783
Securing Privileged Access Reference Material
"The purpose of this tier model is to protect identity systems using a set of buffer zones between full control of the Environment (Tier 0) and the high risk workstation assets that attackers frequently compromise."
security  identity 
12 weeks ago
The Rational Rejection of Security Advice by Users
"It is often suggested that users are hopelessly lazy and
unmotivated on security questions. They chose weak
passwords, ignore security warnings, and are oblivious
to certificates errors. We argue that users’ rejection
of the security advice they receive is entirely rational
from an economic perspective. The advice offers to
shield them from the direct costs of attacks, but burdens
them with far greater indirect costs in the form of effort.
Looking at various examples of security advice we find
that the advice is complex and growing, but the benefit
is largely speculative or moot. For example, much of the
advice concerning passwords is outdated and does little
to address actual treats, and fully 100% of certificate
error warnings appear to be false positives. Further, if
users spent even a minute a day reading URLs to avoid
phishing, the cost (in terms of user time) would be two
orders of magnitude greater than all phishing losses.
Thus we find that most security advice simply offers a
poor cost-benefit tradeoff to users and is rejected. Se-
curity advice is a daily burden, applied to the whole
population, while an upper bound on the benefit is the
harm suffered by the fraction that become victims an-
nually. When that fraction is small, designing security
advice that is beneficial is very hard. For example, it
makes little sense to burden all users with a daily task
to spare 0.01% of them a modest annual pain."
security 
february 2017
The Real Name Fallacy
"People often say that online behavior would improve if every comment system forced people to use their real names. It sounds like it should be true – surely nobody would say mean things if they faced consequences for their actions?

"Yet the balance of experimental evidence over the past thirty years suggests that this is not the case. Not only would removing anonymity fail to consistently improve online community behavior – forcing real names in online communities could also increase discrimination and worsen harassment."
privacy  harassment 
january 2017
Bordering on Aggression
"For most Canadians and Americans, it is unbelievable, ridiculous, impossible to imagine, that the U.S. military would ever invade Canada."
world 
november 2016
Design Thinking 101
"History and background plus a quick overview and visualization of 6 phases of the design thinking process."
design 
august 2016
The days of long, complicated passwords are over
"Recently, Microsoft published a new password policy recommendation paper containing advice that flies in the face of conventional wisdom on the subject."
security  password 
june 2016
Microsoft Offers Pro-Tips on Avoiding Credential Theft | Threatpost | The first stop for security news
"She said common approaches to password management don’t work, such as IT admins who enforce requirements on password length, complexity and impose regular and periodic password expirations."
security  password 
may 2016
HCloud: Resource-efficient provisioning in shared cloud systems | the morning paper
"The sweet spot it turns out, is a combination of reserved instances and on-demand provisioning with a placement policy that can improve performance by 2.1x compared to using only on-demand instances, and that can reduce cost by 46% compared to fully-reserved systems."
cloud  management 
may 2016
All Change Please
"The combined changes in networking, memory, storage, and processors that are heading towards our data centers will bring about profound changes to the way we design and build distributed systems, and our understanding of what is possible."
processor  storage  network 
january 2016
The Big Enterprise Storage Lie
"Anyone who tries to sell you a dual-controller array to be used as a platform to deliver storage services in 2016 is lying to you."
storage 
december 2015
Google Online Security Blog: New research: Comparing how security experts and non-experts stay safe online
"our findings highlight fundamental misunderstandings about basic online security practices. Software updates, for example, are the seatbelts of online security; they make you safer, period. And yet, many non-experts not only overlook these as a best practice, but also mistakenly worry that software updates are a security risk."
security 
december 2015
Linux Mint on HP Stream 11 - A day in the life.....
"This guide is to set out what I did in the hope that it will help someone else looking to install Linux onto an HP Stream 11 as it’s not as simple as it could have been."
linux 
november 2015
A Birthday for Canada’s Internet
In 1989, the group that managed NetNorth decided to move to the emerging TCP/IP standard developed in the US by ARPA (Advanced Research Projects Agency). This protocol, the cornerstone of the Internet, was becoming prevalent in academic networks in the US, and had been adopted by a few provincial networks in Canada. The move to the TCP/IP standard was supported by Canada’s National Research Council, which agreed to help finance a new national network and to form a planning committee which issued an RFP soliciting proposals to create this new network. This competition was won by the University of Toronto, with contributions from IBM Canada and the telecom carrier INSINC. The new network was called CA*net.
Internet  history 
november 2015
Arbitrator says outsourcing e-mail system to the cloud lawful
"On August 25th, Arbitrator Outhouse held that Dalhousie University did not violate the Personal Information International Disclosure Protection Act by providing e-mail and other IT services via a cloud-based platform."
privacy  outsourcing 
september 2015
Simple Made Easy
"Rich Hickey emphasizes simplicity’s virtues over easiness’, showing that while many choose easiness they may end up with complexity, and the better way is to choose easiness along the simplicity path."
programming  design 
july 2015
Troy Hunt: The beginners guide to breaking website security with nothing more than a Pineapple
"... it’s hard to observe the risk of insufficient transport layer protection being exploited, at least compared to something like XSS or SQL injection. But it turns out that exploiting unprotected network traffic can actually be extremely simple, you just need to have the right gear."
security  wireless 
july 2015
ClearFactr
"ClearFactr is a browser-based platform for financial modeling, combining advanced analytics, easy simulation capabilities, and new formula syntax that replaces your legacy spreadsheet formulas with plain language."
analysis 
july 2015
If You Think Your Team Makes Decisions, Think Again - HBR
"explicitly letting go of the illusion of group decision making clarifies individual accountability and puts the group’s time together to more effective use for debating, revising, brainstorming, and aligning"
team 
june 2015
Falsehoods programmers believe about time: @noahsussman: Infinite Undo
"In fact I have seen so many of these misconceptions crop up in other people’s (and my own) programs that I thought it would be worthwhile to collect a list of the more common problems here."
programming  time 
june 2015
Falsehoods Programmers Believe About Names | Kalzumeus Software
"So, as a public service, I’m going to list assumptions your systems probably make about names. All of these assumptions are wrong. Try to make less of them next time you write a system which touches names."
programming 
june 2015
AES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista
"The Bitlocker Drive Encryption feature of Windows Vista poses an interesting set of security and performance requirements on the encryption algorithm used for the disk data. We discuss why no existing cipher satisfies the requirements of this application and document our solution which consists of using AES in CBC mode with a dedicated diffuser to improve the security against manipulation attacks."
security  encryption  windows 
june 2015
The First Question to Ask of Any Strategy - HBR
"So do a little test of your strategy before committing to it. Ask: Is the opposite stupid on its face? Have most of my competitors made the same choice as me? If the answers are “yes,” you have more work to do to have a smart strategy rather than just a non-stupid one."
strategy 
may 2015
An introduction to cyber liability insurance cover
"A good starting point is to determine what costs or expenses you would like to have covered and what types of incidents you want cover for. Circulate and discuss this list with all the relevant people, not forgetting to get all the information you need from third-party suppliers and partners. List both your own costs (known as first-party costs) and the costs that others may attempt to claim from you as a result of the incident (known as third-party costs)."
security  insurance 
may 2015
Beyond grep: ack 2.14, a source code search tool for programmers
"ack 2.14 is a tool like grep, optimized for programmers"
unix 
april 2015
Saying CX Is A Priority Is Easy. Following Through On It Is Tough. | Forrester Blogs
"Technology empowers your customers, members, clients, and buyers today. And your business leaders need you to expand beyond using technology to support or transform internal operations - what we call the IT agenda. Today, business leaders need your help to compete for customer loyalty. Today, business leaders need you and your teams to help them apply technology, systems,and process to win, serve, and retain customers- the business technology (BT) agenda."
customer  experience 
march 2015
Toopher Enterprise - 2 factor authentication
"Toopher offers four methods of out-of-band authentication: invisible push with patented automation technology, standard push based authentication, time-based one-time passcodes, and out-of-band SMS-based authentication."
security  authentication 
march 2015
Free minix-like kernel sources for 386-AT - Google Groups
"As I mentioned a month(?) ago, I'm working on a free version of a
minix-lookalike for AT-386 computers."
linux 
march 2015
Let's Talk Reader-Comments One More Time - The Atlantic
"I feel like we punched a hole in our wall on the 51st street side of the building and hooked a sewer line up to it."
february 2015
Visualizing the Discipline of Cloud Architecture
"All three of these cloud providers’ architecture sites have detailed visual architecture diagrams representing use cases for their cloud services."
cloud  architecture 
february 2015
The Machine: HP's New Memristor Based Datacenter Scale Computer - Still Changing Everything - High Scalability -
"HP has been working on a radically new type of computer, enigmatically called The Machine (not this machine). The Machine is perhaps the largest R&D project in the history of HP. It’s a complete rebuild of both hardware and software from the ground up."
architecture 
december 2014
InfluxDB - Open Source Time Series, Metrics, and Analytics Database
"InfluxDB is a time series, metrics, and analytics database. It’s written in Go and has no external dependencies. That means once you install it there’s nothing else to manage (like Redis, ZooKeeper, HBase, or whatever)."
database  analytics  monitoring 
december 2014
Cloud Dependency: Data Protection and Security
"Tenants should establish a way to store their encryption keys from multiple clouds. This repository should store keys, certificates (for SSL), and other encryption material. In addition, keys should be regularly tested and checked for expiration, or a set of keys should be rotated through as key people leave or arrive."
cloud  security  encryption 
december 2014
Demystifying the PCI Scope of Assessment « IT Revolution IT Revolution
"The Toolkit includes a set of principles, a structured thinking process and tools to generate defensible and consistent scoping conclusions, regardless of who is performing the PCI evaluation or assessment."
PCI 
november 2014
Process Landscape of the University - University Information Technology - The University of Utah
"In our work at the University of Utah, we estimated that there are some 200 major business processes in the university. Information on this work is available at "Process Landscape of the University." I am hoping that someday this work can contribute toward building a way to share information about best practices in higher education business processes, so that we stop trying to reinvent the wheel."
process  analysis 
november 2014
Fixing Unix/Linux/POSIX Filenames: Control Characters (such as Newline), Leading Dashes, and Other Problems
"This article will try to convince you that adding some tiny limitations on legal Unix/Linux/POSIX filenames would be an improvement. Many programs already presume these limitations, the POSIX standard already permits such limitations, and many Unix/Linux filesystems already embed such limitations — so it’d be better to make these (reasonable) assumptions true in the first place."
programming  unix 
november 2014
Specifications Overview | FIDO Alliance
"The core ideas driving FIDO are (1) ease of use, (2) privacy and security, and (3) standardization. For implementing authentication beyond a password (and perhaps an OTP), companies have traditionally been faced with an entire stack of proprietary clients and protocols.

