Written by: Matt Yonchak  If you’ve read our newsletters before, we’ve talked about securing things from networks to web apps and hopefully have given some perspective and tips for how to do so. Recently a colleague (Rick Deacon) of mine gave a talk here at our office about what the proper mindset for a security professional should be. It got me thinking about how to develop that way of thinking and approach to my work. I think it comes down to four ideas and when you put them together it really helps you understand where we need to be and sometimes where we fall short. None of these things on their own necessarily equal security but if you keep them in mind as you work I think it enables us to better secure the networks and information we’re tasked with keeping safe. 1 – Awareness   When I say awareness, I’m referring to an in-depth knowledge and understanding of y... (more)

Commercial Add Ons to Open Source Software: aheadWorks and Magento

Here’s an open source business model that’s creeping up on us:  Selling add-ons to open source  software.    For under $100, you can buy predesigned themes, reports, and feature enhancements for a number of open source projects, including WordPress, Joomla!, and Magento.   Is there a viable business here? To find out, I recently chatted with Eugene Popovsky, one of the owners of aheadWorks, which makes several of the most popular Magento add-ons. Here’s what he told me: What made you decide to create these add-on modules for Magento? We have a great experience in ecommerce as we’ve have been working ecommerce systems since 2003. One year ago, we decided to extend our business with one more ecommerce system and considered Magento mainly because of three advantages: modern, free and very promising. What are the technical strengths and weaknesses in Magento for developer... (more)

Cloudy Xmas cards and new year’s predictions

At the end of the year - and in this case the end of a decade - I thought it made sense to look back at what has been and try and predict what may be. Many already have named 2010 the year of Cloud Computing, so I decided to call on Google Trends to put this into a little perspective. Below you see the results, I expect you may be as (pleasantly) surprised as I was. As I personally spend the last decade dabbling in Service Oriented Architectures (SOA), Service Management (ITIL) and Project and Portfolio Management (PPM) I used these as anchor points for this perspective. In addition I decided to include Cloud Computing's slightly more mature nephew (SaaS) also in to the fold.  The epiphany for me personally was that it explained why I had found it so hard to choose between SOA, PPM and ITIL (design, build and run). But enough about me. The rise of Cloud Computing’s fr... (more)

Tip: Reducing the size of a Linux VMware image

Here's a handy tip I'm blogging for reference. You can make a Linux VMware image zip smaller by zero-ing out unused space and then running the "Compact" utility in VMware. The command to zero-out the space is: sudo dd if=/dev/zero of=/home/user/wipe.file rm wipe.file ... (more)

The Framework Coder on the Tractor

My previous post “The Degradation of Java Developers” sparked several interesting discussions. One of the major topics was if today’s developer has to know what’s going on under the hood of a particular framework. To be more specific, if Hibernate, a popular object-relational framework, can hide from your how the database objects are being created or manipulated, why learn SQL? One reader stated, “First of all, Hibernate (JPA, actually) is a step forward since it reduces most of the boilerplate SQL of the obvious kind. In applications with around 100 tables in the SQL database it is not challenging to explicitly write data access objects by hand.” I can agree with this to some extent, especially when we talk about such mature and stable framework as Hibernate. But this framework was created to spare the programmer from writing tons of mandane SQL and JDBC code. Hib... (more)

Coverity Venture With U.S. Department of Homeland Security Resolves Quality Issues and Potential Security Vulnerabilities in 11 Major Open-Source Projects

SAN FRANCISCO, Jan. 9 /PRNewswire/ -- Coverity, Inc., the leader in improving software quality and security, today announced that as a result of its contract with U.S. Department of Homeland Security (DHS), potential security and quality defects in 11 popular open source software projects were identified and fixed. The 11 projects are Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL. All of these projects eliminated multiple classes of potential security vulnerabilities and quality defects from their code at the Coverity Scan site (http://www.scan.coverity.com/). Because of their efforts to proactively ensure application integrity and security, organizations and consumers can now select these open source applications with even greater confidence. "Addressing security concerns will require a concerted effort on the part of the enti... (more)

Core Security Extends IMPACT Product Line to Address Universal Demand for Comprehensive Security Testing

