Ernest Mueller has posted a list of upcoming Austin Tech events here: http://theagileadmin.com/2015/02/27/awesome-upcoming-austin-techie-events/
Since Wednesday’s powerball lottery drawing is at a staggering $485 million I would not blame even the most rational readers of this blog to be tempted. It is also a great opportunity for me to pass along some information that may save you from being a victim.
Let me use myself as the example. I’ve noted myself not always 1) getting 2) checking receipts from convenience store runs. If this resembles your experience ask yourself; would you notice if you were overcharged a dollar or two?
Here is the issue. Unscrupulous convenience store clerks are betting you simply decline a receipt or don’t closely check the one you receive. Seems that they are skimming small amounts from customers to support their own lottery habits.
Obviously the vast majority of convenience store workers are not stealing from you but it does highlight the fact that you should at least 1) get a receipt 2) check it.
Log management is hard. Always has been, always will be. Good to know that there are bright folks like Mr. Fulton and his team over at @swipley that get it. (and share!)
Technically –| Rsyslog –> Logstash –> to –> S3 and Sumologic
Tactically –| “Engineers at Swipely start weekly tactical meetings by reporting trailing seven day metrics. For example: features shipped, slowest requests, error rates, analytics pipeline durations. These indicators help guide and prioritize discussion. Although many of these metrics are from different sources, we like to see them together in one dashboard. With
sumo-search and the Search Job API, we can turn any number from a log query into a dashboard widget in a couple lines of Ruby.”
Read his post via the @Sumologic blog here.
Key Takeaways: CoreOS and Docker will fundamentally change the way SaaS companies deliver software. CoreOS and Docker used together provide a compelling package by combining an “operating system as a service” and an application container to run applications in isolation from the operating system. Security professionals should know that the introduction of these technologies will mitigate some traditional risks while creating others.
CoreOS in particular is interesting in the way that it handles operating system updates and patches using an active/passive partition scheme. More information here.
The ability to sanely roll operating system updates into deployment lifecycle will solve a major pain point for SaaS operations. The dirty little secret that is while many agile shops are starting to push code out “continuously”, operating systems are often left either untouched or unpatched.
CoreOS will help make “infrastructure as code” less buzzword and more reality in the not too distant future.
Needed to give LinkedIn props for adding a few security features:
- The ability to managed logged in sessions.
- The ability to export “your” data.
- More email notifications when account details change including date, time, browser, operating system, and “approximate physical location”
Their official announcement about these changes is here:
Balance this by the fact that LinkedIn’s API policy is negatively affecting CRM companies and more importantly the small businesses that depend on them.
Here is a good rollup of the issue by @bradmccarty over at Full Contact
No word as to how their new Sales Navigator product has influenced their API lockdown tactics but that still unrealized/released product looks to be positioned for medium to large business.
Sacrificing innovation for corporate gain is nothing new, just disappointing that he new product won’t be relevant to small businesses, particularly entrepreneurs and innovators…
Raising kids is the best mirror in the world. Every flaw, imperfection and blemish in your makeup is ultimately revealed.
— Stuart Clark
The only benefit of heading west in Texas near sundown…
Intuitively I knew it made a difference. The “why” of why infosec pros get up in the morning and “do what we do”.
Many times working “security” we get consumed by the fires of the day and forget (or refuse) to take time to recognize why we ultimately subject ourselves to the pain around solving the very complex and serious security issues of the day.
Recognizing in a very tangible way that my mindset/philosophy is ultimately responsible for my successes and failures has had a profound positive impact on my life. I review my work philosophy often. I recognize that it is not perfect or permanent. I use it as a defense and as inspiration.
Stuart’s Work Philosophy
“I believe in the positive transformation of the world through the creation and application of new technologies. I work because I make a positive difference in the world by applying top down, leadership led, security solutions that enable leaders and their people the freedom to innovate in the face the many security roadblocks and unrealized risks that exist today.”
Jeff Olson in his book “The Slight Edge” states: “Your philosophy CREATES your ATTITUDE, your ACTIONS, your RESULTS, which create your LIFE.”
Create your own philosophy using these simple steps:
- Write down “why” you do what you do professionally.
- Map the “why” to your larger life and overall goals, plans and dreams.
- Review it often.