Sunday, April 26, 2015

The Cloudcast The ContainerPocalyse Ahead [feedly]



----
The Cloudcast The ContainerPocalyse Ahead
// The Cloudcast (.NET)

Aaron and Brian announce a new partnership of O'Reilly Media! To kick things off The Cloudcast and O'Reilly have one free pass to O'Reilly Velocity to give away! Other great offers coming soon. Contest details:
Interested in Cloud Foundry Summit? We have a code for that as well! Use CFSCAST for 25% off!
Topic 1 - What have you been up to lately?

Topic 2 - Most interesting feedback you've gotten since we pivoted the focus of the show?

Topic 3 - What's been the most interesting announcements, acquisitions, VC funding for you so far in 2015?
  • AWS Earnings Announcement 
  • Nebula goes out of business 
  • Commercialized Kubernetes and Mesos (Mesosphere, Kismatic, CoreOS) 
  • Docker's Round D funding 
  • VMware's Container Announcement 
  • Infrastructure funding levels vs. Software funding levels 
  • Interesting Moves by Microsoft (Containers, Linux on Azure, etc.) 
Topic 4 - What's been the most confusing or surprising announcement or move?

Topic 5 - We usually do end-of-year predictions, but stuff is moving so fast, maybe we should throw out 1 or 2 for the next 3-6 months?

Music Credit:Nine Inch Nails (nin.com)

----

Shared via my feedly reader


Sent from my iPhone

Saturday, April 25, 2015

A Malicious Word Document Inside a PDF Document, (Sat, Apr 25th) [feedly]



Sent from my iPhone

Daily Hacker News for 2015-04-24 [feedly]



----
Daily Hacker News for 2015-04-24
// Hacker News Daily

The 10 highest-rated articles on Hacker News on April 24, 2015 which have not appeared on any previous Hacker News Daily are:


----

Shared via my feedly reader


Sent from my iPhone

Azure PowerShell 101 - Managing (and debugging) Azure WebSites | Azure Friday [feedly]



----
Azure PowerShell 101 - Managing (and debugging) Azure WebSites | Azure Friday
// Channel 9

In this special episode of Azure Friday, a demo goes bad and WE KEEP ROLLING. We want you to learn as we learn. When a deployment fails, Scott and Guang step out of the demo and do some debugging and learn interesting things about Azure, Azure Websites, Git, and PowerShell.

Also, much respect and a big shout out to Guang Yang who was a great sport for letting us share this teachable moment for us all!


----

Shared via my feedly reader


Sent from my iPhone

PowerShell basics for managing Office 365 and the space race | The Garage Series for Office 365 [feedly]



----
PowerShell basics for managing Office 365 and the space race | The Garage Series for Office 365
// Channel 9

On this week's show Jeremy Chapman is joined by scripting guy, Greg Stemp, to introduce PowerShell for managing Office 365. Jeremy and Greg explain when PowerShell makes sense compared to the user interface and describe the basics of how PowerShell works. Then Jeremy puts PowerShell to the test at NASA in Houston by attempting to add 150 users into Office 365 within the 8 minutes it would take the space shuttle to reach orbit when it was in service.

Stay up to date with the latest shows at office.com/mechanics

Download the Windows Phone app or the Windows 8 app

Follow @OfficeMechanics on twitter


----

Shared via my feedly reader


Sent from my iPhone

30 Things to Do After Minimal RHEL/CentOS 7 Installation [feedly]



----
30 Things to Do After Minimal RHEL/CentOS 7 Installation
// Tecmint: Linux Howtos, Tutorials & Guides » CentOS

CentOS is a Industry Standard Linux Distribution which is a derivative of RedHat Enterprise Linux. You may start using the OS as soon as you install it, but to make the most out of...
----

Shared via my feedly reader


Sent from my iPhone

CloudStack Day Austin Video: Operating CloudStack – Sharing my Tool Box [feedly]



----
CloudStack Day Austin Video: Operating CloudStack – Sharing my Tool Box
// Remi Bergsma's blog

Watch my talk "Operating CloudStack – Sharing my Tool Box" that I presented at CloudStack Day Austin, on April 16th 2015. The talk was originally written for ApacheCon North America and I presented it there a few days earlier. It was great to be able to do the talk again and reach an even bigger […]
----

Shared via my feedly reader


Sent from my iPhone

A Decade of Innovation [feedly]



----
A Decade of Innovation
// Citrix Blogs

Eileen D'Ippolito helped create the Citrix Innovation Award to recognize visionary IT organizations. She looks back at 10 years of inspiration…

----

Shared via my feedly reader


Sent from my iPhone

Americas Channel Recognizes Outstanding SEs [feedly]



----
Americas Channel Recognizes Outstanding SEs
// Citrix Blogs

Citrix Americas Channel recently announced their 2014 SE of the Year Award winner in each Area. These individuals are recognized in for going above and beyond to provide excellent pre-sales and post-sales technical support. The trophies were awarded to: Award Winner Company 2014 Northeast Channel SE Keith Morgan Presidio 2014 Southeast Channel SE Patrick Coble LPS 2014 Central Channel SE Adam Gamble Sigma 2014 West…

Read More


----

Shared via my feedly reader


Sent from my iPhone

Summarising the Optimisation Options for Lync 2013 [feedly]



----
Summarising the Optimisation Options for Lync 2013
// Citrix Blogs

A lot of content has been published about Lync optimisation recently. In this blog I have tried to collect it all together and present in a form that makes sense so as to help to deploy this product successfully.

----

Shared via my feedly reader


Sent from my iPhone

Citrix Insight Services at Synergy Orlando [feedly]



----
Citrix Insight Services at Synergy Orlando
// Citrix Blogs

Citrix Synergy 2015 in Orlando is setting up to be one of the biggest and best events we've ever had.  There are numerous opportunities to learn and network with a jam-packed agenda of items.  The event is just weeks away, so be sure to visit http://www.citrixsynergy.com/ and register as soon as possible, if you haven't already done so. Here on the Citrix Insight Services Team,…

Read More


----

Shared via my feedly reader


Sent from my iPhone

Best Practices for Securing Your Citrix Remote Access Against Hacker Intrusion [feedly]



----
Best Practices for Securing Your Citrix Remote Access Against Hacker Intrusion
// Citrix Blogs

Are You Protecting Your Citrix Remote Access With Just a Password? A username and password are no longer enough to authenticate your users. Weak or stolen user credentials are the preferred weapons used by hackers, and are behind approximately 76 percent of all network intrusions. Hardware token-based solutions are no longer enough to protect against modern threats and are too expensive and cumbersome for IT…

Read More


----

Shared via my feedly reader


Sent from my iPhone

Monitoring Citrix Mobile Workspace Solution with System Center [feedly]



----
Monitoring Citrix Mobile Workspace Solution with System Center
// Citrix Blogs

Introducing Citrix into an organization significantly impacts the way it is going to deliver applications, desktops, and enable workforce mobility. Therefore, the decision-making process very often requires Citrix to integrate well with organization's IT operations strategy and answer questions such as: "How do we integrate Citrix with our standard IT processes and tools?", "Are we going to be able to run Citrix cost effectively?", and "How…

Read More


----

Shared via my feedly reader


Sent from my iPhone

How Citrix Partner Convergence Bonds with Customers at Synergy [feedly]



----
How Citrix Partner Convergence Bonds with Customers at Synergy
// Citrix Blogs

Citrix Synergy, May 12-14 in Orlando, Florida, is ideal for partners to learn about key market opportunities primed for mobility transformation, engage with customers in vertical markets that offer tremendous profit potential and offers an invaluable opportunity to hear directly from customers about their business and IT needs. Many of our partners attend Synergy. Among them is Convergence Technology Consulting, who never misses a Citrix…

Read More


----

Shared via my feedly reader


Sent from my iPhone

7 Things You Might Not Know About ShareFile [feedly]



----
7 Things You Might Not Know About ShareFile
// Citrix Blogs

Most people know Citrix for its enterprise-grade virtualization, communication and mobility technology. But Citrix also offers a breadth of products for small-to-medium sized businesses (SMB) – now including Encrypted Email. A great example of this is Citrix ShareFile, a product that addresses file sync and share needs for businesses of every size. Now, you might be saying, "Well, sure, I know about ShareFile. What's exciting…

Read More


----

Shared via my feedly reader


Sent from my iPhone

CloudBridge Virtual WAN Solution for “Always On” Availability and Up to 80% Lower WAN Costs [feedly]



----
CloudBridge Virtual WAN Solution for "Always On" Availability and Up to 80% Lower WAN Costs
// Citrix Blogs

CloudBridge products have long been the go-to solution for WAN optimization. Building on that heritage, the CloudBridge team is unveiling a new WAN virtualization offering that makes mobile work even more reliable and cost-effective. The new CloudBridge Virtual WAN solution allows enterprises to create one logical WAN network by bonding together multiple network services and optimizing the use of each path. This technology allows enterprises…

Read More


----

Shared via my feedly reader


Sent from my iPhone

Friday, April 24, 2015

Why Unikernels Can Improve Internet Security [feedly]



----
Why Unikernels Can Improve Internet Security
// Xen Project Blog

This is a reprint of a 3-part unikernel series published on Linux.com. In this post, Xen Project Advisory Board Chairman Lars Kurth explains how unikernels address security and allow for the careful management of particularly critical portions of an organization's data and processing needs. (See part one, 7 Unikernel Projects to Take On Docker in 2015.)

Many industries are rapidly moving toward networked, scale-out designs with new and varying workloads and data types. Yet, pick any industry — retail, banking, health care, social networking or entertainment — and you'll find security risks and vulnerabilities are highly problematic, costly and dangerous.

Adam Wick, creator of the The Haskell Lightweight Virtual Machine (HaLVM) and a research lead at Galois Inc., which counts the U.S. Department of Defense and DARPA as clients, says 2015 is already turning out to be a break-out year for security.

"Cloud computing has been a hot topic for several years now, and we've seen a wealth of projects and technologies that take advantage of the flexibility the cloud offers," said Wick. "At the same time though, we've seen record-breaking security breach after record-breaking security breach."

The names are more evocative and well-known thanks to online news and social media, but low-level bugs have always plagued network services, Wick said. So, why is security more important today than ever before?

Improving Security

The creator of MirageOS, Anil Madhavapeddy, says it's "simply irresponsible to continue to knowingly provision code that is potentially unsafe, and especially so as we head into a year full of promise about smart cities and ubiquitous Internet of Things. We wouldn't build a bridge on top of quicksand, and should treat our online infrastructure with the same level of respect and attention as we give our physical structures."

In the hopes of improving security, performance and scalability, there's a flurry of interesting work taking place around blocking out functionality into containers and lighter-weight unikernel alternatives. Galois, which specializes in R&D for new technologies, says enterprises are increasingly interested in the ability to cleanly separate functionality to limit the effect of a breach to just the component affected, rather than infecting the whole system.

For next-generation clouds and in-house clouds, unikernels make it possible to run thousands of small VMs per host. Galois, for example, uses this capability in their CyberChaff project, which uses minimal VMs to improve intrusion detection on sensitive networks, while others have used similar mechanisms to save considerable cost in hardware, electricity, and cooling; all while reducing the attack surface exposed to malicious hackers. These are welcome developments for anyone concerned with system and network security and help to explain why traditional hypervisors will remain relevant for a wide range of customers well into the future.

Madhavapeddy goes as far to say that certain unikernel architectures would have directly tackled last year's Heartbleed and Shellshock bugs.

"For example, end-to-end memory safety prevents Heartbleed-style attacks in MirageOS and the HaLVM. And an emphasis on compile-time specialization eliminates complex runtime code such as Unix shells from the images that are deployed onto the cloud," he said.

The MirageOS team has also put their stack to the test by releasing a "Bitcoin pinata," which is a unikernel that guards a collection of Bitcoins.  The Bitcoins can only be claimed by breaking through the unikernel security (for example, by compromising the SSL/TLS stack) and then moving the coins.  If the Bitcoins are indeed transferred away, then the public transaction record will reflect that there is a security hole to be fixed.  The contest has been running since February 2015 and the Bitcoins have not yet been taken.

PIÑATA

Linux container vs. unikernel security

Linux, as well as Linux containers and Docker images, rely on a fairly heavyweight core OS to provide critical services. Because of this, a vulnerability in the Linux kernel affects every Linux container, Wick said. Instead, using an approach similar to a la carte menus, unikernels only include the minimal functionality and systems needed to run an application or service, all of which makes writing an exploit to attack them much more difficult.

Cloudius Systems, which is running a private beta of OSv, which it tags as the operating system for the cloud, recognizes that progress is being made on this front.

"Rocket is indeed an improvement over Docker, but containers aren't a multi-tenant solution by design," said CEO Dor Laor. "No matter how many SELinux Linux policies you throw on containers, the attack surface will still span all aspects of the kernel."

Martin Lucina, who is working on the Rump Kernel software stack, which enables running existing unmodified POSIX software without an operating system on various platforms, including bare metal embedded systems and unikernels on Xen, explains that unikernels running on the Xen Project hypervisor benefit from the strong isolation guarantees of hardware virtualization and a trusted computing base that is orders of magnitude smaller than that of container technologies.

"There is no shell, you cannot exec() a new process, and in some cases you don't even need to include a full TCP stack. So there is very little exploit code can do to gain a permanent foothold in the system," Lucina said.

The key takeaway for organizations worried about security is that they should treat their infrastructure in a less monolithic way. Unikernels allow for the careful management of particularly critical portions of an organization's data and processing needs. While it does take some extra work, it's getting easier every day as more developers work on solving challenges with orchestration, logging and monitoring. This means unikernels are coming of age just as many developers are getting serious about security as they begin to build scale-out, distributed systems.

For those interested in learning more about unikernels, the entire series is available as a white paper titled "The Next Generation Cloud: The Rise of the Unikernel."

Read part 1: 7 Unikernel Projects to Take On Docker in 2015


----

Shared via my feedly reader


Sent from my iPhone

RSA Conference Survey: Which Security Solutions Made the Grade? [feedly]



----
RSA Conference Survey: Which Security Solutions Made the Grade?
// A Collection of Bromides on Infrastructure

This week at the RSA Conference, I had the opportunity to talk with dozens upon dozens (more than 100) of information security professionals for Bromium's "State of Security Report Card," a survey of opinions about popular security solutions. It may seem obvious (especially if you read the headlines), but the survey revealed that firewalls and antivirus are failing to prevent attacks.

RSAC

The results of this survey serve as yet another proof point in a long line of data about the shortcoming of legacy security solutions. Even if you cling to the belief that AV is not dead, RSA conference attendees seem to be aware that these solutions are failing.

Specific findings from the "State of Security Report Card" include:

  • Organizations have room for improvement in prioritizing security – Bromium asked RSA conference attendees to grade their organization on its ability to prioritize security by allocating the resources it requires, but only eight percent of respondents gave their organization an A. Forty-two percent of respondents gave their organization a B, thirty-two percent of respondents gave their organization a C and 18 percent of respondents gave their organization a D. Interestingly, no respondents were willing to give their organization a failing grade.
  • Firewalls and Antivirus are failing to prevent attacks – Bromium asked RSA conference attendees to grade a variety of security solutions on their ability to prevent attacks and address the priorities set by their CISO, but only firewall and anti-virus received any failing grades. Twenty percent of respondents gave firewalls a failing grade and 25 percent of respondents gave antivirus a failing grade. Among the most popular responses, 42 percent of respondents gave firewalls a B and 36 percent of respondents gave antivirus a C.
  • Next-generation solutions are performing above average – Next-generation firewalls, network sandboxes, endpoint isolation, host monitoring and threat intelligence solutions all performed well. None of these solutions were given a failing grade by any respondents. Among the most popular responses, 58 percent gave next-generation firewalls a B (17 percent gave it an A), 54 percent gave advanced threat protection/network sandboxes a B (20 percent gave it an A), 64 percent gave endpoint isolation/sandboxing/host monitoring a B (17 percent gave it an A) and 44 percent gave threat intelligence a B (17 percent gave it an A)
  • Information Sharing Initiatives Show Promise; Face Hurdles – Bromium asked RSA conference attendees both if their organization would benefit from information sharing initiatives, such as those outlined in President Obama's Executive Order, as well if their organization would participate. The overwhelming majority (78 percent) said they would benefit from information sharing initiatives, but less than half (48 percent) said they would participate. There is clearly a disconnect in these results, which suggest that information security professionals are concerned about how information sharing initiatives will aggregate and anonymize their organization's data.


----

Shared via my feedly reader


Sent from my iPhone

Ontology, Infrastructure Classification, and the Design of Chef [feedly]



----
Ontology, Infrastructure Classification, and the Design of Chef
// Chef Blog

An example ontology specification. CC-Attribution-NoDerivs by gertcha on Flickr

An example ontology specification. CC-Attribution-NoDerivs by gertcha on Flickr

In philosophy, ontology is (as Wikipedia says) "the study of what entities exist or can be said to exist, and how such entities can be grouped, related within a hierarchy, and subdivided according to similarities and differences." Wikipedia goes on to say that ontology is often paired with taxonomy (the science of classification) in IT applications. Chef, however, was explicitly designed to not be an ontological system, in contrast to many other solutions on the market. Why is that? I'd like to take a few moments to explain the design thinking behind Chef — and why we feel that not being an ontology allows us to be the most flexible and extensible automation platform.

One of the principles of good software design is to provide just enough abstraction to make reasoning about things easier. Too little abstraction, and a developer is always down in the weeds. Too much, and you are shoulders-deep in frameworks that bear no resemblance to earthly objects and are impossible to reason about. One can regard the C language as striking the right balance for developers writing code to interface with hardware. It gets them close enough to physical entities (memory, processors, CPU registers) without forcing them to write assembly language, but also without introducing unnecessary concepts for this problem domain like object-orientation. Perhaps this is why C++ has not been as successful in this space.

From Chef's inception we have also tried very hard to strike a balance. Because Chef is a thin DSL (domain-specific-language) on top of Ruby, we're able to provide the same user experience that a restrictive ontological framework would give you: namely, a built-in taxonomy of all the basic resources one might configure on a system, plus a defined mechanism to extend that taxonomy. But there's no possible way that the developers of Chef can possibly anticipate a priori what resources you're going to want to configure in the future. Thus, the full power of the Ruby language is available to you. It is for these reasons that Ruby was explicitly chosen as an implementation language, because it provides flexibility to operate in both modes. Other languages do not (much as we love Perl).

This leads me to reflect on the phrase "infrastructure as code" and what the definition of "code" is in this context. I see this term being thrown around by many people to describe their solutions. Not all purported "infrastructure as code" solutions are actually that. Actual program code has certain useful properties. Chief among them are easy composition, extension, introspection, and most important, testability: the ability to formally instantiate mock objects and examine the behavior of them in a test context. This is distinct from infrastructure as a ontological document, like JSON or YAML. A grammar with control flows or variable substitution does not make infrastructure as code. It is this property of Chef as being real code that has fueled the fast growth of a testing ecosystem around it. Tools like ChefSpec and Foodcritic could not exist otherwise.

Introspection and composition also allow us to extend Chef into problem domains that didn't exist when Chef was first written: for example, containers, fleet management, or compliance. Clever engineers are able to extend Chef in a fully-supported way to managing entire fleets of machine using a toolkit like Chef Provisioning, and indeed are able to pull off tricks like addressing Chef within Chef (see the Cheffish library and the experimental resource cookbook). Conceptually, you could even extend the Chef DSL to express any policy in Chef: to grant user X access to certain GitHub repos, to put them into certain Active Directory Groups, even to request that the HR system mark them as an active employee on their first day and to set their weekly pay! All that code is just waiting to be written.

Ever since I first encountered CORBA in college, I've been extremely wary of ontology-based solutions. I am particularly unnerved by giant committees like OASIS who are trying to create ontologies to define all of cloud computing using XML. The world changes too quickly to convene subcommittees in order to figure out how to represent new innovations like Joyent's Triton or Amazon Lambda in a timely way, to say nothing of the complexity of trying to document the world using XSDs. Have we learned nothing from the web innovators' migration away from XML/SOAP and the rise of RESTful web services over HTTP exchanging simple, JSON payloads?

Ultimately, we believe Chef is the best automation platform because of its infinite flexibility and extensibility, and yes, explicit rejection of ontological design. We cannot possibly anticipate what systems or technologies customers will want to manage in the future, and besides, why should we be the experts? Our users, the domain experts about those things, should be the ones having a say in how they are configured. We merely bring the toolkit to the table, and in the words of the great Larry Wall, "there's more than one way to do it".

In another article, I'll talk about how the extensibility of Chef can be used to solve problems seemingly unrelated to traditional configuration management like security and compliance. Meanwhile, for more information on the shortcomings of ontologies, I invite you to read David Weinberger's book, "Everything is Miscellaneous: The Power of the New Digital Disorder".


----

Shared via my feedly reader


Sent from my iPhone

Wednesday, April 22, 2015

A Proclamation for the Apache Software Foundation [feedly]



----
A Proclamation for the Apache Software Foundation
// MS Open Tech

ASF City of Austin ProclomationLast week was ApacheCon, the official conference of the Apache Software Foundation. Here are my takeaways from the event.

First off, we should all sing happy birthday, twice. It is the 15th anniversary of the foundation itself and 20th anniversary of the Apache Web Server project, which started it all. In celebration of these anniversaries, the City of Austin Mayor Steve Adler proclaimed April 13-16 as Apache Software Days. I had the honor of reading this proclamation (pictured right) during my "State of the Feather" plenary.

The foundations longevity is evidence that the collaborative development model known as the Apache Way provides immense value to the IT industry as a whole. The Apache Way seeks to ensure that Apache projects are managed for the public good rather than any sub-set of the public. I am immensely proud of my small part in the Apache Software Foundation. More importantly, I applaud all those who have contributed to an Apache project over the last 20 years. Those contributors make the Apache Software Foundation and its projects successful.

ApacheCon US 2015 (Keynotes)It was wonderful to hear a keynote from one of the founders of the foundations, Brian Behlendorf. His talkwas titled "What's Still Awesome About The ASF And Where It Needs To Go From Here" and explored how the initial the Apache Group found their practical process of "rough consensus and running code" through a strong collaborative community resulted in the natural emergence of good code. This initial process became the Apache Way, which all Apache projects adopt today. You can watch a video on YouTube.

Other keynotes of note came from Gina Likins ("How to Thoroughly Insult and Offend People in Your Open Source Communities"), Jay Schmelzer ("20 Years of Valuable Lessons for the World") and Andy Terral ("The Communities of Data Science: An Outsider's Viewpoint"). All keynote videos are available on YouTube, each is just a 30 minute session and each is well worth your time.

It is worth highlighting the Jay Schmelzer keynote in particular since Jay is a Microsoft colleague. His session looked at the value the ASF has brought to the IT industry as a whole and, more specifically, how it has influenced the creation of the .Net Foundation. It was great to hear how the tried and tested Apache approach to open source community development is at the heart of the .Net Foundation.

There were a number of sessions from myself and my Microsoft colleagues. I discussed the idea of using Virtual Machines (or Containers) to help with community development in open source projects. I'll post on this topic later this week. A couple of my Microsoft colleagues also presented, Eric Mittelette discussed "Cordova: Are Universal Apps Enough?" which looked at how the Microsoft concept of a Universal App applies in in a Cordova environment. Ivan Judson covered "Innovating on Big Data Analytics with the Community, the Enterprise Cloud, and the User" which looked at HD Insight on Linux, a Microsoft Big Data solution built on the Apache Hadoop family of projects.

In total there were more than 120 in-depth sessions across sixteen tracks that included Big Data, Business, Cloud, Containers, Content, Integration, Mobile, OFBiz/Open Source ERP, Science, and Security. Presentation slides, images, and conference recap are available on the conference website.

ApacheCon Austin US (Social)Naturally, there were also plenty of community focussed events. These included BarCamp Apache, numerous Hackathons, MeetUps and Birds of a Feather sessions together with the ever-popular Lightning Talks. Not to mention the many social opportunities this excellent event presents.

As you might imagine it is very hard to cover all 200+ Apache Projects at the conference. As a result there are an increasing number of co-located events that use the same space but are hosted in the days following ApacheCon. These tend to focus on specific Apache projects. This time around these included CloudStack Days, Ignite Training Session, Spark Forum, and Traffic Server Summit.

As ever ApacheCon was a fantastic event. The range of technologies covered is amazing and the quality of talks is exceptionally high. I am already looking forward to the next one in Budapest, Sept 28 – Oct 1 (The CFP opens soon).


----

Shared via my feedly reader


Sent from my iPhone