Tag Archives: advice

For Sale – 13″ MacBook Pro with Touch Bar (2019) – 128 GB SSD, Space Grey

Don’t be silly, if you don’t ask you don’t know

Thank you for the kind advice by the way. In truth you aren’t a million miles away from an offer I’d accept and I much prefer to sell here due to people like your good self. The forums are great.

The issue being postage and if I accept £800 then I’ll likely clear £775 something like that. If you can stretch to say £850-860 then I’d be happy to accept on the basis I clear closer to £800.

Still a massive loss on my part, but you would be getting an as new machine (really is immaculate). only 6 charge cycles. Plus the 3 year warranty which includes accidental damage, replacement guarantee etc. Quite comprehensive.

The difference between a 2017 model and this quad core model will also be noticeable. I believe a lot of the reviews will show just what a step up it is.

Either way, counter offer on the table should you be tempted.

Take care…

Go to Original Article
Author:

For Sale – 13″ MacBook Pro with Touch Bar (2019) – 128 GB SSD, Space Grey

Don’t be silly, if you don’t ask you don’t know

Thank you for the kind advice by the way. In truth you aren’t a million miles away from an offer I’d accept and I much prefer to sell here due to people like your good self. The forums are great.

The issue being postage and if I accept £800 then I’ll likely clear £775 something like that. If you can stretch to say £850-860 then I’d be happy to accept on the basis I clear closer to £800.

Still a massive loss on my part, but you would be getting an as new machine (really is immaculate). only 6 charge cycles. Plus the 3 year warranty which includes accidental damage, replacement guarantee etc. Quite comprehensive.

The difference between a 2017 model and this quad core model will also be noticeable. I believe a lot of the reviews will show just what a step up it is.

Either way, counter offer on the table should you be tempted.

Take care…

Go to Original Article
Author:

Harvard IT exec: Take these seven cyberattack prevention steps now

Rick Kamal prefaced a list of cybersecurity tips with some advice from the annals of history. Ancient history.

The CTO at Harvard Business School invoked Galen, the Greek physician of the second century. Galen served as the personal doctor to several Roman emperors, and his discoveries influenced medicine, physiology and anatomy for 1,500 years. His teaching about maintaining good health was simple: A little prevention goes a long way, Kamal explained to an audience of IT executives.

“Yes, you can treat an ailment, but the most powerful thing to do is have good hygiene and do the right things: Exercise, eat well, avoid intoxicants, have friends and family,” Kamal said at the Argyle 2017 Information Technology and Security Forum in Boston on Thursday. “And if you do something like that, your quality of life, instead of starting a steady decline after the age of 40, is pretty good till about your 80s — and then you get a sudden decline, and you’re dead.”

Through a burst of laughter, Kamal kept a straight face. The reality is, he said, most people don’t follow Galen’s common-sense advice on health. Similarly, organizations don’t take measures that are within their control to ensure better cybersecurity: Massive data breaches at Yahoo and credit-reporting agency Equifax and the covered-up hack at Uber a year ago were all preventable, Kamal said. He enumerated a list of cyberattack prevention tips that can help organizations eliminate most threats.

“There are a lot of products, a lot of solutions out there in the security space — I’m not saying don’t look at them,” he said. “Before you go for some nichey, interesting, shiny-penny solution, first address prevention. It will get you 99 out of 100 miles there.”

A little work, a lot of benefit

The first measure companies need to take to protect their data from malicious, prying eyes is “trivial,” Kamal said: Upgrade and patch your OS. So is the second, upgrade and patch your applications.

He recounted the reasons for this year’s Equifax data breach. The point of entry for hackers was Apache Struts, open source software for developing web applications. The Struts team uncovered the vulnerability, released a patch and advised users of the software to apply it. Equifax didn’t — and they aren’t alone in neglecting to follow such simple advice.

“I’m sure many of us may not be doing it on a very deliberate and diligent basis,” Kamal said. By upgrading and patching systems, “you’ve gotten rid of about 60% to 70% of vulnerabilities.”

Next, whitelist applications, Kamal advised — to make known the ones that should run on your servers. Many organizations install virus and malware detection software, and that’s good, Kamal said. But that’s a “blacklist approach”: A compromise is identified, quarantined and then deleted. Whitelisting is different.

“It’s where in the operating system you say, ‘This is my server — I only expect applications X, Y, Z to run and processes A, B and C to run,” Kamal said. “If anything else tries to run, it just can’t.”

Applying this approach, he said, would essentially head off every ransomware and malware attack possible.

Rick Kamal, CTO at Harvard Business School, speaks at the Argyle 2017 Information Technology and Security Forum in Boston on Thursday.
Rick Kamal, CTO at Harvard Business School, speaks at the Argyle 2017 Information Technology and Security Forum in Boston on Thursday.

Keep it complicated

Kamal then flashed what looked like a toddler’s jabber on a screen: “dadada.”

“That’s somebody’s password. Can you guess whose password that is? Any guesses?” Kamal asked. “Actually, it was Mark Zuckerberg.”

The Facebook co-founder and CEO coined the password after he became a father and used it on several social media sites, including Twitter and Pinterest, which were breached last year.

Lots of people less technically inclined than Zuckerberg use weak passwords. In fact, some of the top used passwords of 2016 were “123456,” “qwerty” and “111111,” according to an analysis done by password management company Keeper Security. And as Zuckerberg did, many people use the same passwords to unlock accounts on multiple sites, as an analysis of the 2014 Sony Pictures hack showed.

“Now think about this: Your employees, who are accessing your sensitive systems, are doing the same thing,” Kamal said.

Those practices allow for credential stuffing, a type of cyberattack that starts with a stolen username and password — think the Yahoo data breach of 3 billion email accounts. It unleashes bots on a slew of websites and tries to log in, testing thousands of combinations.

“They only have a 0.1% hit rate,” Kamal said. “But guess what? Point zero percent of a billion is a million.”

The moral of this story? Use strong passwords, Kamal said. And use password vaults, or password managers, software or services that generate, store and access hard-to-crack passwords. And IT leaders will bolster cybersecurity by encouraging the use of multifactor authentication, which requires users to provide several pieces of identifiable information to prove they have authorization for a site or service.

‘Common sense’

Then, encrypt your data, Kamal said — encode text that others may find and use into an unreadable format. A lot of the data made away with in the Equifax breach was either encrypted poorly or not encrypted at all. “And it was sensitive information,” he said.

All it takes is a simple configuration or a little bit of work to encrypt data, Kamal said. But if using encryption keys — bits of code designed to scramble and unscramble information — practice proper key management. “Do not put the keys right next to the data on the same server.”

And also encrypt your keys so if someone finds them, they can’t be put to use.

Finally, secure points of entry. Ports on servers that aren’t being used should be closed to prevent unwelcome visitors. Many don’t do it, Kamal said, citing a recent analysis that found more than 80% of major organizations have open ports, “which is like leaving windows and doors open for folks to come and start poking at you,” Kamal said.

Jeffrey Cunningham, director of enterprise architecture at Thomson Reuters in Boston, said following Kamal’s advice depends partly on the amount of technical debt an organization is dealing with. An example, Cunningham said, are legacy applications at companies that have grown through acquisition, as Thomson Reuters has.

“It’s more, How do you implement it? How much tech debt do you have that prevents you from doing those things?” Cunningham said. The advice itself, he noted, is common sense. “Everyone needs to be self-aware. I mean, you need to be aware of what you’re doing and not get yourself in trouble.”

Microservices messaging becomes a hot topic at API World

SAN JOSE, Calif. — The API World conference provided a good deal of advice and direction for those interested in taking their monolithic software architectures toward a more distributed, microservices-based architecture, particularly in regard to microservices messaging protocols.

Let’s look at some of the revelations and instructions provided to conference attendees related to microservices, including how to move beyond REST and some of the latest and greatest messaging protocols and architectures worth watching.

Moving beyond REST

There was buzz at API World 2017 about the use of REST as the standard messaging protocol for microservices. While REST has been popular, members of a panel session focused on the evolution of microservices messaging protocols suggested organizations are — and should be — ready to explore other options for messaging.

“People were not happy with RESTful APIs, because there is a pattern mismatch,” said panel member Fran Mendez, lead engineer at the London-based API support platform provider Hitch. “Even [with] web sockets, you need to have a great connection to make them match. That’s why people are looking at other options for event-driven.”

API World presentation

How Reactive can help

Mark Makary, CTO and president of Logic Keepers, a technology adviser company based in Frisco, Texas, spoke to conference attendees about the potential drawbacks of depending on a traditional blocking REST architecture for microservices and how moving to a Reactive nonblocking, event-based architecture may help.

“After people are going through the [microservices] journey, they run into problems where the system is not very responsive,” Makary explained. “We are getting used to apps getting very responsive, and this is part of the user experience.”

Makary explained there are three potential drawbacks on performance: I/O and database blocking, monoliths and performance management, and poor internal and external endpoint management. By moving toward a Reactive architecture, he said, organizations can make their applications more responsive, elastic, event-driven, asynchronous and nonblocking.

API World panel

Consider gRPC, Kafka and GraphQL

One suggestion was for people to start exploring gRPC, an open source remote procedure call system initially developed at Google. Varun Talwar, product management lead at Google, explained that since this protocol uses HTTP/2, it allows for what he called “a very polyglot way for people to communicate.”

“GRPC can help with streaming, client-side streaming, server-side streaming and getting messages back,” Talwar explained. “A lot of people in the REST world found that hard to do.”

The discussion also shifted toward a conversation about the use of Kafka, an open source stream-processing platform, mainly due to its fault-tolerant nature of delivering messages.

“You can ensure that [Kafka] is reliable on two or three brokers,” said Mike Sample, director of technology and principal developer at Hootsuite, a social media management platform provider in Vancouver, B.C. “They can store two or three partitions … it’s very robust.”

Panel members also touted the advantages of using GraphQL, a data query language developed internally by Facebook, as an alternative to REST architecture, particularly for distributed development teams.

“Organizations can have spread-out development teams … [GraphQL] can really help with that,” explained panel member Ryan Blain, CTO at Atlanta-based Arvata.io. “It has to be thought of as an API gateway, and that gateway can reach out to different services.” Blain warned, however, that tooling for GraphQL may be relatively immature.

Taking it all home

Attendees of API World reacted positively to the microservices session, particularly to the panel discussion about microservices messaging protocols.

“My favorite one was actually the panel, the discussion about what the different communication protocols between the microservices are and why we would use one over the other,” said Hema Rajashekhara, a senior application developer at the financial services company Capital Group.

Rajashekhara said she is actively looking for more information about microservices messaging protocols to help mitigate performance issues as they transition toward microservice implementation.

“One thing that I’m concerned about is performance and communicating between the different microservices and how it’s going to affect performance,” she said. “So, to hear the differences between gRPC and Kafka is something that I’m going to take back and see what’s best to apply.”

Other attendees, such as Barb Honken, a systems integration analyst at Blackfoot, particularly gravitated toward the discussions about the use of the GraphQL language for microservices.

“I didn’t come here thinking I wanted to learn more about GraphQL,” Honken said. “But now I do.”