"FIDO changes this by standardizing the client and protocol layers. This ignites a thriving ecosystem of client authentication methods such as biometrics, PINs and second–factors that can be used with a variety of online services in an interoperable manner."
security  authentication 
october 2014
Ta-da! Talko, Ray Ozzie’s newest creation, is finally here and guess what? It’s about communication — Tech News and Analysis
"Talko is a VoIP application that utilizes public cloud resources to let workgroups (or just a group of friends) reach each other by whatever channel is best and available at the time. But, it also enables communication in real time and/or asynchronously in case a group member or connectivity isn’t available at the moment."
telephony 
september 2014
Technology Jeopardy: Beat The Odds Of Project Failure With A Single Question | Forrester Blogs
"The ones leading their industries made deliberate investments in technology to make richer, better information available to customer-facing employees when and where they could use it to help customers the most. Notice I said “help customers,” which is not the same as marketing to them. Helping customers means acknowledging them, recognizing what they’re trying to achieve, and meeting that need better than your competitors do. In other words, helping people do their best work on behalf of your company’s customers."
september 2014
How StatsCan lost 42,000 jobs with the stroke of a key
"Since the update was considered minor maintenance, the agency’s IT department apparently didn’t bother to warn other departments about the change."
change  management 
september 2014
iOS Security
This document provides details about how security technology and features are implemented within the iOS platform. It will also help organizations combine iOS platform security technology and features with their own policies and procedures to meet their specific security needs.
security 
august 2014
Scale Computing: infrastructure made simple — StorageMojo
"Instead of the typical infrastructure of servers, switches and arrays, layered over with hypervisors and VMs, Scale integrates servers, storage and virtualization in one box."
servers  san  virtualization 
august 2014
The U.S. Digital Services Playbook
"To increase the success of government digital service projects, this playbook outlines 13 key “plays” drawn from private and public-sector best practices that, if followed together, will help federal agencies deliver services that work well for users and require less time and money to develop and operate."
design 
august 2014
CenturyLink's Tool for Managing Docker Containers Now Open Source
"“Right now, deploying … containerized applications is very easy for simple single-container applications,” he said. Once you venture beyond the single-container topology, there is all of a sudden a myriad of new technologies you need to learn – things like Fig, Mesos, etcd – “the list keeps growing every other day.”

"All the things a developer needs to learn makes barrier to entry for using Docker very high. The goal of Panamax is to lower that barrier with a set of standard practices and an elegant interface that enables users to deploy containerized apps in any cloud using the technologies under the hood without having to learn the ins and outs of each of them."
cloud  deployment 
august 2014
High Performance Browser Networking
(High Scalability:) Since Google is eschewing content quality based ranking, preferring lower latency and SSL only sites, Ilya Grigorik recommends a very sensible course of action: improve your TLS performance. And here's just the chapter to help: Chapter 4. Transport Layer Security (TLS). Great explanation of TLS and related complexities along with many performance improvement suggestions.
security  performance 
august 2014
Amazon's Scorpion Problem - Feld Thoughts
"AWS is not the low price provider.
AWS is not the best product at anything – most of their features are mediocre knock offs of other products.
AWS is unbelievably lousy at support.
Once you are at $200k / month of spend, it’s cheaper and much more effective to build your own infrastructure.
cloud 
august 2014
Accurate Project Estimation | Dr Dobb's
"By decomposing work into small tasks, accurately assigning points to those tasks, doing postmortems on misses, and avoiding behavior that corrodes trust among team members, it's possible to build a culture of accurate project estimation."
projects  management 
august 2014
On Designing and Deploying Internet-Scale Services
"While auto-administration is important, the most important factor is actually the service itself. Is the service efficient to automate? Is it what we refer to more generally as operations-friendly? Services that are operations-friendly require little human intervention, and both detect and recover from all but the most obscure failures without administrative intervention. This paper summarizes the best practices accumulated over many years in scaling some of the largest services at MSN and Windows Live."
cloud  applications  management 
july 2014
The Kepler Project — Kepler
"Kepler is designed to help scien­tists, analysts, and computer programmers create, execute, and share models and analyses across a broad range of scientific and engineering disciplines. Kepler can operate on data stored in a variety of formats, locally and over the internet, and is an effective environment for integrating disparate software components, such as merging "R" scripts with compiled "C" code, or facilitating remote, distributed execution of models. Using Kepler's graphical user interface, users simply select and then connect pertinent analytical components and data sources to create a "scientific workflow"—an executable representation of the steps required to generate results. The Kepler software helps users share and reuse data, workflows, and compo­nents developed by the scientific community to address common needs."
research  data_management 
july 2014
Making the Web Faster with HTTP 2.0 - ACM Queue
"HTTP 2.0 will make applications faster, simpler, and more robust by enabling efficient multiplexing and low-latency delivery over a single connection and allowing Web developers to undo many of the application "hacks" used today to work around the limitations of HTTP 1.1."
web  performance 
july 2014
Internet Infrastructure in Manhattan
"New York has been a crucial world-wide telecommunications hub at least since the 1920s. Telegraph cables and pneumatic tubes ran all over and under the southern end of Manhattan. Buildings that once were telegraph company headquarters are now home to major Internet facilities. And now there is very little distinction between voice and data communications."
Internet  history 
july 2014
Cloud Orchestration Startup CliQr Makes Enterprise Cloud Easy
"Using the CliQr interface, a user simply describes their application’s topology and infrastructure requirements, and CliQr does the heavy lifting of provisioning the right infrastructure and deploying the app. The user picks from a list of supported cloud providers but their application will not be married to any one cloud they choose."
cloud  deployment 
july 2014
Enforcing CASL: How To Report Spam Violations - Michael Geist
"The government has established a Spam Reporting Centre that is currently accepting reports of commercial electronic messages sent without consent or with false or misleading content. Initial reports indicate that hundreds of complaints have been filed daily. The Centre clearly states that it will not investigate all submissions, but rather use the information to identify enforcement targets. The information will be retained for at least three years (or up to ten years if the subject of an investigation). Canadians can use a web-based form to file their report or simply forward their spam email directly to spam@fightspam.gc.ca."
email 
july 2014
Fearless Security | Taking the Fear out of Security Decisions
"All.Net presents the Options and Basis components of our standards of practice for enterprise information protection. These provide overarching coverage and many specifics surrounding what we currently view as a reasonable and prudent approaches to addressing information protection for enterprises. While there may be many other approaches that might also meet the need, we hope that these will help provide guidance within the community."
security 
june 2014
BitLocker Frequently Asked Questions (FAQ)
"Is the BitLocker recovery information stored in plaintext in AD DS?

"Yes, the recovery information is stored unencrypted in AD DS, but the entries have access control lists (ACLs) that limit access to only domain administrators.

"If an attacker gains full access to AD DS, all computers in the domain, including BitLocker-protected computers, can be compromised. For more information about securing access to AD DS, see Securing Active Directory Administrative Groups and Accounts (http://go.microsoft.com/fwlink/?LinkId=83266)."
windows  security  encryption 
june 2014
ElasticBox - Cloud Application Management Platform. Define, Deploy and Manage Applications on any Cloud. · ElasticBox
"ElasticBox helps you define, deploy, and manage complex multi-tier applications independent of infrastructure. Available to you are a ready made catalog of “boxes” with the latest configurations of platforms, language runtimes, and configuration management tools, plus more. You can simply select and combine these boxes to achieve your complete application stack.

"The underlying configuration of software or processes are managed through boxes. Define boxes once but reuse them multiple times across environments like dev, test, and production. Then share box configurations and instances to collaborate with others in the developer community. And go cloud-ready within minutes by deploying to any public, private, or hybrid provider you choose like AWS, Google Compute, or vSphere."
cloud  deployment 
june 2014
Aligning to Purpose (EDUCAUSE Review) | EDUCAUSE.edu
"Using the Purpose Alignment Model, we can categorize all of our projects, processes, business rules, features, and functions according to two factors: the extent to which they will create market differentiation for us, and the extent to which they are mission-critical for us."
management 
may 2014
Perspectives - Air Traffic Control System Failure & Complex System Testing
"The lessons here are at least twofold. First, as complex systems age, the environmental conditions under which they operate change dramatically. Workload typically goes up, workload mix changes over time, and there will be software changes made over time some of which will change the bounds of what system can reliably handle. Knowing this, we must always be retesting production systems with current workload mixes and we must probe the bounds well beyond any reasonable production workload. ...

"The second lesson is that rare events will happen. ... We need to expect that complex systems will face unexpected environmental conditions and look hard for some form degraded operations mode. Failure fault containment zones should be made as small as possible, we want to look for ways to deliver the system such that some features may fail while others continue to operate."
reliability  testing 
may 2014
Wide Fast SATA: the Recipe for Hot Performance - High Scalability -
"This blog post will tell you exactly how to build a multi-terabyte high throughput datacenter server."
database  performance  servers 
may 2014
QoS Doesn't Work | Beyond Bandwidth
"We’ve modelled this many times over the years and in most cases for the majority of traffic profiles it is always more cost effective to simply add bandwidth than try and implement a QoS technology."
network 
may 2014
You Might Not Need jQuery
"Some developers believe that jQuery is protecting us from a great demon of browser incompatibility when, in truth, post-IE8, browsers are pretty easy to deal with on their own."
development  javascript 
may 2014
VD-aye vs VD-why: A welcome review | A Collection of Bromides on Infrastructure
"The client computing world is undergoing massive change at present. Use RDS to deliver server hosted Windows apps where necessary. Let Microsoft manage Windows updates wherever possible (they do an awesome job, it’s time you got out of the way). Finally, the industry’s most important security advances over the last 10 years are due to Microsoft. Windows 8 is 20x more secure than Windows XP. By the time you stand up a VDI farm the world will have moved on – a lot – and you’ll be further mired in expensive legacy computing approaches."
desktop  VDI 
april 2014
Fourteen game-changing enterprise products for 2014 | Page 3 | ZDNet
"Positioned as the leading challenger in Gartner's latest Magic Quadrant for business intelligence, Birst has been on a roll lately. As it has evolved and refined its offering in the last year, it's now threatening the top players in the space. Birst uses a cloud approach to BI that takes enterprise data from many sources and provides easy to use tools that create an integrated picture and make it understandable. It is particularly adept at managing highly fragmented data sources while keeping service delivery costs manageable."
cloud  analytics 
april 2014
« earlier      
3d academic access_to_information adsb alerting analysis analytics antivirus applications architecture astronomy audit authentication automation backup benchmark big_data calendar change chat classroom cloud collaboration colour communications compiler components compromise conferencing connections content_management continuity contract cooling copyright crm cryptography customer cyberinfrastructure data_centre data_collection data_management data_warehouse database dates debugging deployment design desktop development diagram disaster_planning disaster_recovery dns dojo e-content economy email emergency emr encryption experience failure file_sharing forecast forensics fraud future governance government grammar graphics green harassment healthcare helpdesk history hosting hpc html5 http://martinfowler.com/bliki/immutableserver.html humanities iclass ideation identity information insurance integration interaction internet ios iphone ipv6 itsm java javascript json knowledge lan languages law linux lisp machine_learning macintosh management manuals mdm memory messaging mobile modelling monitoring network no_tag office online_courses open_access opensource operations oracle organization osx outsourcing pandemic parser password patriot pc_tools pci peoplesoft performance photo php physics portal power presentation preservation privacy process processor programming projects providers proximity publishing python queen's ransomware reliability research resilience responsive risk_assessment saas san scalability sdr security servers social society software solaris spam ssl st storage strategy sun tape teaching team telephony television testing textbooks time training trends typography unified_communications university unix vdi verification videoconference virtualization visualization wdm weather web website windows wireless work world writing

Copy this bookmark:



description:


tags: