.

      If technology enables the same amount of work to be done with fewer people, the argument goes, then it must be bad for employment..."

        Will Technology Put You Out of an IT Job?
        Internet Evolution, September 24, 2013
        "One day, nearly half the jobs in the United States could be automated -- and that means big changes for enterprises and IT departments.

        Machine learning, mobile robotics, big-data, and solutions like IBM Watson already are transforming a huge cross section of industries, according to the Oxford Martin Programme on the Impacts of Future Technology study, 'The Future of Employment: How Susceptible Are Jobs to Computerisation?.' Researchers looked at 700 jobs, ranking them based on how likely they are to become computerized in the next 10 to 20 years.."

        Free and Open Source S/W
        GNU system, free software celebrate 30 years
        Free Software Foundation (FSF) and Richard Stallman
        The Free Software Foundation (FSF) announced plans to celebrate the 30th anniversary of the GNU operating system. The celebratory activities will include a 30th anniversary hackathon at MIT in Cambridge, MA, satellite events around the world, and ways for people to celebrate online.

        A Web site has been launched to coordinate the festivities:

        Thirty years ago this month, the founding of the GNU system sparked a conversation that has grown into the global free software movement. On September 27, 1983, a computer scientist named Richard Stallman announced the plan to develop a free software Unix-like operating system called GNU, for "GNU is not Unix." GNU is the only operating system developed specifically for the sake of users' freedom. Today, the GNU system includes not only a fully free operating system, but a universe of software that serves a vast array of functions, from word processing to advanced scientific data manipulation, and everything in between.

        Impressions from Oracle Open World 2013
        By Markus Flierl
        "4 days of Oracle Open World are over now..., I've had a super-busy week with over 2 dozen customer meetings and 1/2 dozen analyst meetings, not to mention partners and internal colleagues. Oracle Open World is by far my most productive week of the year and I thrive on that! The best summary of the last week is what I heard from one of the analysts from a major analyst firm: 'We are seeing the Renaissance of SPARC and Solaris'.

        It all started on Sunday with a customer advisory board in the San Francisco office. Some of my technical leads and I spent 1/2 day with key customers reviewing our key investments and getting their feedback on those. One of the customers gave a talk on their self-provisioning IaaS and PaaS cloud taking advantage of the latest S11 features. They are using a combination of Solaris zones as well as OVM SPARC in order to achieve super-high compression rates and drive the cost/VM well below what they can get with RHEL and VMWare on x86 hardware. Not to mention all of the other benefits of Solaris like higher up-time, security, super-efficient patching etc..."

        The Best x86 Platforms for Oracle Solaris
        Oracle x86 Systems
        With adoption in over 50,000 businesses and institutions, Oracle Solaris has clearly established itself as the world leader in UNIX-based operating systems. Oracle Solaris includes many unique and innovative technologies that are not commonly available in other operating systems, such as Oracle Solaris ZFS, Dynamic Tracing (DTrace), predictive fault detection, built-in virtualization, and advanced security.

        As a result of a broad strategic alliance between Oracle and Intel, Oracle Solaris has become widely deployed on Intel-based x86 systems from a variety of different hardware vendors. Intel has embraced Oracle Solaris as a mainstream UNIX operating system for enterprise-class, mission-critical systems based on Intel Xeon processors.

        MySQL Enterprise Monitor 3.0.2
        Now Available
        MySQL Enterprise Monitor 3.0.2 is now available for download on the My Oracle Support (MOS) web site. It will also be available via the Oracle Software Delivery Cloud with the October update in about 1 week.

        Based on feedback from customers, MySQL Enterprise Monitor (MEM) 3.0 offers many significant improvements over previous releases. Highlights include:

        Policy-based automatic scheduling of rules and event handling (including email notifications) make administration of scale-out easier and automatic

        Enhancements such as automatic discovery of MySQL instances, centralized agent configuration and multi-instance monitoring further improve ease of configuration and management

        The new cloud and virtualization-friendly, "agent-less" design allows remote monitoring of MySQL databases without the need for any remote agents

        Trends, projections and forecasting - Graphs and Event handlers inform you in advance of impending file system capacity problems

        Zero Configuration Query Analyzer - Works "out of the box" with MySQL 5.6 Performance_Schema (supported by 5.6.14 or later)

        False positives from flapping or spikes are avoided using exponential moving averages and other statistical techniques

        Advisors can analyze data across an entire group; for example, the Replication Configuration Advisor can scan an entire topology to find common configuration errors like duplicate server UUIDs or a slave whose version is less than its master's

        Cloud Computing
        Database as a Service, Java as a Service and Infrastructure as a Service
        Oracle Expands Oracle Cloud
        New Services Support Wider Variety of Workloads with Managed Service Options and Full Administrative Control

        Oracle powers the top 10 SaaS providers, thousands of SaaS applications, and many of the world's private clouds. All of these rely on a robust cloud platform that provides applications with rich functionality with high performance, elasticity, availability and security. To support a wider variety of workloads, Oracle today introduced new Oracle Cloud services: Oracle Database as a Service, Oracle Java as a Service, and Oracle Infrastructure as a Service.

        Further delivering on the industry's broadest and most advanced Cloud portfolio, Oracle today announced that it is expanding the Oracle Cloud with new services that give customers access to the world's leading database and Java application server in the cloud, with managed service options and full administrative control.

        The new Oracle Cloud services include Oracle Database as a Service, Oracle Java as a Service, and Oracle Infrastructure as a Service, and augment Oracle's comprehensive portfolio of Application, Social, Platform, and Infrastructure Services, all available on a subscription basis.

        Complementing the existing Oracle Cloud Platform Services, the new Oracle Database as a Service provides full control of a dedicated database instance, supports any Oracle Database application, and gives users greater flexibility and choice over their services.

        Complementing the existing Oracle Cloud Platform Services, the new Oracle Java as a Service provides full control of dedicated Oracle WebLogic Server clusters, supports any Java application, and gives users greater flexibility and choice over their services.

        Oracle Cloud Infrastructure as a Service provides general purpose compute and storage services to support any application and gives users greater flexibility and administrative control.

        New Oracle Cloud Services
        Thomas Kurian Keynote
        Thomas Kurian, Oracle executive vice president of Product Development, stepped up to the podium in Moscone Center's main hall and delivered Tuesday's final keynote. He made three major announcements about the Oracle Cloud:

        • Oracle Database as a Service
        • Java as a Service
        • Infrastructure as a Service

        Oracle Database as a Service, said Kurian, puts the world's best database in the cloud, allowing you to support any database workload with a choice of managed services. That includes a single node, the database with Oracle Active Data Guard, or with highly available Oracle Real Application Clusters.

        Java as a Service gives users an environment that's fully customizable for any Java applications. Tenants can choose from several levels of options and services.

        "The point," Kurian said, "is to make your IT department into heroes."

        Release Candidate for Unbreakable Enterprise Kernel Release 3
        now available
        Oracle announced the availability of the release candidate for the Unbreakable Enterprise Kernel Release 3 for Oracle Linux 6. The Unbreakable Enterprise Kernel Release 3 (UEK R3) is Oracle's third major release of its heavily tested and optimized operating system kernel for Oracle Linux 6 on the x86_64 architecture. It is based on the mainline Linux version 3.8.13.

        The release candidate version is 3.8.13-16 and includes additional improvements and bug fixes in preparation for our final release. As a recap, the features users can expect in this release include:

        • Inclusion of DTrace for Linux into the kernel (no longer a separate kernel image). DTrace for Linux now now supports probes for user-space statically defined tracing (USDT) in programs that have been modified to include embedded static probe points.

        • Btrfs file system improvements (subvolume-aware quota groups, cross-subvolume reflinks, btrfs send/receive to transfer file system snapshots or incremental differences, file hole punching, hot-replacing of failed disk devices)

        • Improved support for Control Groups (cgroups) and Linux containers (LXC).

        • The ext4 file system can now store the content of a small file inside the inode (inline_data).

        • TCP fast open (TFO) can speed up the opening of successive TCP connections between two endpoints.

        The Unbreakable Enterprise Kernel Release 3 can be installed on Oracle Linux 6 Update 4 or newer, running either the Red Hat compatible kernel or a previous version of the Unbreakable Enterprise Kernel. The UEKR3 beta kernel packages and supporting userland utilities can be installed using the yum package management tool from the public-yum server.

        IT - Cloud
        Nirvanix Closure a Wake-Up Call for Cloud Users
        IT World Canada, September 27th, 2013
        "The impending shut down next week of cloud storage provider Nirvanix should serve as a wake-up call for organizations that are subscribing to cloud services, according to analysts and cloud service experts.

        The San Diego, Calif.-based company which last year entered into a deal allowing Dell Inc. to resell its cloud storage services, quietly advised its customers this week to stop uploading their data to its servers and instead start moving data off its servers before September 30, when the company is scheduled to shut down..."

        A Trustworthy Cloud Guarantees Data Privacy and Chain of Custody
        Network World, September 26th, 2013
        "Employees are increasingly turning to consumer grade file sharing services such as Dropbox for business activities, and even if that use is sanctioned by IT, custody remains a challenge because, although the enterprise still owns the data, custody moves to the cloud provider. It is difficult, if not impossible, to maintain visibility and control over data in the cloud and prove chain of custody. Complicating the situation, data can be compromised without IT's knowledge, since they may not even be aware that documents are being stored and shared in the cloud..."
        Cloud Architecture: Get It Right The First Time
        Information Week, September 26th, 2013
        "Whether you're building an enterprise private cloud or buying a public cloud service, the underlying architecture of what you end up with will have an impact on what you can do. 'People have a tendency not to think about architecture,' noted David Linthicum, senior VP at Cloud Technology Partners in Cambridge, Mass. and a speaker in the Cloud and Virtualization track at Interop New York 2013. And cloud vendors, including Amazon Web Services and Google Compute Engine, tend not to disclose much about their underlying architectures..."
        Where Organizations are Using Cloud Solutions
        IT World Canada, September 30th, 2013
        "One of the easiest ways for a vendor to show a technology is catching on is to do a survey. Recently two companies offering cloud solutions released polls from their communities showing where the cloud is popular.

        Spiceworks, which makes a free vendor sponsored Web-based network management and help desk solutions, said 70 per cent of the 600 of global IT professionals that responded to its survey are using cloud-based Web hosting applications. Another three per cent are planning to use a Web hosting service in the next six months..."

        Will the Snowden Leaks Hurt U.S. Cloud Providers?
        Datamation, September 30th, 2013
        "Much has been written about NSA eavesdropping and the Snowden leaks, but one thing mostly lost in the cacophony of outrage, defensiveness and spin is the fact that cloud computing adoption rate could be significantly lessened, or - worse case - adopters could avoid U.S.-based providers.

        The Cloud Security Alliance estimates that U.S. cloud providers could lose as much as $35 billion as Canadian, European, Brazilian and other overseas businesses decide they've had enough with U.S. governmental security overreach, and it's in their best interest to store their data at home..."

        IT - CxO
        4 Ways CIOs Can to Respond to a Service Outage
        CIO, September 30th, 2013
        "... trading on the exchange halted for more than three hours on Aug. 22. Nasdaq's brief post-mortem statement blames a software bug and a backup system that failed to actually activate when a fault was detected. However, Reuters reports that a person familiar with what happened says connection problems with NYSE Euronext's Arca Exchange triggered the entire event. Adding insult to injury, Nasdaq suffered a six-minute outage on Wednesday, Sept. 4. Though it involved the same system that was the culprit of the larger outage, a Nasdaq statement says 'hardware memory failure in a back-end server caused this outage..."
          Challenges Faced by Top CSOs
          Help Net Security, September 27th, 2013
          (ISC)2 released new data that outlines the chief challenges faced by top enterprise security executives and illustrates the broad range of complex - and sometimes conflicting - challenges faced by today's enterprise information security leaders.
          Conflicting Challenges Put Top Execs Between a Rock and a Hard Place
          Dark Reading, September 27th, 2013
          "Top-level executives are increasingly faced with IT security decisions that force choices between conflicting goals or the lesser of two evils, according to a new study released this week.

          The study, called 'A View From the Top - The (ISC)2 Global Information Security Workforce Study CXO Report,' was conducted by Frost & Sullivan and Booz Allen Hamilton on behalf of (ISC)2; it offers a detailed look at the security attitudes of some 1,634 C-level executives from enterprises around the globe. The report indicates that top management increasingly is finding itself caught between choices and practices that are at odds with each other..."

          How to Lead Like Red Burns
          CIO Insight, September 25th, 2013
          "Often lauded as the 'Godmother of Silicon Alley,' Red Burns cofounded and led the Interactive Telecommunications Program (ITP) at New York University, a creative and technology-driven master's program that has produced more than 3,000 graduates. Many of ITP's graduates now work at global brands like Apple, Disney, Google and Microsoft, as well as smaller companies and eager startups, where the best of them carry on Burns' vision of using technology as both a means of creative expression and a way to improve people's lives. Burns died late last month, at the age of 88, and the resulting obituaries and related articles often recalled her inspirational leadership of ITP, from which I have gleaned a handful of lessons about technology, collaboration, checking the periphery and more..."
          IT - DR
          10 Reasons Why Disaster Recovery Plans Fail
          Datamation, September 27th, 2013
          "When Hurricane Sandy struck the Atlantic coast in October 2012, Allied Building Products' data center in New Jersey was submerged in four feet of water in a matter of minutes. The facility was completely wiped out, and it was three months until a new one was up and running.

          But Allied had a well-tested and effective disaster recovery/business continuity plan in place. The company's operations were rapidly switched to a SunGard AS disaster recovery facility in Philadelphia. Servers and applications were brought back online, and the company's IT infrastructure continued to operate from there for another three months until they could be switched to the new Allied data center..."

          Tactics for Becoming More Proactive about Disaster Preparation and Recovery
          Disaster Recovery Journal, September 16th, 2013
          "It's Disaster Preparedness Month (Sept), the perfect opportunity for business continuity professionals to consider some fresh tactics for preparing proactively for a disaster.

          Natural disasters don't appear to be slowing down in frequency, as Superstorm Sandy and the destructive tornadoes in the Southwest underscored. And another hurricane season has begun.

          Hurricane Sandy and the tornadoes revealed gaps and holes in many companies' business continuity and DR plans - and it's essential to find them before disaster strikes. Specifically, Hurricane Sandy kept executives, IT staff and other critical personnel stranded without power, the ability to use the Internet, or any avenue for restoring their IT systems and ensuring the safety of their companies' invaluable data..."

          IT - PM
          Lessons from Boeing: Executing on the Biggest Insurance IT Projects
          Insurance & Technology, October 3rd, 2013
          "Analogies are always helpful in understanding how and why things seem to work the way they do. Having recently attended some conferences on the modern software platforms now available to insurers, it struck me that an analogy from another industry might be in order.

          Boeing's 787 Dreamliner is the world's most advanced passenger plane, featuring many trailblazing features (pun intended) for pilots, crews, and passengers. Similarly, there are some new platforms available for policy, billing, and claims that boast modern architectures and rich configurability and functionality..."

            The 7 Deadly Sins of Project Management
            Internet Evolution, September 26th, 2013
            "At a National Association of State Chief Information Officers conference in Washington a few months ago, almost half the respondents to an informal audience poll said they don't have a process to filter out half-baked IT projects early in the process. Nearly 60 percent said they have trouble canceling troubled projects late in the game... Kapur, who has spent more than 20 years as a PM consultant, shared with StateTech his own list of 'seven deadly sins' for project management:"

            • Failing to adhere to a project process architecture
            • Treating half-baked ideas as projects
            • Missing (or ineffective) leadership
            • Employing underskilled project managers
            • Inadequately tracking project vital signs
            • Failing to conduct timely project triage
            • Managing the project portfolio poorly

            Read on for details.

            IT - Networks
            Breaking Down IT Network Threats: The Sources
            Datamation, September 26th, 2013
            "Understanding the probable threats facing your organization's network requires an understanding of where threat agents originate. Not all threat sources apply to your business. For example, if you assess a facility in Toledo, Ohio, you don't have to worry about hurricanes. However, you might want a business continuity plan that includes blizzards. For general purposes, threat sources can fall into one of four categories: human, geographic, natural, and technical..."
            Weighing the IT implications of implementing SDNs
            Network World, September 27th, 2013
            "Software Defined Networks should make IT execs think about a lot of key factors before implementation.

            Issues such as technology maturity, cost efficiencies, security implications, policy establishment and enforcement, interoperability and operational change weigh heavily on IT departments considering software-defined data centers. But perhaps the biggest consideration in software-defining your IT environment is, why would you do it?..."

            IT - Operations
            Big Iron is (Still) Not Dead
            IT World, September 27th, 2013
            "BMC Software has released its 8th annual Worldwide Survey of Mainframe Users and found that not only is the mainframe not dying, despite years of such predictions, it's taking on Big Data and other 21st century workloads.

            Now let's start with the disclaimer that BMC is a developer of low-cost mainframe solutions, so it's easy to be cynical since the company has a vested interest in the mainframe doing well. This was a sizable survey, with 1,184 respondents worldwide..."

            Hoard Cloud Talent Now -- While You Can Still Get It
            InfoWorld, September 27th, 2013
            "Demand for cloud-skilled IT workers continues to outstrip the supply, and the demand is only growing. As I've written, people who have both traditional skills and IT skills will be the most valuable -- something a recent article bears out.

            And getting talent is made harder due to several realities in the tech industry.

            Here are some of the inhibitors to getting cloud talent in the current market: ..."

            IT Purchasing: Who Decides What Tech to Buy?
            ComputerWorld, October 2nd, 2013
            "Lowe's knows a thing or two about buying and selling, so it means something that the Mooresville, N.C., home improvement retailer established a procurement department to help its various divisions make better deals.

            Now Tom Nimblett, director of procurement for IT, HR, finance and Lowe's dot-com divisions, reaches out to IT managers at all levels, including the CIO as needed, to consult on tech purchases -- which are not inconsiderable given the company's 1,000-person IT staff and annual IT budget of $1 billion-plus..."

            Software Defined Data Center Networking: Think Bare Metal
            SearchSDN, September 30th, 2013
            "The cloud era has led to a slew of cost-savings advantages for businesses of all sizes, but as the technology grows, it demands center networks and storage that can match its magnitude. Traditional approaches to networking in a cloud environment have become too complex and costly. But software-defined networking (SDN) and software-defined data center (SDDC) technology will address these challenges..."
              10 Ways to Ensure Failure for Your IT Outsourcing Deal
              CIO, September 27th, 2013
              "Even though the state of IT outsourcing has matured, mistakes in flawed deals are often repeated, and the most disappointing deals share common characteristics. Here are 10 steps that are guaranteed to lead to an outsourcing catastrophe..."

              • Don't define transformation
              • Assume billing and SLAs begin on day one
              • Ignore retained costs in the business case
              • Start governance two months after the deal is signed
              • Sign a change order for an existing contract commitment
              • Don't fund testing and change functions
              • Rely solely on termination rights should things go wrong
              • Confuse people transfer with knowledge transfer
              • Trust the vendor's SLA reports
              • Assume technical managers will become vendor management professionals overnight

              Read on for details.

              IT - Security
              5 Reasons Every Company Should Have A Honeypot
              Dark Reading, October 1st, 2013
              "In January 1991, a group of Dutch hackers attempted to break into a system at Bell Labs, only to be directed into a digital sandbox administered by one of the research groups at AT&T. In an account of the five-month incident involving one of the first computer honeypots, Bill Cheswick echoed a complaint of the systems frequently made since the incident: 'How much effort was this jerk worth? It was fun to lead him on, but what's the point?'..."
                7 Sneak Attacks Used by Today's Most Devious Hackers
                InfoWorld, September 30th, 2013
                "Millions of pieces of malware and thousands of malicious hacker gangs roam today's online world preying on easy dupes. Reusing the same tactics that have worked for years, if not decades, they do nothing new or interesting in exploiting our laziness, lapses in judgment, or plain idiocy.

                But each year antimalware researchers come across a few techniques that raise eyebrows. Used by malware or hackers, these inspired techniques stretch the boundaries of malicious hacking. Think of them as innovations in deviance. Like anything innovative, many are a measure of simplicity..."

                  Common Data Breach Handling Mistakes
                  Help Net Security, October 1st, 2013
                  "A data breach is an issue that can affect any organization and National Cyber Security Awareness Month is an opportune time for organizations to start to prepare for an incident or enhance their current response plan..."

                  "While there has been great progress among businesses and institutions in data breach prevention, breaches can still occur and it's important to execute the right steps after an incident," said Michael Bruemmer, vice president at Experian. "Being properly prepared doesn't stop with having a response plan. Organizations need to practice the plan and ensure it will result in smooth execution that mitigates the negative consequences of a data breach."

                  Compliance Is Still a Worry, but Security Is Now a Top Concern
                  eWeek, September 25th, 2013
                  "Network breaches have become the top concern for security professionals, replacing worries over a company's compliance with federal and industry regulations, according to two surveys released in the past week.

                  A survey of 272 security managers and network engineers, titled 'What Keeps IT Pros Up at Night' found that 34 percent of respondents worry most about the possibility of a breach, while 31 percent of those polled are concerned with failing an IT-security audit. To improve security, about 20 percent of IT security professionals said they plan to implement the SANS Critical Security Controls in the next 12 to 24 months..."

                  Data Breach Lessons: How to Rewrite Rules
                  Information Week, September 30th, 2013
                  "As embarrassing and costly as a big data breach might be for an organization, many security professionals will tell you such an incident can be good news in the long run for a business's risk posture. Sometimes even after numerous warnings from security and risk advisers, the only way for senior managers to sit up and pay attention to a set of risks is to have an incident from that risk detailed blow by blow in the business press..."
                  Forget Fingerprints: Your Iris is Your New Identity
                  ComputerWorld, September 30th, 2013
                  "At the entrance to 'The Vault,' the most secure room within the most protected building operated by security services provider Symantec, an iris recognition system stands guard as the last line of defense.

                  Employees who make it this far have already swiped an access card and entered a PIN at the building's main door and then submitted a finger to a biometric reader to move beyond the lobby..."

                  How to Implement DMARC in Your Organization
                  Network World, September 26th, 2013
                  "A few weeks ago I wrote how the Doman-based Messaging, Authentication, Reporting and Conformance (DMARC) standard is helping companies protect their domains from phishing (see DMARC is having a positive impact on reducing spoofed email). Now I'll share with you how to implement this standard.

                  This is something that can be done in-house if your company has technical people who understand DNS and your email system. If you don't want to go it alone, there are companies that can implement DMARC for you and also provide the ongoing service of consolidating and analyzing all the email usage reports you'll be getting..."

                    How to Mitigate Risk Associated with a Customer's Potential Data Breach
                    SearchITChannel, September 30th, 2013
                    "When it comes to managed and cloud services, regardless of who you talk to, security is a touchy subject. No one denies the importance of a good defense, but no one wants to accept the risk of a breach, either. Service providers can adopt best practices to mitigate risk, but industry experts say there's no way to completely eliminate the risk associated with data breach..."
                    How to Take Password Security Out of the Hands of Your Employees
                    Business 2 Community, September 30th, 2013
                    "In a business of any size, each employee has their designated tasks and responsibilities. An office assistant might be responsible for answering phones and filing. A salesperson might be responsible for generating and following up on new leads. An accountant might be responsible for handling all payroll and tax issues. But in most offices, there's at least one responsibility that every single employee shares: using password security to protect the best interests of the business..."
                    Many Security Professionals Don't Understand Modern Malware
                    Network World, September 30th, 2013
                    "One of the most famous quotes attributed to Sun Tzu is, 'If you know your enemy and know yourself, you need not fear the results of a hundred battles.' This statement should certainly apply to the current cyber threat landscape. Security professionals should have strong knowledge about new types of malware, the cybercrime market, and the tactics used by cyber adversaries so they can design and implement the appropriate countermeasures..."
                    NSA Chief: Don't Dump Essential Security Tools
                    Information Week, September 26th, 2013
                    "The head of the U.S. Cyber Command had come to talk about the state of cybersecurity in America. But Gen. Keith Alexander, who also directs the National Security Agency, took the offensive, delivering an impassioned defense of NSA practices Wednesday, in the wake of recriminations over the agency's collection and handling of Americans' phone records.

                    He also asked government and industry executives, gathered at a cybersecurity summit in Washington, for their support in maintaining the NSA's data-collection and surveillance efforts..."

                    Penetration Testing With Honest-To-Goodness Malware
                    Dark Reading, October 1st, 2013
                    "Popular fiction usually dictates that the primary cyberfoe of big business is a young, nerdish, and exceedingly smart computer hacker with a grudge against practically anyone and everyone. It may be this particular cliched (and false) stereotype of a hacker that many business analysts and executives have, in turn, used as justification for testing the defenses of their organizations in a particular way. While some may supplement this image of a hacker with concrete bunkers filled with uniformed cyberwarriors if they feel worthy of state-initiated attacks, it is a sad fact that many of the methodologies currently employed by organizations to evaluate their tiered defenses are tired and dated..."
                      Top 4 Problem Areas That Lead To Internal Data Breaches
                      Dark Reading, September 27th, 2013
                      "External data breaches (think: Anonymous) and internal data leaks (think: Edward Snowden) have enterprises questioning and rethinking their security programs. Are they doing enough to protect their data? Are their security controls effective? Would they be able to respond appropriately to a data breach and contain it quickly?..."
                      Would You Hire a Hacker to Run Your Security?
                      The Register, September 30th, 2013
                      "More than two in three IT professionals would consider ex-hackers for security roles, providing they have the right skills to do the job, a survey has found.

                      In addition, 40 per cent of respondents to CWJobs' survey of 352 IT bods reckoned there aren't enough skilled security professionals in the UK technology industry.

                      As if that news wasn't unsurprising enough, two thirds of the 352 tech professionals surveyed by website CWJobs stated that they would consider re-training in order to take on a role in IT security..."

                      IT - Careers
                      Are Workers Drowning In a Sea of Ineffective Technology?
                      Help Net Security, October 3rd, 2013
                      "With the rise of mobile, the cloud and multiple device use, today's workers are more connected than ever before, giving them access to high-volume streams of information on a 24-7 basis. But is this helping or hurting their productivity? New research from Cornerstone OnDemand and Kelton, reveals that U.S. employees are feeling overloaded, whether by work (50 percent), information (34 percent) or technology (25 percent)..."
                        How to Cope With Toxic Co-Workers
                        Baseline, September 26th, 2013
                        "You will undoubtedly encounter a parade of extremely, ahem, challenging co-workers throughout your professional career. There's the backstabber in the corner cubicle, closely watching over everyone else's performance so he can casually drop scathing remarks. Then there's the excessive emailer who, for some reason, feels compelled to cc everyone on every single email. And there's almost always an office bully..."
                        IT - Virtualization
                        Addressing the Virtualization Disconnect
                        ServerWatch, September 30, 2013
                        "Sometimes you can get industry insights from the most unexpected of places. When we're talking about virtualization, insights can come - apparently - from a frozen custard van.

                        Of course, if I may paraphrase the late Rod Serling from The Twilight Zone, this was no ordinary frozen custard van. Virtually Speaking It was a frozen custard van rented by Microsoft from Frozen Kuhsterd and painted up in Microsoft virtualization livery to form the centerpiece of the company's VMworld guerrilla marketing campaign..."

                        IT - Compliance
                        Why Mere Compliance Increases Risk
                        CSO Online, October 2nd, 2013
                        "The Department of Health and Human Services recently confirmed that a lack of training is a common cause of HIPAA compliance difficulties. But is that really such a surprise? Given the poor state of awareness training in many organizations, it's no wonder that HIPAA violations are actually on the rise. The fact is, to achieve formal, 'letter of the law' compliance, just about any form of training will do to 'check the box.' But as we continue to see, bad training is, in the final analysis, practically equivalent to - or worse than - no training at all, and hence the disappointing results reported by HHS and by others who wonder why their compliance training fails..."
                        IT - Database
                        Data Science?
                        Information Management, September 27th, 2013
                        "Several weeks ago, I came across an article, Data Science and its Relationship to Big Data and Data-Driven Decision Making, by Forest Provost and Tom Fawcett, that left me a bit uncomfortable. The authors have also just published a related book, Data Science for Business, that I've not read as yet. Author Provost is on the faculty of NYU, and is affiliated with a new MS in Data Science program at the university..."
                        Three Steps to Heaven, St. Rita and the Future of the EU Draft Regulation
                        International Association of Privacy Professionals, October 3rd, 2013
                        "Here at the IAPP Privacy Academy in Seattle, WA, much of the discussion has centered on operational privacy considerations and emerging trends in data protection. In the background looms a partially shut down U.S. government, with both political parties holding their ground in what may be a long, uncompromising political slog that has affected the privacy world in at least a small way: FTC Commissioner Maureen Ohlhausen was forced to Skype in to her session here, while Julie Mayer, FTC staff attorney, and Janis Kestenbaum, FTC counsel, were unable to join their panels at all..."
                          Data's Ethical Landmines
                          Information Management, September 30th, 2013
                          "There has been a lot of hype around the introduction of social media data and big data to the worlds of data integration and master data management. After all, isn't more data - capable of helping us identify and understand our customers better - invaluable to the business? Perhaps, but along with its infinite value could come some highly unexpected, extensive costs and liabilities if not handled appropriately..."
                          How Safe is Your Data?
                          IT Web Security, October 1st, 2013
                          "Theft, loss, neglect and insecure practices are the biggest risks to data.

                          This is according to James Grcic, MD of Computer Storage Services, who was addressing the ITWeb Business Continuity 2013 Summit in Bryanston this morning.

                          Neglect usually happens when new employees take over from former staff or when existing procedures, ideas and processes are not congruent with new business practices, he said. Insecure practices can result in data loss related to collecting, storing, sending, encrypting, finding and removing data, which in turn raises data safety risks..."

                          IT - Backup
                          What Are Integrated Backup Appliances?
                          Storage Switzerland, October 1st, 2013
                          "A lot has been written about the size and scope of the purpose built backup appliance (PBBA) market. When backup appliances first came to market over a decade ago, they were designed primarily as large disk repositories, some of which incorporated deduplication and compression, and provided support for multiple backup applications. In recent years, some industry analysts have further segmented the market into 'integrated backup appliances'. The challenge is this definition is misleading and doesn't convey what actually constitutes an integrated solution..."
                            IT - Big Data
                            How to Close the Big Data Skills Gap by Training Your IT Staff
                            CIO, October 2nd, 2013
                            "Research firms paint a dire picture of a massive big data skills gap that will get worse over time. But companies like Persado, which uses big data to help marketers optimize their messages, are finding success training their existing staff in the new big data technologies.

                            According to a recent CompTIA survey of 500 U.S. business and IT executives, 50 percent of firms that are ahead of the curve in leveraging data, and 71 percent of firms that are average or lagging in leveraging data, feel that their staff are moderately or significantly deficient in data management and analysis skills..."

                            Innovation, Big Data and the Future of Information Security
                            Help Net Security, October 2nd, 2013
                            "Lowe's knows a thing or two about buying and selling, so it means something that the Mooresville, N.C., home improvement retailer established a procurement department to help its various divisions make better deals.

                            Now Tom Nimblett, director of procurement for IT, HR, finance and Lowe's dot-com divisions, reaches out to IT managers at all levels, including the CIO as needed, to consult on tech purchases -- which are not inconsiderable given the company's 1,000-person IT staff and annual IT budget of $1 billion-plus..."

                            IT - BYOD
                            BYOD: Like Inviting Your Boss into Your House When You're Not Home
                            ZDNet, October 3rd, 2013
                            "On the surface, being able to use your beloved smartphone for both personal and work activities sounds like a good idea. For many, not having to use two different phones is reward enough, and others find it a blessing not having to use a work phone running a platform they don't like. As compelling as BYOD may be, it's not without exposure.

                            When you have a phone assigned by your employer you know it's for work and nothing else. You've been warned not to make personal calls, use the phone for personal email, etc. You don't play around with the work phone, that's restricted to your personal phone..."

                            Look at Risk Before Leaping Into BYOD, Report Cautions
                            CSO Online, September 18th, 2013
                            "Before rushing into allowing employees to do their jobs on their personal devices, organizations need to diligently address the unique risks of that practice, cautioned a report by an international cybersecurity information organization.

                            When businesses push Bring Your Own Device (BYOD) programs into place too quickly, risk management is often neglected or rushed, leaving organizations with both unknown and unnecessary risks, the Information Security Forum reported on Tuesday..."

                            Top Ten Articles for last few Issues
                            Vol 187 Issues 1, 2, 3 and 4 ; Vol 186 Issues 1, 2,3 and 4
                            We track how frequently each article is viewed on the web site to determine which the readers consider the most important. For last week, the top 10 articles were:

                            • Java Platform Advancements and Java Momentum
                            • SPARC M6-32 and Oracle SuperCluster M6-32
                            • OpenZFS at EuroBSDcon
                            • SPARC M6-32 Server Architecture
                            • Everything Runs Fast
                            • Why Big Data Management Will Drive the Future
                            • Keeping up with Leading Edge OpenStorage Technology
                            • Oracle Adds 10 New Services to Oracle Cloud
                            • Winners of the 2013 Duke.s Choice Awards
                            • Oracle Exalytics T5-8 Scales Up to Deliver Customers with Analytic Insights

                            The longer version of this article has list of top ten articles for the last 8 weeks.

                              IT - Server
                              Securing More Vulnerabilities By Patching Less
                              Dark Reading, October 2nd, 2013
                              "As a penetration tester, Mauricio Velazco frequently looked for information on the latest attacks because corporate information systems were rarely patched against the exploitation of just-reported vulnerabilities.

                              When he moved over to the other side of the firewall, Velazco -- now the head of threat intelligence and vulnerability management at The Blackstone Group, an investment firm -- duly implemented a patching process for his company that attempted to keep up with its regulated responsibilities. It quickly became clear, however, that fixing vulnerabilities using the criticality of the bugs to prioritize patching kept the IT staff busy, but it did not make the company much safer..."

                              The Moment of Truth: When New Eyes Meet Old Code
                              InfoWorld, September 30th, 2013
                              "As a preface, I should mention that this post is primarily aimed at admin coders rather than full-time developers. If you work inside an IDE for eight-plus hours a day, then some of this might be a bit off the mark. Then again, exists for a reason.

                              I've had occasion to revisit my own, elderly code quite often. Sometimes I clearly recall how I originally designed it, and some or all of the reasoning behind some of those decisions. Other times -- usually on smaller projects -- I can't remember even writing the code..."

                              Unix: When Pipes Get Names
                              IT World, September 29th, 2013
                              "Unix pipes are wonderful because they keep you from having to write intermediate command output to disk (relatively slow) and you don't need to clean up temporary files afterwards. Once you get the knack, you can string commands together and get a lot of work done with a single line of commands. But there are two types of pipes that you can use when working on a Unix system - regular, unnamed or anonymous pipes and named pipes. These two types of pipes share some advantages, but are used and implemented very differently..."
                              LibreOffice 4.1.2
                              Several new developers enter the Engineering Steering Committee
                              The Document Foundation (TDF) announced LibreOffice 4.1.2, for Windows, Mac OS X and Linux. This is the second minor release of the LibreOffice 4.1 family, which features a large number of improved interoperability features with proprietary and legacy file formats.

                              The new release is another step forward in the process of improving the overall quality and stability of LibreOffice 4.1. For enterprise adoptions, The Document Foundation suggests LibreOffice 4.0.5 (with 4.0.6 expected soon), supported by certified professionals.

                              LibreOffice 4.1.2 arrives one week after the LibreOffice Conference in Milan, where the community has gathered from all over the world to discuss software development and quality assurance, in addition to ODF, interoperability with proprietary document formats, community and marketing.

                              Trending in
                              Vol 235, Issue 2
                              Trending IT Articles