cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

The Actuator – July 4th

Level 17

Happy 4th of July! Holiday or not, the Actuator always delivers. I do hope you are taking the time to spend with family and friends today. You can come back and read this post later, I won’t mind.

As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!

Debugging Serverless Apps: from monitoring invocations to observing a system of functions

As our systems become more complex, it becomes more important than ever to start labeling everything we can. Metadata will become your most important data asset.

4 Types of Idle Cloud Resources That Are Wasting Your Money

Speaking of containers, they are likely a vampire resource in your cloud environment along with a handful of other allocated resources which are lightly used.

Dealing with the insider threat on your network

Buried in this article is this gem: “…security is not so much about monitoring the perimeter anymore; companies need to be looking on the inside - how communications are happening on the network, how systems are talking to each other and most importantly what are the users doing on the network.” This is why anomaly detection, built on top of machine learning algorithms, are the next generation of tools to defend against threats.

LA Fitness, ‘Hotel California’ and the fallacy of digital transformation

The author uses LA Fitness as one example, but I know of dozens more. This scenario is very common, where a company chooses to modernize only parts of their business. Usually, the part chosen is one that generates revenue, and not with customer service.

Apple is rebuilding Maps from the ground up

Two interesting parts to this story. The first is the admission that Apple knew their Maps feature was going to be poor right from the start, but they knew they needed to launch something. Second, the way they are making an effort to collect data and respect user privacy at the same time.

Here's how Amazon is able to poach so many execs from Microsoft

The answer combines a dollar sign in front and lots of numbers after.

About 300K expected to visit Las Vegas for July 4th

With July 4th on a Wednesday, more and more people are thinking "WOOHOO, SIX DAY WEEKEND!"

Happy Independence Day! Here's a picture of me riding an eagle:

july4th.png

54 Comments
MVP
MVP

Cool article

"Serverless applications"?  What next?  Thoughtful and compassionate politicians?  Military "intelligence"?  Screen doors on submarines?

I've not seen cloud virtues yet, but no matter what amazing services (and vulnerabilities) the cloud may offer, working without servers isn't one of them.

Tell me more about serverless apps, please?  Whether an app runs locally on a smartphone, or relies on distributed hardware platforms that might be in multiple data centers or be comprised of unused resources on millions of PC's, the hardware--or "server"--is still there.

What am I missing?

I love how the cloud supposedly improves life, saves money, speeds everything along even better than before ("Hey, Kid--wanna drink some of my 'special' Kool-Aid?"), this articles reveals the cloud is a multi-billion dollar money pit of waste and leveraged opportunities--against your company.

Insider threats have always been present in any venture; they're nothing new.  They're why things like NAC and network taps (e.g.: Gigamon) and firewalls and TACACS were developed.  To have protection from anyone doing anything without permission inside your network.  They don't have to be out on the internet.

Preventing someone from physically or logically accessing your resources is key.  Defeating that prevention is why social engineering has been leveraged for thousands of years by spies, nations, and relied on for industrial espionage.  Whether Delilah or Cleopatra or Mata Hari, whether it's Bill stealing a GUI idea from Steve--it's all about threats.  Separating them into "insider" and "outsider" brings the risk of guesstimating that one is worse than the other.  And that leads to assumptions about what security should be purchased, which options are OK to postpone.

Find that weakest link in your access and authentication chain and strengthen in.  Don't focus on inside or outside, since North-South traffic is easy to assume secure due to NGFWs--which will always be playing catch up to human ingenuity and bad ethics.

Get something in place that ALSO captures East-West traffic.  Something that prevents unauthorized flows, that tracks unknown flows, that lists every node that is touched by any flow--and then analyze and review and see what's been compromised, what's been stolen, what's been manipulated without permission.

Focusing on inside or outside leaves no focus on the other avenue; that's a sure path to being exploited.

Regarding the fallacy of digital transformation:  doing half a job--or less--results in an incomplete product.  If your job is migrating to new tech, providing new services, moving into a new environment, developing new hardware or apps--or even selling lemonade at the curb--doing it right 100% of the time is the way to avoid being pointed at as an example of how NOT to do the job.

You had one job.  Maybe it was tough, or complex, or expensive.  Don't take shortcuts, don't compromise.  Make life better for your customers--and that includes protecting their names, their data, their satisfactory experiences, and their investments.

And you won't be in the headlines for spoiling it for themselves and for you and your team.

Apple Maps.  (shaking my head)

I like innovation, new tech, pretty GUI's, improvements, Moore's Law (but a $1000 telephone!?).