Core Security Technologies today announced a major milestone in its corporate and product strategy, positioning its proactive vulnerability management solutions to best serve the growing demand for security testing across the full range of organizational models and enterprise computing environments. To give users the greatest breadth and depth of testing options, Core Security has diversified its product line by introducing CORE IMPACT Essential. As part of this extension of its software solutions, Core is also announcing version 7.6 of its flagship product henceforth to be known as CORE IMPACT Pro, which will be delivered in September. Collectively, the two products will now support a comprehensive set of enterprises and computing environments, delivering on the need for organizations to proactively expose vulnerabilities, measure operational risk and gain visibil... (more)

Ingres Open Source Solutions Help Slash Costs for Department of Education and Training in Western Australia

Ingres Corporation, the leading open source database management company and pioneer of the New Economics of IT, announced today that The Department of Education and Training in Western Australia (WA DET) is harnessing the power of Ingres Database to build a range of complex applications to manage administrative activities and programs delivered by 11 colleges and 8,000 staff throughout the state. The systems also collectively manage in excess of 1 million student records, with 120,000 students processed through the state’s training systems annually. WA DET wanted a reliable and secure solution that would scale with large peak volumes. Database and application servers from across the state are now centralized into a single data center with five physical servers running 11 Ingres databases and 31 supporting server instances. WA DET consolidated its back-end computing... (more)

SGI® stellt bei Benchmarks der Standard Performance Evaluation Corporation (SPEC) Weltrekorde auf

Das Unternehmen SGI® (NASDAQ: SGI) hat heute bekannt gegeben, dass die vom Doppelkernprozessor Intel® Itanium® 9040 (1,6 GHz) angetriebene Plattform SGI® Altix® 4700 am Leibniz-Rechenzentrum (LRZ) in Garching bei München bei drei Benchmarks der Standard Performance Evaluation Corporation (SPEC) Weltrekorde aufgestellt hat. Die Altix-Einrichtung im LRZ – eines von drei Hochleistungsrechenzentren in Deutschland mit einer der weltweit größten Altix-4700-Einrichtungen – wurde für die Bereitstellung von hoher Anwendungsleistung und hohen Speicherbandbreiten für wissenschaftliche Projekte und Simulationen optimiert. Benchmarking-Fachleute von SGI verwendeten einen Single-System-Image-Knoten (SSI) mit 1024 Itanium-Kernen, 4 TB Speicher und der Betriebskonfiguration SuSE Linux® Enterprise 10 von Novell und erreichten damit Rekordergebnisse bei folgenden drei SPEC-Benchmark... (more)

Causes Recruits Message Systems for Enhanced Messaging Capabilities

Message Systems, the premier provider of holistic, fast and flexible message management solutions, announced today that it has been selected by Causes, for its best-in-class deliverability, scalability and reliability. Headquartered in Berkeley, California, Causes empowers anyone with a good idea or passion for change to impact the world by mobilizing their network of friends to grow lasting social and political movements. Causes’ Facebook application was launched on May 25, 2007. Since then, the community has grown by more than 75 million people, and over $11 million has been donated to nonprofits through the application. Over 290,000 causes have been created by users on every topic from breast cancer research to stopping genocide to supporting local parks. Prior to implementing Message Systems, Causes had been using a popular MTA to deliver and process transaction... (more)

TigerLogic anuncia la disponibilidad general de Omnis Studio 5

IRVINE, California, September 22 /PRNewswire/ -- La compatibilidad con dispositivos basados en Microsoft(R) Windows Mobile(R) y la total compatibilidad con Unicode amplían la capacidad y flexibilidad del entorno de desarrollo de la aplicación Omnis Studio y se abren mercados totalmente nuevos para los desarrolladores de aplicaciones. TigerLogic Corporation (Nasdaq: TIGR) se complace anunciar la disponibilidad general de Omnis Studio 5, que introduce la revolucionaria solución Omnis Mobile Client, que permite a los desarrolladores crear aplicaciones para el creciente rango de dispositivos basados en Windows Mobile, como teléfonos inteligentes, PDA, PC tablet y otros dispositivos móviles. Las funciones de localización mejoradas y la total compatibilidad con Unicode ofrecen apoyo para miles de idiomas y una gran cantidad de notación científica, y permite a los desarroll... (more)