[SecurityRatty] Lattest Articles

Links for 2008-09-05 [del.icio.us]

Fri, 05 Sep 2008 20:00:00 +0000

The Resolution Will Not Be Televised

Fri, 05 Sep 2008 19:59:29 +0000

Wow

1-meter simulated resolution from aerial imagery of Colorado Capitol and Downtown Denver

.5-meter simulated resolution from GeoEye

Researchers Use Facebook App to Create Zombie Army

Fri, 05 Sep 2008 15:40:00 +0000

Facebook users who choose to install the wrong third party application could find themselves inducted into a robot computer army controlled by a hacker. At least, that's what a team of Greek computer researchers proved with their rogue Photo of the Day application.

Links List 9.5.08

Fri, 05 Sep 2008 14:52:47 +0000

Sanjay Kumar is singing like a canary from federal prison. Just when you thought it was over, the CA accounting scandal is back and even more juicy. Ex-CEO Kumar is about a year into his 12-year prison term but still busy pointing the finger at everyone else who he says knew about the company’s fraudulent accounting practices that lead to $2.2 billion in misstated revenue. From a former Salomon Brothers vice chairman to a former US senator to company founder Charles Wang, it looks like open season on CA board directors.

Ten days before VMworld and VMware still can’t get good press. First their CEO, Diane Greene, gets ousted, then a high-profile licensing bug is found and now the Director of R&D, Richard Sarwal, leaves his $1.25 million salary after just 7 months. (Note to self: get into R&D) It will be interesting to take the pulse of the VMware community at the show and in person. And in the meantime, Microsoft Hyper-V comes out of the gate with customers already touting its benefits.

The hypervisor is the “new” operating system. If you didn’t think that before, take a look at Red Hat’s purchase of Qumranet for $107 million. With Qumranet, Red Hat gets KVM, described by CTO Brian Stevens as an extension to the Linux kernel that allows it to be used as a bare-metal hypervisor, running directly on the underlying hardware and hosting guest operating systems. But according to Brian Madden, the “press” around the purchase is all focusing on the not-so-interesting part. Along with KVM, the SolidICE product includes Spice, a remote display protocol for VDI.

I wonder if this will be like Symantec buying Altiris or Microsoft buying Softricity, where the portion that we care about sort of loses focus as The Borg concentrates on the parts of the acquired technology that are more relevant to them?

(I’m a sucker for quotes that reference The Borg)

Network World publishes “10 open source companies to watch”. On the list, Qumranet!

Also on the list: Kickfire, Marketcetera, Vyatta, Sonatype, Untangle, XAware, SnapLogic, Acquia and Openmoko. What’s best about the list: Matt Asay gives it a thumbs up.

The Analyzer Is Among The Suspects In $1.8 Million Theft From A Canadian Company

Fri, 05 Sep 2008 13:42:04 +0000

Ehud Tenenbaum, a 29-Israeli known online as “the Analyzer” and living in Montreal, was arrested after investigators spent nine months and found out that him and three other suspects allegedly stole $1.8 million from a Calgary company. The operation involved the U.S. Secret Service and municipal police in Calgary and Vancouver - as well as [...]

Towards a Streaming SQL Standard

Fri, 05 Sep 2008 13:39:08 +0000

In More Towards a Streaming SQL Standard, Marc Adler says, “Despite what I think about Streambase’s marketing and sales organization, you must admit that Zdonik and Cherniack are first-class researchers, and have contributed a lot to the field of CEP.”

I agree that these gentlemen are top notch researchers, witnessed by the fact that the authors do not mention nor claim to be “complex event processing” anywhere in their paper! This paper is not about CEP, nor does it claim to be about CEP, it is about stream processing and unifying SQL standards.

ABSTRACT: This paper describes a unification of two different SQL extensions for streams and its associated semantics. We use the data models from Oracle and StreamBase as our examples. Oracle uses a time-based execution model while StreamBase uses a tuple-based execution model. Time-based execution provides a way to model simultaneity while tuple-based execution provides a way to react to primitive events as soon as they are seen by the system.

Asmentioned on numerous occasions, stream processing is a very important area in CEP/EP. It is important not to confuse the higher situational knowledge from object-object correlation and state management with the single-object event refinement that occurs in stream processsing. Event stream processing is fundamentally different than complex event processing.

Event stream processing performs operations on streaming event objects. In almost all advanced CEP/EP applications is is necessary to perform robust track and trace operations on streaming event objects, like tracking the position of an airplane. Tracking the position of an aircraft can be modelled very nicely with event stream processing. Tracking individual event objects is a precuror to multiclass object situation refinement.

When we manage the state of all the aircraft in the skies over New York, you need more than a stream processing construct. You need to manage the state of all the aircraft. Paul Vincent of TIBCO Software being to address this important point in The Value of State…

Again, we will be better equiped to solve complex distributed event processing problems if we do not confuse the notion of event stream processing and complex event processing. These technologies are indeed complimentary, both very important, but they are not the same.

I applaud Oracle and StreamBase’s work toward a unified standard for SQL extensions for streams.

Friday Squid Blogging: Colossal Squid was a Lethargic Blob

Fri, 05 Sep 2008 12:36:05 +0000

Fierce deep-sea predator? Not so much:

"We are looking at something verging on the incredibly bizarre. As she got older she got shorter and broader and was reduced to a giant gelatinous blob, carrying many thousands of eggs," he says.
"Her shape was likely to have affected her behaviour and ability to hunt. I can't imagine her jetting herself around in the water at any great speed, and she was too gelatinous to have been a fighting machine.

"It's likely she was just blobbing around the seabed carrying her brood of eggs, living on dead fish, while her mate was off hunting."

Can Chrome be read by a Keylogger?

Fri, 05 Sep 2008 11:56:35 +0000

I dont know yet, but Im checking. This is a article that bears reading.

clipped from www.tgdaily.com

Chrome is a security nightmare, indexes your bank accounts

So is this all a big deal?? Well anyone who wants to search your financial information would need local access to your machine and if a person is sitting at your computer, you have a lot more things to worry about than him/her using Chrome’s history search.? Conceivably a hacker could develop an app to pull the cache and index files off your computer and examine them later on another machine – these files reside in the “C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\User Data\Default” folder.

Customers Being Heard Dell OEM Customer Advisory Council

Fri, 05 Sep 2008 11:54:54 +0000

It was a surprise and a great honor when Dell asked us to participate on their Industry Solutions Group (ISG) OEM Customer Advisory Council – even more so when I met some of the other members from companies like Google, Teradata, Siemens Medical and Cisco. Not so shabby.

I arrived in Austin Sunday night to get ready for a factory tour on Monday, a kickoff dinner and then two days of briefings from Dell executives, including Michael Dell himself! Dell’s ISG business is growing at a very fast pace and continues to build momentum and focus within the broader organization.

We had a nice overview of the product roadmap, including some of the exciting enhancements Dell is making to their storage products such as the MD3000 and the new EqualLogic PS5000 series iSCSI solutions.

I really enjoyed the Council meeting and it reminds me all over again; what I admire about Dell is the way they and Michael Dell himself stay close to the customer. The entire purpose of this event is to “get it right” and determine meaningful ways to embrace change (including change in the manufacturing process) in order to make their customers more successful. Ah shucks, you may say that all companies behave this way… well I must tell you that is not true and at times, I find it difficult as we continue to grow to stay as close as I would like to all of our customers varying needs and directions.

This concept of gathering, internalizing and embracing customer feedback is a simple principle of Business Success stories. Always trying to improve the pace of change and build meaningful sticky relationships with customers. Dell’s very successful Ideastorm site where customers post product feedback and are active participants in the Dell community is a great example of how to do this right. No other hardware vendor that we have worked with or attempted to work with has ever gone to the extent of embracing change that Dell has during our 5-year relationship.

From the custom factory integration services to the attention to detail in the order and manufacturing, and logistics processes, Dell helps us execute for our customers and I must admit that we could not have built the business as quickly or efficiently without Dell!

So thank you Michael Dell for building a business that embraces change and is focused on helping your ISG customers succeed.

Internet Exterior Routing Protocol Development: Problems, Issues, and Misconceptions (1997)

Fri, 05 Sep 2008 11:46:08 +0000

In a follow up to a couple of recent posts on routing and why routing is not really CEP, kindly find my 1997 IEEE paper, for historical reference and a bit of background information, on global Internet routing: