Enterprise Security – A Data Centric Approach — Chapter 3

29 Sunday Dec 2013

Posted by in Books, General, Technology

5 Comments

Tags

, , , , ,

So I’m back to reading Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody. I’ve not finished reading the book yet but as I’m reviewing one or two chapters at a time, I thought I’d blog about Chapter 3 – particularly given its value (previous blog entry here and here).

Chapter 3 goes by the name of Security As A Process, which addresses the processes to determining security risk, the analysis of cost benefit of implementing security features to address those risks. The chapter then goes on to provide guidance on defining good policies and standards.

In hindsight the process for determining and analyzing the security risks and classifying them is fairly obvious – it took the reading to to draw the points and the mechanisms into focus. But the fact it makes sense in hindsight suggests that the approach the workability and the chance for the business to understand the risks and challenges being taken on.

The chapter also provides some really good information sources for people to use to support the adotion of the processes described. Some I’ve known about such as the SANS Institute others I hadn’t.

I have to say that based on the strength of this chapter alone I’d recommend the book to any architect who is seeking to develop practical appreciation of addressing security considerations or understand what they should be looking for what to ask for in a new organisation. Those trying to drive up the quality of processes or get across the need for a more proactive security strategy that is also pragmatic – reading this chapter alone should help provide some serious points to get a handle on things.

The book has been published by Packt (who at the time of writing are running a promotion – more here)

There is also a supporting website for the book at http://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Appetite for Self-Destruction: The Spectacular Crash of the Record Industry in the Digital Age

29 Sunday Dec 2013

Posted by in Book Reviews, Books, General, Music

Leave a comment

Tags

, , , , ,

With the holiday break, I’ve had a bit of time to get through some reading, including finishing Appetite for Self-Destruction: The Spectacular Crash of the Record Industry in the Digital Age. This an excellent book on how the music industry has managed to shoot itself in the feet a number of times (and with a canon at that); although it does only cover events upto 2008 (as we enter 2014 it would be brilliant to see an additional chapter to get insight into how the resurgence of vinyl and the rise of Spotify has impacted thinking – beyond the deadlines of complaints by the likes of Thom Yorke about Spotify).

Thw book feels well researched (certainly references hold testimony to this), but at the same time it doesn’t read like a dry academic read that you would associate with such a well researched text. But given the attitudes and behaviours of some of the individuals in the big labels their egos run riot far more than most of the ‘rock gods’ that they’re trying to sell.

Steve Knopper has done a great job with the book and I’d recommend it to anyone interested in music or how technology such as peer-to-peer has impacted the media industry. You dont need to be a music fiend or geek to find this a satisfying read.

Steve’s website is http://knopps.com/
 

Packt Books $5 Promotion

19 Thursday Dec 2013

Posted by in Books

2 Comments

Tags

, , , , , , , ,

$5 ebook Bonanza1 template 1

My friends at Packt Publishing have just told me they are repeating last year’s amazing offer of ebooks at a flat price of $5 (for us Brits that’s £3.05) go here.  The Offer runs from sometime today (19th Dec) through to the 3rd of January.

The offer covers both their Open Source books, but also their Enterprise books as well (lots of Oracle and Microsoft publications).

Given the pricing you can’t go wrong.  I know last year I ended up with about 6 months of technical reading.

Checkout :  http://bit.ly/1jdCr2W

Crazy intro to the instruments of a rock band

25 Monday Nov 2013

Posted by in General, Music

Leave a comment

Tags

,

I came across a series of YouTube videos that give the history of different instruments used in a rock band (well perhaps except for the accordion), we are assuming that the series is yet to do the treatment for the synth.  Each video is between 5 and 10 minutes long. Each video is opened with the cheesiest music ever. But then things get better, a lot better.  Each video has the band with the instrument featured up front, with someone who has to stand like a complete plank whilst MTV like facts are layed onto the board hung over their shoulders.

The band then play the instruments, changing as necessary playing snippets of great music to illustrate evolution of the way the instrument is used, and it great fun to try name the snippets used. But if you’re not sure the pieces are credited if you look carefully near the bottom left of the screen.

Part 1 – Guitar:

Part 2 – Drums:

Part 3 – Accordian:

Part 4 – Bass:

Part 5

SOA Pattern Books

25 Monday Nov 2013

Posted by in Books, General, Technology

Leave a comment

Tags

Just as I wrap up the tech reviewing of one book, Packt invite me to start another. This time a book has the working title of SOA Patterns on the Oracle Platform (no link yet – too early). This is certainly going to be a substantial book with about 12 chapters running to about 50 pages per chapter (certainly for the first 4 chapters). Unlike a lot of the more functional Oracle books I’ve seen from Oracle this is low on graphics and screen shots and high on textual content.

So far the book has given me cause to stop and think hard about the points the author is trying to make and then demonstrate. In some respects like the definitive texts by Thomas Erl, however where Erl is solution agnostic, this book is trying to bring the patterns to life through placing them into a scenario and describing the challenges and implementation approaches in terms of the Oracle platform, particularly BPEL, Mediators, rules engines and SCA (i.e. Oracle SOA Suite).  I have laughed, as I found the book referencing back to Apache Camel.

All of this does mean that the review process is more time consuming than I had anticipated, if the review feedback is taken then I think it will have been a very worthwhile experience.  Watch this space, and I’ll blog on this one once we see the final copy, if not before.

Books, Books & More Books

15 Tuesday Oct 2013

Posted by in Books, Technology

1 Comment

Tags

, , , , , , , , , ,

The blog posts have been a bit slow of late as I’ve been deep into reviewing books for Packt Publishing.  But thought I’d share the fact that Packt are running a big promotion at the moment, offering 50% off all their books if you use the discount code COL50 as part of the celebration of Columbus Day.  The offer currently runs until the Thursday 17th October.

As for books, well I’ve just finished reviewing the Apache Camel Developer’s Cookbook by Jakub Korab and Scott Cranton (Amazon have it currently listed as Camel Enterprise Cookbook.

The version of the book I’ve reviewed was very, very good. I have to admit I went into reviewing this book with high expectations given the fact I’ve worked with Jakub and know the calibre of his output whilst he was consulting for FuseSource (now part of RedHat JBoss) and I’ve not been disappointed.

You can read the book as either a guide to Apache Camel as each recipe builds upon the preceding recipe; or as a dive in as you need a solution to a problem as each recipe pretty much stands up in its own right (cross referencing other supporting recipes or key preceding recipes).  The book explains not only how to do something – from simple routing & filtering through to XA transactions with one of the leading orchestration technology frameworks.

From Jakub & Scott’s fine technical guide, I’ve started to look at a book on Applied SOA Patterns on the Oracle Platform part of Packt’s Enterprise series of books.  I cant say too much on this book yet – it is going to be a fairly chunky book at around 500 pages.  Will post more once we’ve got well into the book I’m sure.

Art of the Conference Session

22 Sunday Sep 2013

Posted by in General

Leave a comment

Tags

I am fortunate enough to work for a company who is prepared to fly its staff across the Atlantic to attend a conference – which means I’m at one of the biggest (maybe the biggest) IT conference in the world – Oracle Open World.

Day 1 is a bit of a precursor with all the sessions being driven by various user groups. With about 30 sessions running at anyone time today it’s a job just to work out which sessions to attend.

This gives me my 1st observation of the day – if session is a panel based then say in the title. I attended one session that was meant to cover the development ecosystem, with the expectation of either getting a better handle on tooling around development of things like PL/SQL or perhaps the adoption of more contemporary tooling such as Maven or Git. What happened we heard was a conversation between a couple of panelists which really left me thinking that a lot of Oracle development is still in the dark ages technically, didn’t really appreciate what Agile says about documentation and the world was either agile or waterfall – the fact that Oracle Unified Methodology (OUM) is a derivative of the iterative RUP model.

The second observation is, tell me something don’t just throw facts at me with just slides full of bullets, you won’t hold people’s attention. In fact one session resulted in people walking out in droves.

That said, we also saw some very good presentations, and in fact these tended to keep amount amount of slide content down, but there is a narrative, building and emphasising key points. The presenter spoke with an intonation that showed that they where presenting because it was a subject they cared about and wanted to share their understanding, not because they want kudos for appearing.

The last lesson, is declare whether slides etc will be made available, so you have people’s full attention, rather than them bashing at their mobile devices making unnecessary notes. Although this sounds counter intuitive to the previous point you can enrich the slides with notes, to support later slide review.

SQL Static Code analysis for MySQL

05 Thursday Sep 2013

Posted by in General, Technology

Leave a comment

Tags

, , , ,

With MySQL now capable of features such as stored procedures and functions the need for tooling to support SQL code quality is greater than ever. A number of tools provide editors with syntax support and all the fancy features you’d expect from a modern IDE (see Toad as a leading product).

However the means to assess the quality of the procedures or scripts written for MySQL or the divergence from ISO standards doesn’t exist, although plenty of options exist for T-SQL (MS SQL Server), PL/SQL (Oracle) and even some tooling for DB2 and Informix.

The value of the static analysis tool means you can implement quality measures, controls and reporting through Continuous Integration tooling such as Jenkins, Sonar etc. All of which is a little ironic when you consider a lot of energy in CI (and Continuous Delivery appears to come from the open source community) which usually supports MySQL as one of the 1st options for databases.

Does this mean there is a gap in the market? Such capabilities dont seem to be in the MySQL WorkBench roadmap. Would love to know what people think?

Of course if you can support MySQL, then the offshoots such as MariaDB wouldn’t be too difficult.

The Waze Way

02 Monday Sep 2013

Posted by in General

Leave a comment

Tags

,

I have recently been introduced to the Sat Nav app Waze with its social capabilities that users to update the maps with events such as traffic jams, accidents speed cameras and so on.

This weekend, we went away and as my wife has the family car, she tends to do the driving – great I can have a beer. But on the long motorway runs I get bored and nod off, much to my wife’s disatisfaction. So this time I elected to keep from nodding off by comparing my wife’s car built in Sat Nav (which has data feeds on accidents etc) and Waze with its social feed information and its routing algorithms.

In terms of routing – the car and Waze are as good as each other, Waze might even have a slight edge as when we had to divert to avoid an accident it took us around a town’s high street where as the car took straight through the middle of a town with its particularly slow traffic.

The car did at least give us earlier warning of events ahead on the route we where following, although Waze allowed us to get a better sense of the severity of the issue based on the number of traffic jam reports, how old they where and so on.

What really was amusing was as a passenger I could sit looking for problems and broken down vehicles etc etc to report and pickup points (given I told friends given I travel a lot more I’d have to outstrip them on the social scoring soon).

This got me to thinking, what stops something like Waze from being extended to keeping the children entertained with a ‘car bingo’ or ‘eye spy’ given that children could add information to Waze to allow additional information and it be shared in the same manner as the serious stuff.

UK Supermarket CD sales

18 Sunday Aug 2013

Posted by in Music

Leave a comment

Tags

, , ,

A few years back the UK major supermarkets took on the high street music retailers such as HMV and Virgin (who became Zavvi and then went under).

At the time I wasn’t overly concerned as I felt HMV and co had been over priced when it came to the charts – and harming the music business. A premium on back catalogue or obscure titles is the price of the store taking the risk of holding something they may not be able to sell and ok by me. So some pricing competition on the top 20 charts couldn’t hurt.

The outcome was a lot of belly aching about how supermarkets would destroy the high street rather than taking the battle to the super markets. As it turns out that skirmish was nothing to the growth of the net and Amazon particularly.

Back to today; having just been into a reasonably sized Tesco to get some shopping I was up for some instant CD gratification in the form of Daft Punk’s latest opus (official UK charts put it at no 23 UK Charts). But not a hint of it, with a couple of exceptions the store reflected nothing of the biggest selling names, the shelves are stuffed with compilations.

So who wins, well the music business aren’t selling more albums feeding and inspiring artists which will produce material for the future compilations. This means buying drops in turn the supermarkets actually losing out.

As for me, I shall start avoiding the supermarkets – instant gratification will come from the indie stores or dare I say it HMV – a name I used to consider the enemy of sensible pricing and good taste.