And poor Maps.

Yes, there should be competition for Google.

Noe, I don't need yet another company collecting my personal data, location, browsing & driving habits, and then selling it to others.  I don't need targeted advertising wasting space on my screen.  And no matter how much Apple may Emphasize security and privacy, we're all covered with scars from being burned by Apple and other IT companies and retailers and loss of PII, PHI, PCI info.

I just don't need the aggravation, the risks, the annoyance.  I don't need Apple Maps.  And one day it'll probably be forced on me without permission.

Level 13

Good articles.

One business poaching great employees from another just isn't news.  It's depressing.

Building a better mousetrap isn't always about catching mice differently.  It can be changing the factory and office environment and pay scale.  You could work for Big Blue in the 1960's and wear your corporate blue blazer & tie, and enjoy your salary and be moved around the country or the world.  Right up until you couldn't take the environment and the corporate structure, and you started looking for a better work environment.

If you're not someone with deep roots to your home and friends and family and neighbors, it's not hard to sell and move to a different city, all for more pay, for trying to run the maze or rat race even faster.

Who needs it?

More folks going to Vegas?  Excellent.  (Granted, I should have eaten breakfast before responding to the Actuator, so I apologize to all for my hairy-eyed observations this morning).   More air pollution from jets.  More water taken from the Vegas aquifer that takes a thousands years or more to replenish.  More carbon put into the atmosphere, resulting in even weirder weather and warmer air and rising ocean water levels.

Excellent.  That's 300K folks who aren't imposing on people I like here at home.

MVP
MVP

Debugging Serverless Apps: from monitoring invocations to observing a system of functions -> sounds similar to what is being performed by today's analytics tools (Splunk, Sumologic etc ....)

MVP
MVP

4 Types of Idle Cloud Resources That Are Wasting Your Money -> a good read

Level 14

Dealing with the insider threat.  I agree that a layered defence is best but management don't.  I'm only the paid expert so what would I know.  Here I complained about how we weren't doing network monitoring properly.  Management's response wasn't to agree and ask me how to improve it.  No.  They took away network monitoring from me and gave it to the network team.  That would be the network team that is actually outsourced and get paid based on how few outages and issues we have.  It is in their best interest to report no problems so guess what.  We don't have any issues, lots of weird stuff going on but no outages.  Therefore they get well paid and we probably lose a load of data.  Still, management are happy.

Level 14

LA Fitness.  Why are you surprised that they make it so hard to leave.  That's been he norm for years. 

Agree with too much stuff being added to other projects such as digital transformation.  We have a GDPR project that has been delayed for over a year because they bolted a Windows 10 rollout onto it and they didn't get anyone in who knows windows 10.

Level 14

Apple Maps.  What a colossal waste of time and effort.  Google won that war.  Why keep fighting. 

On a side note.  It's probably a good idea to build maps from 'the ground up'.    

Level 14

Amazon poaching Microsoft staff.  Nothing new there.  Amazon need experienced staff.  Not many staff available with the skills locally except for all those just down the road at Microsoft.  Amazon have loads of money.  Offer big salaries and naturally the staff will move.  Give it a couple of years and they will start moving the other way.  Swings and roundabouts.

Level 14

My sister and her husband flew into Vegas a few days ago.  They hadn't taken into consideration that the 4th was in the middle of their stay (why would they, they are British).  Apparently it is quite busy.  Of course they leave before Travis Pastrana tries to do the Evel Knievel jump over the Ceasars Palace fountain.  What were they thinking ?

When I was in Vegas I tried to jump over the fountain but was drunk and on foot so just fell in.  

rschroeder  wrote:

"Thoughtful and compassionate politicians?"

Lets keep our expectations lower. Serverless apps are low hanging fruit, then submarine screen doors, and I think we can agree that magic like you would see in Harry Potter will come before "Thoughtful and compassionate politicians" but its all on the list.

Level 12

OTOH, there is something meaningful to Apple's admission that the product was not what it should be, and doing something to fix it.  Personally, I like having Google Maps and Apple Maps to push each other and sanity check data.

murica.png

Level 12

From what I know about "Serverless" apps is that you don't have to install a dedicated application on a dedicated server (ie exchange). Instead it takes an application and breaks it down into individual tasks/jobs and runs them independently of being installed in a single package. I guess it is the extreme end of containers where your not only putting a specific app in a container, but splitting up the app into its base tasks and installing each one into its own container.

Level 13

Apple map is lost.....

Level 12

Our partner Aurora is going through something like this right now. They are in the process of putting each and every application server group on its own little subnet, and then firewalling it off from everything else. It has created a huge amount of problems for us because they tend to forget about us when they put in the new firewalls, and then suddenly our users cant access the system anymore. There are now 4 firewalls between one of our users and the server on our partners end, it makes things hard to balance at times.

Level 12

The admission points to something bad going on at Apple that has been happening for years, and has been accelerating lately. They admit to making something that was pretty bad, just to get it out there. But Apple used to be about "oh it just works, its perfect out of the box". But not anymore.

Level 12

I think this points to a bigger problem with corporate america right now. The unwillingness of companies to train and promote from within its own walls. They would rather another company do all that hard work and spend all that money then just reap the rewards afterwards and pull the person over with shiny objects.

I see this happening even in my small rural hospital. Very little internal promotions up the chain, usually always hire from outside. And no training at all.

Wow.  THAT will be easy to troubleshoot . . . (NOT!)

Let's put things where no one can see all the parts, then assign one team or person to troubleshoot the thing as a whole without giving them access to the multiple containers or systems in which the parts are contained or in which they operate.

I don't know . . .  Is this supposed to be EASIER and more reliable for users and support staff?  It doesn't sound that way to me.

Each time I find something to complain about to my wife or friends, lately I've taken an immediate step back and thought about my latest "problem" in terms of how big a problem it really is when compared to not having safe & clean water to drink, going to bed hungry for the third night in a row, being worried about violence being perpetrated upon my family or myself, being "disappeared" because of something I thought and said.

After realizing my complaint is NOTHING compared to people who fear for their lives & their children, I smile and take back my whining, saying "It's just a First-World problem.  Other people have it much worse than we do.  I need to stop complaining and put things into perspective with folks who are afraid or hurt or dying due to their local politics or oppression.  Maybe even do something about it for them . . ."

pastedImage_0.png

pastedImage_1.png

Hopefully we can all keep proper prioritization of our "issues" and make them relative to people who have fewer freedoms and less safety than we do.

And maybe we can try to influence our politicians to make a better world for all people, instead of closing our eyes to those in other places who are abused and oppressed.

Level 7

great info, thanks!

MVP
MVP

Dealing with the insider threat on your network - a good read - thanks

MVP
MVP

Apple is rebuilding Maps from the ground up -> Nice

MVP
MVP

About 300K expected to visit Las Vegas for July 4th -> Wow

rschroeder​,

Let me start by saying I have never done this but I have studied it.  So it is not the be all end all.  Also, some loads will make serverless very expensive.

As with everything, choose the right tool for the job.

Let us say you need an app that is a web form people login into and fill out and leave.

Traditional

Traditionally it would be a 2 or 3 tier app. So a web server, app server and database server (3 tier) or a web server and database server (2 tier).

Build the boxes, patch the O/S's, network it (Visualized or Physical) license it, buy, install and maintain the software. (Write all of the code)  Make firewall/policy the stuff as needed.  CPU's and everything is running all of the time. $$$$

Serverless

On request, Write the code that spins up a widget that looks like a web page and display a login when a request comes in for the resource.

Write the code that directs them to a Identity as a Service (Duo/Okta) for authentication.

Write the code that spins up a widget that looks like a web page and display a form to fill out.

The user submits the form, Write the code that spins up a widget takes that data, sanitizes it and puts it in a database.

Policies should be set so only the things that need to talk to the the other things are limited to what is needed. 

Widget code is small, so they say it is harder to make a mistake.

When not in use this takes very little CPU and costs very little money. $

I hope that simplified explanation helps.  

RT

Thank you, kind sir.

In my ignorance, it seems as if the widget MUST live somewhere, and since no cloud server is referenced, no hardware server is referenced, it looks as if the widget only lives on your PC.

Where does the widget live?

You said to write the code that spins up a widget.  So the widget is running on your PC, or in a server in the cloud, or in a data center.  No?

We purchased and installed ACI to accomplish this same isolation.  The segmentation is growing, but the initial installation was in "network-centric mode", and is moving towards the isolated app-centric or server-centric segmentation and isolation.  It's not easy, it's not fast, it's not what Management believed Cisco was selling.

Now Cisco tells us we need their Tetration product to discover the access & ports & flows required by any application for ACI to properly secure it. 

And Tetration is pricy.  We have several thousand servers, over a thousand SQL and Oracle databases.  I've seen Internet-based resources talking about $3M to implement Tetration to learn what flows & connections are required for every application to be propery discovered and secured in ACI.

We'll see what it ends up costing here . . .

Great question.  One such service is Lambda AWS Lambda – Serverless Compute - Amazon Web Services .  As they put it, "Run code without thinking about servers. Pay only for the compute time you consume."  I think of it as "Functions as a Service".  So there is a server at a cloud provider running your code....but the server is just not your problem.  Your problem is to determine what tools are needed for the given task and to write the smallest amount of code necessary to make it work securely. 

Here is an overview of AWS stuff

Serverless Computing – Amazon Web Services

RT

MVP
MVP

LA Fitness, ‘Hotel California’ and the fallacy of digital transformation -> makes sense and for sure a good read, thanks

Level 20

It's going to be really hard for Apple maps to ever catch up to google.  In addition with google now using it's own users to rate and answer questions about places on maps put apple at a disadvantage... I will say though that they can throw a lot of money at the problem to help which it looks like they are doing now.

Level 20

With VM and container resources I'd say memory is what almost ALWAYS runs out before I run out of vCPU's or cores.

Level 20

Everything is about insider threat now on DoD networks... we can thank a couple bad actors for ruining it for everyone else!  You know who they are!

Level 20

Amazon ironically poached a girlfriend of mine from Time Warner... she had to interview like 4 or 5 times with various people and now works two levels down from one their main VP's.  She seems to really like it at Amazon and she does most all of her work from home!

Level 20

Many businesses including Netflix rely on all of this... they don't host their own servers at all.

Level 14

Apple maps is, has been and will be horrible.... They understand the "cute puppy" method of getting people to want to buy their products, but they don't quite grasp the concept of day to day life and the importance maps/mapping/traffic plays. Apps like WAZE (owned by GOOGLE) do.. It's tough to play catch up and I think Apple should acknowledge defeat and move on.

Level 12

Yeah unfortunately we are not nearly big enough to justify systems like that. Also our administration doesn't understand the difference between entirely manual processes, and automating things. That makes it even harder to buy systems that take a lot of the grunt work out of things to make overall management easier.

Level 12

That is the problem though. Apple can't stop, they wont stop. They want and need you to stay entirely in their ecosystem. They know maps are important, but they didn't take how encompassing a product something like a map application is. Google is constantly adding new features and updating their maps, apple probably figured hey its just a map it cant be that hard.

Level 14

Absolutely.... Common sense is a beautiful thing... just a bit lacking for Apple in this arena... It only validates my new favorite expression "the world is full of unaware people!"

Level 14

Being on a classified government network, the insider threat is priority number one.  Well written article.  Thank you!

MVP
MVP

Insider threats. How many networks are Still using the perimeter defense method - probably a large majority of them. How many times do we need to see the statistics before we begin to take a "zero-trust" posture? So often we talk about security and even practice security with old school thinking. To me it seems like insurance - you either don't buy it or have too little until a disaster strikes and then immediately you purchase it because . . . Security is the same way. Many companies take it lightly until something happens and then the stacks of money come out to fix things.

MVP
MVP

I just got to read " 4 Types of Idle Cloud Resources That Are Wasting Your Money​" and I have added this wonderful information to some of my documentation.  A couple of years ago "THE CLOUD" started popping up in conversation.  Most non-it individuals really did not understand the concept and theory behind "THE CLOUD".  I was tasked to build a redundant data center, and during the process management continued to ask my why can't we go to the cloud?  I had just finished converting the primary site from physical servers to virtual servers... we have a private cloud.  The next step was to build a new facility that would eventually become the primary site and the old building would be the "true" DR site.


I leveraged NetApp and VEEAM to replicate the environment and have achieved a 15 minute RTO/RPO.  The RTO/RPO conversation with management was devastating.   During the preliminary conversations THE CLOUD continued to come up ... why can't we go to the cloud.  We could never afford to operate in the cloud 2-3 years ago.

The discussion is coming up again, and my recommendation would be to replicate a 2nd copy of our data to THE CLOUD.

I was pleased to read the article and find out specific resources that should be taken into consideration in order to avoid waste!

Thanks for sharing.

Happy belated Independence Day everyone. Hope your day was full of fun, family, and bacon!

MVP
MVP

Recently, I attended a seminar, and they actually brought someone in from Amazon AWS.... WOW... like WOW ... and yes.. you only pay for the time that you compute .... I was amazed ... and the business opportunities that could stem from this service .. voice recognition, facial recognition, voice to text, translation ...   I was so amazed ... I wanted to quit my current job and start up a medical transcription service.   I am too lazy to quit my current job!!!   I am definitely exploring the AWS platform as time permits.  Very cool information.