Tag Archives: recent

For Sale – Parts Clear Out (Motherboards, Memory, CPUs, GPUs and Case) ***PRICE DROPS***

Due to a recent upgrade, and the need to clear some space in the garage, I’ve got the following up for sale.

Motherboards:
MSI Z87 GD65 Used £65.00 £55.00
MSI Z170I ITX Used £95.00 £90.00

DDR3:
8GB Corsair Vengeance Pro – 2133Mhz (2x4GB) Used £35.00
16GB HyperX Savage Red – 2400Mhz (2x8GB) Used £50.00 SOLD to scott178

DDR4:
16GB Corsair Low Profile Black – 2400Mhz (2x8GB) Used £45.00

Intel Processors:
LGA 1150 – Intel Core i5-4670K Used £65.00 £55.00
LGA 1151 – Intel Core i5-6600 Used £90.00 £85.00

AMD Graphics Cards:
XFX AMD R9 390 – 8GB Used £75.00 SOLD to Jeeva

Nvidia Graphics Cards:
MSI – GTX 660Ti 2GB Used £45.00 £35.00
MSI – GTX 570 2GB Used £35.00 £25.00

Mice:
Razer Mamba Elite 2016 Wireless Used £60.00

Cases:
Phanteks Evolve ITX Used £40.00 £35.00 (Collection Only)

Coolers:
Corsair H50 Used £40.00 £35.00
Corsair H80i Used £50.00 £45.00

Most items will be boxed in their original retail or OEM packaging.

I will updating this thread as I discover anything else that I no longer require.

Open to offers.

Price and currency: £845
Delivery: Delivery cost is not included
Payment method: BT/PPG
Location: Oxford
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author:

For Sale – Parts Clear Out (Motherboards, Memory, CPUs, GPUs and Case) ***PRICE DROPS***

Due to a recent upgrade, and the need to clear some space in the garage, I’ve got the following up for sale.

Motherboards:
MSI Z87 GD65 Used £65.00 £55.00
MSI Z170I ITX Used £95.00 £90.00

DDR3:
8GB Corsair Vengeance Pro – 2133Mhz (2x4GB) Used £35.00
16GB HyperX Savage Red – 2400Mhz (2x8GB) Used £50.00 SOLD to scott178

DDR4:
16GB Corsair Low Profile Black – 2400Mhz (2x8GB) Used £45.00

Intel Processors:
LGA 1150 – Intel Core i5-4670K Used £65.00 £55.00
LGA 1151 – Intel Core i5-6600 Used £90.00 £85.00

AMD Graphics Cards:
XFX AMD R9 390 – 8GB Used £75.00 SOLD to Jeeva

Nvidia Graphics Cards:
MSI – GTX 660Ti 2GB Used £45.00 £35.00
MSI – GTX 570 2GB Used £35.00 £25.00

Mice:
Razer Mamba Elite 2016 Wireless Used £60.00

Cases:
Phanteks Evolve ITX Used £40.00 £35.00 (Collection Only)

Coolers:
Corsair H50 Used £40.00 £35.00
Corsair H80i Used £50.00 £45.00

Most items will be boxed in their original retail or OEM packaging.

I will updating this thread as I discover anything else that I no longer require.

Open to offers.

Price and currency: £845
Delivery: Delivery cost is not included
Payment method: BT/PPG
Location: Oxford
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author:

Recent ransomware attack cripples nursing homes, acute care facilities

A recent ransomware attack has affected roughly 110 nursing homes and acute care facilities in 45 states, cutting caretakers off from patient records.

Virtual Care Provider Inc. (VCPI), a Milwaukee-based IT consulting, security and management service company, first became aware of the attack Nov. 17. In a letter to clients, VCPI said the business was attacked with Ryuk encryption ransomware, which is used to target large software systems, and that it was spread by the TrickBot virus, a malicious program that targets Windows machines.

The company estimated 20% of its servers have been affected by the attack, and that roughly 100 physical servers will need to be rebuilt. VCPI said it is using a virus-specific software application to scan individual Microsoft Windows servers to verify they aren’t infected. If the server is infected, the business plans to restore it. The company maintains roughly 80,000 computers and servers for the affected facilities, according to KrebsOnSecurity, which broke the story.  

Attackers are demanding $14 million in Bitcoin as ransom for a digital key that VCPI could use to unlock access to its files, a price the company doesn’t want to pay, according to KrebsOnSecurity. VCPI CEO and owner Karen Christianson said in an interview with the security news site that the attack affected nearly all of its offerings, including email and internet service, client billing and phone systems, and access to patient records. She said the ongoing attack is keeping care facilities from accessing patient records.

Experts said the incident shows even the best organizations with the best procedures and controls can fall victim to attack, providing a stark warning to healthcare CIOs to educate employees on best cybersecurity practices.

Ransomware’s impact on healthcare

Larry Ponemon, founder of data protection research company Ponemon Institute in Traverse City, Mich., described the recent ransomware attack as especially devastating.

Larry PonemonLarry Ponemon

“It’s very serious because it’s not just about losing some data or preventing people from accessing their data,” he said. “It’s about the ability to provide services that can be life and death.”

If a ransom isn’t paid to retrieve a digital key to unlock the files, Ponemon said it can take months, or even years, for an affected healthcare organization or business to rebuild its systems after a ransomware attack.

In the letter sent by VCPI, the company said its plan is to rebuild servers and install them into newly created network segments. It is prioritizing servers that provide access to email and EHR applications. The company acknowledged it doesn’t know when clients will have access to VCPI systems again and noted that it intends to investigate if the recent ransomware attack has resulted in the acquisition of client data.

“We are working diligently, nonstop, without resource constraint, according to our documented plan, and with experienced expert leadership,” the letter stated. “We need to ensure the integrity of the new environment. We are prioritizing critical VCPI infrastructure, including Microsoft Exchange email system, and electronic health record software.”

David ChouDavid Chou

David Chou, vice president and principal analyst for Constellation Research in Cupertino, Calif., said he was struck not by the ransomware attack but by the fact that the victim is a technology company that provides technology services to healthcare organizations.

Chou said the incident highlights the importance of properly educating employees to be aware of the ways attackers will try to infiltrate an organization’s systems and to ask questions before opening external emails with potentially malicious attachments. “If you don’t, you’re going to pay the price,” he said.

Go to Original Article
Author:

Rethinking cyber learning—consider gamification

As promised, I’m back with a follow-up to my recent post, Rethinking how we learn security, on how we need modernize the learning experience for cybersecurity professionals by gamifying training to make learning fun. Some of you may have attended the recent Microsoft Ignite events in Orlando and Paris. I missed the conferences (ironically, due to attending a cybersecurity certification boot camp) but heard great things about the Microsoft/Circadence joint Into the Breach capture the flag exercise.

If you missed Ignite, we’re planning several additional Microsoft Ignite The Tour events around the world, where you’ll be able to try your hand at this capture the flag experience. Look for me at the Washington, DC event in early February.

In the meantime, due to the great feedback I received from my previous blog—which I do really appreciate, especially if you have ideas for how we should tackle the shortage of cyber professionals—I’ll be digging deeper into the mechanics of learning to understand what it really takes to learn cyber in today’s evolving landscape.

Today, I want to address the important questions of how a new employee could actually ramp up their learning, and how employers can prepare employees for success and track the efficacy of the learning curriculum. Once again, I’m pleased to share this post with Keenan Skelly, chief evangelist at Boulder, Colorado-based Circadence.

Here are some of some of her recommendations from our Q&A:

Q: Keenan, in our last blog, you discussed Circadence’s “Project Ares” cyber learning platform. How do new cyber practitioners get started on Project Ares?

A: The way that Project Ares is set up allows for a user to acquire a variety of different skill levels when launched. It’s important to understand what kind of work roles you’re looking to learn about as a user as well as what kinds of tools you’re looking to understand better before you get started on Project Ares. For example, if I were to take some of my Girls Who Code or Cyber Patriot students and put them into the platform, I would probably have them start in the Battle School. This is where they’re going to learn about basic cybersecurity fundamentals such as ports and protocols, regular expressions, and the cyber kill chain. Then they can transition into Battle Rooms, where they’ll start to learn about very specific tools, tactics, and procedures or TTPs, for a variety of different work roles. If you’re a much more skilled cyber ninja, however, you can probably go ahead and get right into Missions, but we do recommend that everyone who comes into Project Ares does some work in the Battle Rooms first, specifically if they are trying to learn a tool or a skill for their work role.

Project Ares also has a couple of different routes that an expert or an enterprising cybersecurity professional can come into that’s really focused more on their role. For example, we have an assessments area based entirely on the work role. This aligns to the NIST framework and the NICE cybersecurity work roles. For example, if you’re a network defender, you can come into that assessment pathway and have steps laid out before you to identify your skill level in that role as you see below:

Assessment pathway.

Q: What areas within Project Ares do you recommend for enterprise cyber professionals to train against role-based job functions and prepare for cyber certifications?

A: You might start with something simple like understanding very basic things about your work role through a questionnaire in the Battle School arena as seen in the illustrations below. You may then move into a couple of Battle Rooms that tease out very detailed skills in tools that you would be using for that role. And then eventually you’ll get to go into a mission by yourself, and potentially a mission with your entire team to really certify that you are capable in that work role. All this practice helps prepare professionals to take official cyber certifications and exams.

Battle School questionnaire.

Battle School mission.

Q: Describe some of the gamification elements in Project Ares and share how it enhances cyber learning.

A: One of the best things about Project Ares is gamification. Everyone loves to play games, whether it’s on your phone playing Angry Birds, or on your computer or gaming console. So we really tried to put a lot of gaming elements inside Project Ares. Since everything is scored within Project Ares, everything you do from learning about ports and protocols, to battle rooms and missions, gives you experience points. Experience points add up to skill badges. All these things make learning more fun for the user. For example, if you’re a defender, you might have skill badges in infrastructure, network design, network defense, etc. And the way Project Ares is set up, once you have a certain combination of those skill badges you can earn a work role achievement certificate within Project Ares.

This kind of thing is taken very much from Call of Duty and other types of games where you can really build up your skills by doing a very specific skill-based activity and earn points towards badges. One of the other things that is great about Project Ares is it’s quite immersive. For example, Missions allows a user to come into a specific cyber situation or cyber response situation (e.g., water treatment plant cyberattack) and have multimedia effects that demonstrate what is going—very much reflective of that cool guy video look. Being able to talk through challenges in the exercises with our in-game advisor, Athena, adds another element to the learning experience as shown in the illustration below.

Athena was inspired by the trends of personal assistants like Cortana and other such AI-bots, which have been integrated into games. So things like chat bots, narrative storylines, and skill badges are super important for really immersing the individual in the process. It’s so much more fun, and easier to learn things in this way, as opposed to sitting through a static presentation or watching someone on a video and trying to learn the skill passively.

Athena—the in-game advisor.

Q: What kinds of insights and reporting capability can Project Ares deliver to cyber team supervisors and C-Suite leaders to help them assessing cyber readiness?

A: Project Ares offers a couple great features that are good for managers, all the way up to the C-Suite, who are trying to understand how their cybersecurity team is doing. The first one is called Project Ares Trainer View. This is where a supervisor or manager can jump into the Project Ares environment, with the students or with the enterprise team members, and observe in a couple of different ways.

The instructor or the manager can jump into the environment as Athena, so the user doesn’t know that they are there. They can then provide additional insight or help that is needed to a student. A supervisor or leader can also jump in as the opponent, which gives them the ability to see someone who is just breezing by everything and maybe make it a little more challenging. Or they can just observe and leave comments for the individuals. This piece is really helpful when we’re talking about managers who are looking to understand their team’s skill level in much more detail.

The other piece of this is a product we have coming out soon called Dendrite—an analytics tool that looks at everything that happens at Project Ares. We record all the key strokes and chats a user had with Athena or any with other team members while in a mission or battle room. Cyber team leads can then see what’s going on. Users can see what they’re doing well, and not doing well. This feedback can be provided up to the manager level, the senior manager level, and even to the C-Suite level to demonstrate exactly where that individual is in their particular skill path. It helps the cyber team leads understand what tools are being used appropriately and which tools are not being used appropriately.

For example, if you’re a financial institution and you paid quite a bit of money for Tanium, but upon viewing tool use in Dendrite, you find that no one is using it. It might prompt you to rethink your strategy on how to use tools in your organization or look at how you train your folks to use those tools. These types of insights are absolutely critical if you want to understand the best way to grow the individual in cybersecurity and make sure they’re really on top of their game.

The Dendrite assessment and analysis solution.

Q: How can non-technical employees improve their cyber readiness?

A: At Circadence, we don’t just provide learning capabilities for advanced cyber warriors. For mid-range people just coming into the technical side of cybersecurity, we have an entire learning path that starts with a product called inCyt. Now, inCyt is a very fun browser-based game of strategy where players have some hackable devices they must protect—like operating systems and phones. Meanwhile, your opponent has the same objective: protect their devices from attacks. Players continually hack each other by gathering intel on their opponent and then launching different cyberattacks. While they’re doing this, players get a fundamental understanding of the cyber kill chain. They learn things like what reconnaissance means to a hacker, what weaponizing means to a hacker, what deploying that weapon means to a hacker, so they can start to recognize that behavior in their everyday interactions online.

Some people ask why this is important and I always say, “I used to be a bomb technician, and there is no possible way I could defuse an IED or nuclear weapon without understanding how those things are put together.” It’s the same kind of concept.

It’s impossible to assume that someone is going to learn cyber awareness by answering some questions or watching a five-minute phishing tutorial after they have already clicked a link in a suspicious email. Those are very reactive ways of learning cyber. inCyt is very proactive. And we want to teach you in-depth understanding of what to look for, not just for phishing but for all the attacks we’re susceptible to. inCyt is also being used by some of our customers as a preliminary gate track for those who are interested in cybersecurity. So if you demonstrate a very high aptitude within inCyt, we would send you over to our CyberBridge portal where you can start learning some of the basics of cybersecurity to see if it might be the right field for you. Within our CyberBridge access management portal, you can then go into Project Ares Academy, which is just a lighter version of Project Ares.

Professional and Enterprise licenses in Project Ares pave more intricate learning pathways for people to advance in learning, from novice to expert cyber defender. You’ll be able to track all metrics of where you started, how far you came, what kind of skill path you’re on, and what kind of skill path you want to be on. Very crucial items for your own work role pathway.

How to close the cybersecurity talent gap

Keenan’s perspective and the solution offered by Project Ares really helps to understand how to train security professionals and give them the hands-on experience they require and want. We’re in interesting times, right? With innovations in machine learning and artificial intelligence (AI), we’re increasingly able to pivot from reactive cyber defense to get more predictive. Still, right now we’re facing a cybersecurity talent gap of up to 4 million people, depending on which analyst group you follow. The only way that we’re going to get folks interested in cybersecurity is to make it exactly what we have been talking about: a career-long opportunity to learn.

Make it something that they can attain, they can grow in, and see themselves going from a novice to a leader in an organization. This is tough right now because there are relatively few cybersecurity operators compared to demand, and the operators on the front lines are subject to burnout. With uncertain and undefined career paths beyond tactical SecOps, what is there to look forward to?

We need to get better as a community in cybersecurity, not only protect the cybersecurity defenders that we have already, but also help to bring in new cybersecurity defenders and offenders who are really going to push the boundaries of where we’re at today. This is where we have an excellent and transformational opportunity to introduce more immersive and gamified learning to improve the learning experience and put our people in a position to succeed.

Learn more

To learn more about how to close the cybersecurity talent gap, read the e-book: CISO essentials: How to optimize recruiting while strengthening cybersecurity. For more information on Microsoft intelligence security solutions, see Achieve an optimal state of Zero Trust.

You can also watch my full interview with Keenan.

Bookmark the Security blog to keep up with our expert coverage on security matters and follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Go to Original Article
Author: Microsoft News Center

Acquia cloud CMS on AWS, Vista cash flow raise user expectations

NEW ORLEANS — Flush with funding from the recent majority stake investment from Vista Equity Partners, Acquia has newfound resources to integrate marketing automation and personalization tools with its digital experience platform running on AWS.

As Acquia cloud tools expand beyond its established web content management base into marketing automation and the company sharpens its AWS chops, customers expect performance improvements. 

Partners said they’re looking forward to easier application setup and integration resources.

Earlier this year, the company earned AWS Digital Customer Experience Competency status for Content Management, a certification of its infrastructure optimization.

U.S. securities market auditor FINRA uses Acquia Drupal for its public-facing websites as part of a massive AWS footprint that catalogs seven years’ worth of transactions on behalf of the Securities and Exchange Commission.

FINRA is also evaluating the potential for Mautic, the Acquia cloud marketing automation app, said senior director of technology Michael Scheidt. Acquia’s ongoing work to make Drupal sites run better in the AWS environment is more important, he said.

“We want Acquia to develop its platform to take advantage of all the amazing innovation that’s been happening on the AWS platform,” Scheidt said. That can include performance improvement and monitoring, improving databases, application containerization and down the road, serverless versions.

Workfront, an enterprise work management platform encompassing processes such as employee collaboration and project management, uses Acquia cloud tools to host large public-facing sites in five languages.

Michael Scheidt, FINRA senior director of technology, and Josh Hofmann, Amazon Web Services GM and global leader for ISV Partner Ecosystem.
Michael Scheidt, FINRA senior director of technology, presents at Acquia Engage 2019 while co-presenter Josh Hofmann, Amazon Web Services GM and global leader for ISV Partner Ecosystem, looks on.

To support coming content initiatives and its mixed-vendor CX stack that includes Salesforce CRM and Marketo marketing automation, Workfront CMO Heidi Melin said Acquia should continue to invest in content accessibility and improving speed of mobile content services.

“I need them to keep up, from a technology standpoint,” Melin said. “Because they’re part of our stack, and because our own SaaS software is part of the stack, our site has to behave like the most modern out there. People assume there’s a connection between the web platform we use for the public website and our own product.”

Partners want Acquia cloud services to remain open

Acquia’s partners deploying Drupal sites said the company needs to stay the course with its open source, open-data approach, and continue developing microservices and containerization models for its applications.

That’s Acquia’s major differentiator among its closed-platform competitors, said Doug Ruhl of CI&T, a customer experience firm that maps digital strategy for companies in many verticals including financial, consumer packaged goods and life sciences.

“It’s where we see most of our clients wanting to go,” Ruhl said. “That may be because we believe in [open systems], but very few of them are looking for a walled garden approach.”

Accenture Interactive’s open source program lead Jacob Redding echoed those sentiments. Mautic, he said, will find a place among heavy competition if Acquia can solve the problems endemic to all marketing automation platforms: complicated set up and the high number of people required to keep it running.

“There’s a huge market out there for digital experience platforms,” Redding said. “Getting [the applications] to integrate and creating a really good experience platform — that’s a challenge.”

Glenn Hilton, CEO of ImageX, a Drupal agency that sets up media sites for customers, said his clients value the open source structure and community-developed features and capabilities that end up in Acquia applications.

Acquia’s Mautic move is a welcome diversification of its application lineup, Hilton said. Now it’s the partners’ turn to pivot from Acquia cloud web hosting to full digital experience companies.

“Acquia is looking to its partners to also shift,” Hilton said, adding that his company is investigating how to add martech into its services mix and diversify its business model. “A decade ago, CMS was the hot topic, but now you go to conferences and you hardly ever hear it. CMS upgrades are a necessary evil, but people are looking for other things to spend their budgets on.”

Go to Original Article
Author:

For Sale – Parts Clear Out (Motherboards, Memory, CPUs, GPUs and Case) ***PRICE DROPS***

Due to a recent upgrade, and the need to clear some space in the garage, I’ve got the following up for sale.

Motherboards:
MSI Z87 GD65 Used £65.00 £55.00
MSI Z170I ITX Used £95.00 £90.00

DDR3:
8GB Corsair Vengeance Pro – 2133Mhz (2x4GB) Used £35.00
16GB HyperX Savage Red – 2400Mhz (2x8GB) Used £50.00 SOLD to scott178

DDR4:
16GB Corsair Low Profile Black – 2400Mhz (2x8GB) Used £45.00

Intel Processors:
LGA 1150 – Intel Core i5-4670K Used £65.00 £55.00
LGA 1151 – Intel Core i5-6600 Used £90.00 £85.00

AMD Graphics Cards:
XFX AMD R9 390 – 8GB Used £75.00 SOLD to Jeeva

Nvidia Graphics Cards:
MSI – GTX 660Ti 2GB Used £45.00 £35.00
MSI – GTX 570 2GB Used £35.00 £25.00

Mice:
Razer Mamba Elite 2016 Wireless Used £60.00

Cases:
Phanteks Evolve ITX Used £40.00 £35.00 (Collection Only)

Coolers:
Corsair H50 Used £40.00 £35.00
Corsair H80i Used £50.00 £45.00

Most items will be boxed in their original retail or OEM packaging.

I will updating this thread as I discover anything else that I no longer require.

Open to offers.

Price and currency: £845
Delivery: Delivery cost is not included
Payment method: BT/PPG
Location: Oxford
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author:

For Sale – Parts Clear Out (Motherboards, Memory, CPUs, GPUs and Case) ***PRICE DROPS***

Due to a recent upgrade, and the need to clear some space in the garage, I’ve got the following up for sale.

Motherboards:
MSI Z87 GD65 Used £65.00 £55.00
MSI Z170I ITX Used £95.00 £90.00

DDR3:
8GB Corsair Vengeance Pro – 2133Mhz (2x4GB) Used £35.00
16GB HyperX Savage Red – 2400Mhz (2x8GB) Used £50.00 SOLD to scott178

DDR4:
16GB Corsair Low Profile Black – 2400Mhz (2x8GB) Used £45.00

Intel Processors:
LGA 1150 – Intel Core i5-4670K Used £65.00 £55.00
LGA 1151 – Intel Core i5-6600 Used £90.00 £85.00

AMD Graphics Cards:
XFX AMD R9 390 – 8GB Used £75.00 SOLD to Jeeva

Nvidia Graphics Cards:
MSI – GTX 660Ti 2GB Used £45.00 £35.00
MSI – GTX 570 2GB Used £35.00 £25.00

Mice:
Razer Mamba Elite 2016 Wireless Used £60.00

Cases:
Phanteks Evolve ITX Used £40.00 £35.00 (Collection Only)

Coolers:
Corsair H50 Used £40.00 £35.00
Corsair H80i Used £50.00 £45.00

Most items will be boxed in their original retail or OEM packaging.

I will updating this thread as I discover anything else that I no longer require.

Open to offers.

Price and currency: £845
Delivery: Delivery cost is not included
Payment method: BT/PPG
Location: Oxford
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author:

Cloud adoption a catalyst for IT modernization in many orgs

One of the biggest changes for administrators in recent years is the cloud. Its presence requires administrators to migrate from their on-premises way of thinking.

The problem isn’t the cloud. After all, there should be less work if someone else looks after the server for you. The arrival of the cloud has brought to light some of the industry’s outdated methodologies, which is prompting this IT modernization movement. Practices in many IT shops were not as rigid or regimented before the cloud came along because external access was limited.

Changing times and new technologies spur IT modernization efforts

When organizations were exclusively on premises, it was easy enough to add finely controlled firewall rules to only allow certain connections in and out. Internal web-based applications did not need HTTPS — just plain HTTP worked fine. You did not have to muck around with certificates, which seem to always be difficult to comprehend. Anyone on your network was authorized to be there, so it didn’t matter if data was unencrypted. The risk versus the effort wasn’t worthwhile — a lot of us told ourselves — to bother with and the users would have no idea anyway.

You would find different ways to limit the threats to the organization. You could implement 802.1X, which only allowed authorized devices on the network. This reduced the chances of a breach because the attacker would need both physical access to the network and an approved device. Active Directory could be messy; IT had a relaxed attitude about account management and cleanup, which was fine as long as everyone could do their job.

Now that there is increased risk with exposing the company’s systems to the world via cloud, it’s no longer an option to keep doing things the same way just to get by.

The pre-cloud era allowed for a lot of untidiness and shortcuts, because the risk of these things affecting the business in a drastic way was smaller. Administrators who stepped into a new job would routinely inherit a mess from the last IT team. There was little incentive to clean things up; just keep those existing workloads running. Now that there is increased risk with exposing the company’s systems to the world via cloud, it’s no longer an option to keep doing things the same way just to get by.

One example of how the cloud forces IT practices to change is the default configuration when you use Microsoft’s Azure Active Directory. This product syncs every Active Directory object to the cloud unless you apply filtering. The official documentation states that this is the recommended configuration. Think about that: Every single overlooked, basic password that got leaked several years ago during the LinkedIn breach is now in the cloud for use by anyone in the world. Those accounts went from a forgotten mess pushed under the rug years ago to a ticking time bomb waiting for attackers to hit a successful login as they spin through their lists of millions of username and password combos.

Back on the HTTP/HTTPS side, users now want to work from home or anywhere they might have an internet connection. They also want to do it from any device, such as their personal laptop, mobile phone or tablet. Exposing internal websites was once — and still is in many scenarios — a case of poking a hole in the firewall and hoping for the best. With an unencrypted HTTP site, all data it pushed in and out to that endpoint, from anything the user sees to anything they enter such as username and password is at risk. Your users could be working from a free McDonald’s Wi-Fi connection or at any airport in the world. It’s not hard for attackers to set up fake relay access points and listen to all the data and read anything that is not encrypted. Look up WiFi Pineapple for more information about the potential risks.

How to accommodate your users and tighten security

As you can see, it’s easy to end up in a high-risk situation if IT focuses on making users happy instead of company security. How do you make the transition to a safer environment? At the high level, there’s several immediate actions to take:

  • Clean up Active Directory. Audit accounts, disable ones not in use, organize your organizational units so they are clear and logical. Implement an account management process from beginning to end.
  • Review your password policy. If you have no other protection, cycle your passwords regularly and enforce some level of complexity. Look at other methods for added protection such as multifactor authentication (MFA), which Azure Active Directory provides, which can do away with password cycling. For more security, combine MFA with conditional access, so a user in your trusted network or using a trusted device doesn’t even need MFA. The choice is yours.
  • Review and report on account usage. When something is amiss with account usage, you should know as soon as possible to take corrective action. Technologies such as the identity protection feature Azure Active Directory issues alerts and remediates on suspicious activity, such a login from a location that is not typical for that account.
  • Implement HTTPS on all sites. You don’t have to buy a certificate for each individual site to enable HTTPS. Save money and generate them yourself if the site is only for trusted computers on which you can deploy the certificate chain. Another option is to buy a wildcard certificate to use everywhere. Once the certificate is deployed, you can expose the sites you want with Azure Active Directory Application Proxy rather than open ports in your firewall. This gives the added benefit of forcing an Azure Active Directory login to apply MFA and identity protection before the user gets to the internal site, regardless of the device and where they are physically located.

These are a few of the critical aspects to think about when changing your mindset from on-premises to cloud. This is a basic overview of the areas to give a closer look. There’s a lot more to consider, depending on the cloud services you plan to use.

Go to Original Article
Author:

For Sale – Parts Clear Out (Motherboards, Memory, CPUs, GPUs and Case) ***PRICE DROPS***

Due to a recent upgrade, and the need to clear some space in the garage, I’ve got the following up for sale.

Motherboards:
MSI Z87 GD65 Used £65.00
MSI Z170I ITX Used £95.00

DDR3:
8GB Corsair Vengeance Pro – 2133Mhz (2x4GB) Used £35.00
16GB HyperX Savage Red – 2400Mhz (2x8GB) Used £50.00 SOLD to scott178

DDR4:
16GB Corsair Low Profile Black – 2400Mhz (2x8GB) Used £45.00

Intel Processors:
LGA 1150 – Intel Core i5-4670K Used £65.00
LGA 1151 – Intel Core i5-6600 Used £105.00

AMD Graphics Cards:
XFX AMD R9 390 – 8GB Used £75.00

Nvidia Graphics Cards:
MSI – GTX 660Ti 2GB Used £45.00
MSI – GTX 570 2GB Used £35.00

Mice:
Razer Mamba 2016 Wireless Used £35.00

Cases:
Phanteks Evolve ITX Used £40.00

Coolers:
Corsair H50 Used £40.00
Corsair H80i Used £50.00

Most items will be boxed in their original retail or OEM packaging.

I will updating this thread as I discover anything else that I no longer require.

Open to offers.

Price and currency: £845
Delivery: Delivery cost is not included
Payment method: BT/PPG
Location: Oxford
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author:

Ecstasy programming language targets cloud-native computing

While recent events have focused on Java and how it will fare as computing continues to evolve to support modern platforms and technologies, a new language is targeted directly at the cloud-native computing space — something Java continues to adjust to.

This new language, known as the Ecstasy programming language, aims to address programming complexity and to enhance security and manageability in software, which are key challenges for cloud app developers.

Oracle just completed its Oracle Open World and Oracle Code One conferences, where Java was dominant. Indeed, Oracle Code One was formerly known as JavaOne until last year, when Oracle changed its name to be more inclusive of other languages.

Ironically, Cameron Purdy, a former senior vice president of development at Oracle and now CEO of Xqiz.it (pronounced “exquisite”), based in Lexington, Mass., is the co-creator of the Ecstasy language. Purdy joined Oracle in 2007, when the database giant acquired his previous startup, Tangosol, to attain its Coherence in-memory data grid technology, which remains a part of Oracle’s product line today.

Designed for containerization and the cloud-native computing era

Purdy designed Ecstasy for what he calls true containerization. It will run on a server, in a VM or in an OS container, but that is not the kind of container that Ecstasy containerization refers to. Ecstasy containers are a feature of the language itself, and they are secure, recursive, dynamic and manageable runtime containers, he said.

For security, all Ecstasy code runs inside an Ecstasy container, and Ecstasy code cannot even see the container it’s running inside of — let alone anything outside that container, like the OS, or even another container. Regarding recursivity, Ecstasy code can create nested containers inside the current container, and the code running inside those containers can create their own containers, and so on. For dynamism, containers can be created and destroyed dynamically, but they also can grow and shrink within a common, shared pool of CPU and memory resources. For manageability, any resources — including CPU, memory, storage and any I/O — consumed by an Ecstasy container can be measured and managed in real time. And all the resources within a container — including network and storage — can be virtualized, with the possibility of each container being virtualized in a completely different manner.

Overall, the goal of Ecstasy is to solve a set of problems that are intrinsic to the cloud:

  • the ability to modularize application code, so that some portions could be run all the way out on the client, or all the way back in the heart of a server cluster, or anywhere in-between — including on shared edge and CDN servers;
  • to make code that is portable and reusable across all those locations and devices;
  • to be able to securely reuse code by supporting the secure containerization of arbitrary modules of code;
  • to enable developers to manage and virtualize the resources used by this code to enhance security, manageability, real-time monitoring and cloud portability; and
  • to provide an architecture that would scale with the cloud but could also scale with the many core devices and specialized processing units that lie at the heart of new innovation — like machine learning.

General-purpose programming language

Ecstasy, like C, C++, Java, C# and Python, is a general-purpose programming language — but its most compelling feature is not what it contains, but rather what it purposefully omits, Purdy said.

For instance, all the aforementioned general-purpose languages adopted the underlying hardware architecture and OS capabilities as a foundation upon which they built their own capabilities, but additionally, these languages all exposed the complexity of the underlying hardware and OS details to the developer. This not only added to complexity, but also provided a source of vulnerability and deployment inflexibility.

As a general-purpose programming language, Ecstasy will be useful for most application developers, Purdy said. However, Xqiz.it is still in “stealth” mode as a company and in the R&D phase with the language. Its design targets all the major client device hardware and OSes, all the major cloud vendors, and all of the server back ends.

“We designed the language to be easy to pick up for anyone who is familiar with the C family of languages, which includes Java, C# and C++,” he said. “Python and JavaScript developers are likely to recognize quite a few language idioms as well.”

Ecstasy is not a superset of Java, but [it] definitely [has] a large syntactic intersection. Ecstasy adds lots and lots onto Java to improve both developer productivity, as well as program correctness.
Mark FalcoSenior principal software development engineer, Workday

Ecstasy is heavily influenced by Java, so Java programmers should be able to read lots of Ecstasy code without getting confused, said Mark Falco, a senior principal software development engineer at Workday who has had early access to the software.

“To be clear, Ecstasy is not a superset of Java, but [it] definitely [has] a large syntactic intersection,” Falco said. “Ecstasy adds lots and lots onto Java to improve both developer productivity, as well as program correctness.” The language’s similarity to Java also should help with developer adoption, he noted.

However, Patrick Linskey, a principal engineer at Cisco and another early Ecstasy user, said, “From what I’ve seen, there’s a lot of Erlang/OTP in there under the covers, but with a much more accessible syntax.” Erlang/OTP is a development environment for concurrent programming.

Falco added, “Concurrent programming in Ecstasy doesn’t require any notion of synchronization, locking or atomics; you always work on your local copy of a piece of data, and this makes it much harder to screw things up.”

Compactness, security and isolation

Moreover, a few key reasons for creating a new programming language for serverless, cloud and connected devices apps are their compactness, security and isolation, he added.

“Ecstasy starts off with complete isolation at its core; an Ecstasy app literally has no conduit to the outside world, not to the network, not to the disk, not to anything at all,” Falco said. “To gain access to any aspect of the outside world, an Ecstasy app must be injected with services that provide access to only a specific resource.”

“The Ecstasy runtime really pushes developers toward safe patterns, without being painful,” Linskey said. “If you tried to bolt an existing language onto such a runtime, you’d end up with lots of tough static analysis checks, runtime assertions” and other performance penalties.

Indeed, one of the more powerful components of Ecstasy is the hard separation of application logic and deployment, noted Rob Lee, another early Ecstasy user who is vice president and chief architect at Pure Storage in Mountain View, Calif. “This allows developers to focus on building the logic of their application — what it should do and how it should do it, rather than managing the combinatorics of details and consequences of where it is running,” he noted.

What about adoption?

However, adoption will be the “billion-dollar” issue for the Ecstasy programming language, Lee said, noting that he likes the language’s chances based on what he’s seen. Yet, building adoption for a new runtime and language requires a lot of careful and intentional community-building.

Cisco is an easy potential candidate for Ecstasy usage, Linskey said. “We build a lot of middlebox-style services in which we pull together data from a few databases and a few internal and external services and serve that up to our clients,” he said. “An asynchronous-first runtime with the isolation and security properties of Ecstasy would be a great fit for us.”

Meanwhile, Java aficionados expect that Java will continue to evolve to meet cloud-native computing needs and future challenges. At Oracle Code One, Stewart Bryson, CEO of Red Pill Analytics in Atlanta, said he believes Java has another 10 to 20 years of viability, but there is room for another language that will better enable developers for the cloud. However, that language could be one that runs on the Java Virtual Machine, such as Kotlin, Scala, Clojure and others, he said.

Go to Original Article
Author: