Posted by Slackware Security Team on Dec 09[slackware-security] php (SSA:2018-341-01)
New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
Several security bugs have been fixed in this release:
Segfault when using convert.quoted-printable-encode filter.
Null pointer dereference in imap_mail.
imap_open allows to run arbitrary shell commands via...
Posted by Michael Gilbert on Dec 09-------------------------------------------------------------------------
Debian Security Advisory DSA-4352-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
December 07, 2018 https://www.debian.org/security/faq
Package : chromium-browser
CVE ID : CVE-2018-17480...
Posted by Salvatore Bonaccorso on Dec 09-------------------------------------------------------------------------
Debian Security Advisory DSA-4351-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
December 07, 2018 https://www.debian.org/security/faq
Package : libphp-phpmailer
CVE ID : CVE-2018-19296
IBM is selling seven of its software services to an Indian company for $1.8bn, it was announced this Friday morning. The services IBM agreed to sell are Appscan for secure application development, BigFix for secure device management, Unica for marketing automation, Commerce for omni-channel eCommerce, Portal for digital experience, Notes & Domino for email and low-code rapid application development, and Connections for workstream collaboration.
The buyer is HCL Technologies and if the deal comes through, it will be the biggest acquisition an Indian company has ever done. For IBM, the benefit is clear – getting its hands on some cash, while it offloads a few services and focuses more on cloud.
For HCL, however, the benefit isn't that clear. Reuters says it will allow it to compete with bigger rivals such as TCS and Infosys easier. The company itself claims the acquisition will boost its scaling efforts in areas such as retail, financial services and transportation.
It will also add some $650m in revenue.
However, analysts are arguing that such an acquisition makes no sense. “I don’t think it will help HCL on a long term basis ... this deal is a negative from HCL’s standpoint,” said Sudheer Guntupalli, a technology sector analyst with Ambit Capital in Mumbai.
“They already have IT partnerships for five of the seven products in the deal. So there would hardly be any incremental benefits on a qualitative basis,“ he added.
Image Credit: Majestic B / Shutterstock
Millions of citizens in the United Kingdom were unable to use their mobile phones to call, text or use 4G on a number of mobile service providers, due to expired certificates, it was confirmed on Thursday.
Ericsson, which builds most of the backend tech for the majority of cellular network providers, said the downtime was caused by an expired certificated in a version of its management software that some EU-based telecommunications companies use.
In order to restore the service, certificates to all affected core network nodes need to be reissued.
"During December 6, 2018, Ericsson has identified an issue in certain nodes in the core network resulting in network disturbances for a limited number of customers in multiple countries using two specific software versions of the SGSN–MME (Serving GPRS Support Node – Mobility Management Entity)," Ericsson said, adding that a ‘limited number of customers’ were affected.
“An initial root cause analysis indicates that the main issue was an expired certificate in the software versions installed with these customers. A complete and comprehensive root cause analysis is still in progress. Our focus is now on solving the immediate issues.”
The biggest network that was affected by the error was O2, but also included other networks that rely on O2: GiffGaff, Sky Mobile, Lyca, and Tesco Mobile.
"During the course of December 6, most of the affected customers’ network services have been successfully restored," Ericsson continued. "We are working closely with the remaining customers that are still experiencing issues."
But it’s not just consumer usage that was affected. Some services were also disrupted, like the Transport for London or the NHS, both of which couldn’t offer full service during the time.
Image source: Shutterstock/ Supphachai Salaeman
Amazon wants to bring its cashierless stores to airports, according to reports.
Reuters reported an alleged email correspondence between representatives of Amazon and a technology adviser who supports Los Angeles International, one of the biggest airports in California.
The email chat shows Amazon representatives suggesting a chat with airport managers about a number of different ways to do business together, Amazon Go included. Airport managers responded positively.
An airport information technology manager apparently wrote: “I am looking forward to moving forward with the Amazon Go technology at the airport.”
Other than that, information is scarce, and all parties are tight-lipped. What we do know, from Reuters' report, is that Amazon will have to undergo a competitive bid process to become a concessionaire, as is typical.
Amazon Go is a futuristic type of retail store in which there are no cashiers. Instead, consumers install a mobile app which tracks their movement through the store, while in-store cameras track what they pick up. Once they leave, the app simply charges their card for the items they took out.
Amazon has opened seven of the stores to the public since January: in Chicago, San Francisco and its hometown Seattle. Reuters says these are catering mostly to 'workers in nearby offices looking for a quick lunch'.
Image Credit: OCSICO
Online shopping, including both computers and mobile devices, now accounts for more than half of all shopping in the UK, new research has found.
According to a report by Mastercard, only 43 per cent of spending is now done in stores, and of the 57 per cent that's spent online, 27 per cent is done through mobile devices.
Most often, people buy clothes and accessories. Food and beverage is the second most popular category, with 45 per cent of UK shoppers buying something to eat or drink with their mobile device - which is also the highest percentage in all of Europe.
The vast majority buy items from their sofa (80 per cent), but there have been a few instances of impulse shopping, with people buying stuff while laying in a bathtub (six per cent).
Janne Karppinen, Head of Retail at Mastercard UK, said: “Technology will have an increasingly important role in helping retailers woo shoppers back to the high street. The most successful stores are always gearing themselves around the overall shopping experience. These shops are becoming places to interact and personalise products rather than simply a place to buy things. We expect to see this trend to grow as smaller retailers realise they can offer something the online world can’t.”
Image Credit: StockSnap / Pixabay
In 2018, despite experts estimating that up to 70 per cent of applications have moved to the cloud, the transformational promise of the cloud has fallen short of the hype and expectations. In a recent survey of IT decision makers, 85 per cent still say they are still years away from fully realising the benefits of the cloud, citing monthly cloud application disruptions and networks that can’t keep pace with demands.
The problem is that today’s router-centric WAN approaches can’t keep up because over the past few years network traffic patterns have shifted, the fundamental nature of applications has changed, and security needs are different when everything is open and connected in the cloud. Moving into 2019 and beyond, this will be amplified, driven by the everchanging needs of business, the continuous evolution of every cloud and cloud application, and the uniqueness of every cloud and application environment. Plus, all of this must be managed across thousands of locations, which are all different.
SD-WAN has gained traction among customers as a means to help enterprises better align their networks to their digital transformation and cloud initiatives. IT leaders are turning to advanced SD-WAN platforms shifting toward a business-first networking model, where network resources are priority-driven to give each application the resources it truly needs. A business-driven SD-WAN edge platform ensures that performance, security and routing are dictated by top-down business policies, not bottom-up technology constraints.
Throughout 2019, SD-WAN is set to further change the business landscape, unlocking the cloud’s potential and empowering businesses. Here are a few of the changes that we predict will happen in the market in 2019 and beyond:
- SD-WAN market consolidation
SD-WAN market and vendor consolidation will continue with a few vendors separating from the pack and leading the way forward. Enterprises will begin to realise that they need more than just basic SD-WAN functionality to address their evolving requirements at the WAN Edge. Consolidation will force out the vendors that have merely added a handful of rudimentary features in an effort to participate in the SD-WAN market. This will ultimately reduce market noise and confusion and accelerate enterprise SD-WAN deployments globally.
- Basic SD-WAN solutions fall short
The inability for basic SD-WAN offerings to address evolving customer WAN requirements will lead to disappointment for some early adopters. Enterprises that started with high expectations for their SD-WAN deployments will hit roadblocks across real-world production environments, concluding that basic SD-WAN is not good enough. They will ultimately realise that they must turn to vendors with proven WAN experience and a unified WAN edge platform.
- Enterprises shift to a business-first networking model
The market will move toward a business-first networking model. Rather than constraining the business with network limitations, a business-first network model explicitly supports and accelerates new business initiatives. Instead of configuring the network one device at a time, IT will be able to describe the businesses’ needs at a high-level. A business-first networking model will be powered by a self-driving wide area network platform that uses automation and machine learning to implement high-level business intent and will continuously learn and adapt to ensure the network “just works”.
- Adaptive local internet breakout requires advanced techniques
Even though most enterprises want to breakout internet traffic locally, they will discover that basic SD-WAN offerings which rely on deep packet inspection (DPI) for application classification fall short of real-world requirements. Advanced classification techniques with automated updates are required to distinguish between white listed traffic for local breakout vs traffic that requires further inspection via next-gen firewall or cloud security services.
- SD-WAN and UCaaS come together
Real-time Software-as-a-Service (SaaS) services such as cloud hosted voice and video will increasingly become a key driver in SD-WAN deployments. As enterprises transition to broadband, they will expect the quality, availability and reliability meets or exceeds their traditional telephony solutions. SD-WAN and Unified Communications-as-a-Service (UCaaS) providers will partner together to deliver robust high-quality voice services over broadband.
- WAN segmentation – key to securing the enterprise
As the threat landscape shifts, enterprises will search for ways to improve their security architecture and will more broadly deploy WAN segmentation as part of their overall security strategy. The traditional router-centric WAN allows any application in any branch to talk to any other application or branch meaning that if there is a breach anywhere, it can spread everywhere. Advanced SD-WAN platforms will be deployed to simply and consistently segment network traffic across the wide area network to limit exposure and contain threats.
- Cloud security services go mainstream
Cloud security services go mainstream, becoming a simpler and more cost-effective alternative to deploying and continually maintaining complex next-gen firewalls at all branch locations. The SD-WAN edge becomes a natural on-ramp to these services. Advanced SD-WAN edge platforms enable enterprises to fully automate security service chaining and implement a mix of best-of-breed on-premise, data centre and cloud security services on an application-by-application basis.
- A unified SD-WAN platform for multi-cloud deployments
As more enterprises use multiple clouds, SD-WAN will provide a uniform fabric between physical locations and across cloud instances. Automation will make adding new cloud instances easy and fast, despite the inherent complexities and idiosyncrasies of each underlying cloud environment. By utilising multiple paths between physical locations and each cloud instance, an advanced SD-WAN platform will deliver a more reliable and consistent user experience.
- 5G holds promise as an attractive SD-WAN transport option
In 2019, we’ll see initial pockets of 5G deployment. To date, 4G access has primarily been used as a backup to higher bandwidth broadband internet connectivity because of its relatively low capacity and high cost per bit. 5G wireless access promises higher throughput rates and if priced appropriately, will become an attractive addition to the portfolio of SD-WAN transport options which today include broadband, DIA and MPLS. 5G could deliver a unique combination of fast deployment, diverse connectivity and high bandwidth that accelerates the adoption of broadband SD-WANs.
Ultimately, with cloud adoption continuing to accelerate, companies are expecting to reap the benefits of cloud applications and services, while demanding more control and higher security measures than ever before. As such, more and more organisations are shifting toward a business-first networking model to redefine their WAN and have the network performing based on business intent rather than being constrained by network capabilities.
David Hughes, CEO, Silver Peak
Image Credit: Sergey Nivens / Shutterstock
Japan is getting ready to close its doors to Huawei, ZTE and other Chinese technology companies.
According to media reports, the Japanese government will be revising its internal rules on procurement early next week in a bid to boost national cybersecurity.
No specific companies will be mentioned in the internal rules, but it was said that the measures will boost security that applies to both ZTE and Huawei. The Japanese government has been relatively quiet on the matter, with chief government spokesman only saying that the country was in touch with the States.
“Cybersecurity is becoming an important issue in Japan,” he told a regular news conference. “We’ll take firm measures looking at it from a variety of perspectives.”
Both ZTE and Huawei are yet to comment, while the Chinese government reacted, expressing ‘serious concern’. “We hope the Japanese side can provide a fair competition environment for Chinese companies operating in Japan and not do anything to harm bilateral cooperation and mutual trust.”
Huawei and ZTE got caught in the middle of a trade war between the United States and China. ZTE was first fined $1bn and was forced to completely overhaul its boardroom, after it was discovered that it violated an agreement with the US and exported US-built tech to Iran and North Korea.
Huawei, on the other hand, is being accused of helping the Chinese government conduct espionage against its adversaries. For that reason, an increasing number of countries around the world are banning Huawei from participating in the building of their 5G infrastructure.
Image Credit: J.Lekavicius / Shutterstock
The market for public cloud services is on the upswing.
According to Gartner, it’s projected to be worth over $200 billion in 2019. Of the market segments that comprise public cloud, Infrastructure as a Service (IaaS) is the fastest-growing, with expected growth of more than 27 percent next year.
This market growth prompts the question: Which monolithic corporation will lay claim to the largest share? The answer is that it’s an ongoing race. But as three corporate giants contend for cloud dominance — and niche players give them a run for their money — what are the implications of the cloud wars for enterprise customers, both in 2019 and beyond?Cloud wars: A brief rundown
Over the past few years, there’s been a battle for control of the cloud among three market leaders: Amazon, Microsoft and Google. And while Amazon could have laid claim to the title back in 2015 — with a 30 percent IaaS market share at the time — the race has become much tighter in the years since, both due to the acceleration of Microsoft and Google’s offerings and the evolution of new and growing cloud providers.
In 2017, Microsoft posted a cloud revenue of $18.6 billion, surpassing Amazon. As former Oracle Chief Communications Officer Bob Evans pointed out in a 2017 piece for Forbes, one reason Microsoft edged out Amazon is because of the breadth of its offerings: Whereas Amazon’s product has largely focused on IaaS, Microsoft has taken a more holistic approach to building out its Azure Stack, focusing on Platform as a Service (PaaS) and Software as a Service (SaaS) offerings.
But it’s not just the expected enterprises that are fuelling the cloud wars; once-small players like IBM, Oracle and Alibaba are helping to expand the competitive landscape. Oracle in particular has made significant strides in its cloud marketplace. In its 2018 Q3 earnings summary, Oracle reported that IaaS revenue growth was up 28 percent year-over-year. The upward trajectory of traditionally niche players like Oracle coupled with heated competition among the big three has made 2018 a transformative year for the cloud.Key cloud war takeaways heading into 2019
In reviewing a year of heated and varied competition, there are two key themes that have emerged as central to 2018’s cloud wars, and which help set the stage for 2019:
- Market consolidation: While some formerly niche players have emerged as notable cloud forces in 2018, smaller cloud players have in large part fallen off the map. VMWare and CenturyLink, for instance, are no longer part of the cloud wars conversation (the latter experienced a stock market tumble recently that’s called into question its longevity as a company). As Gartner’s May 2018 Magic Quadrant asserts, there are only six players that are still part of the cloud IaaS market: The Big Three (Amazon, Microsoft, Google), in addition to three that Gartner characterises as “Niche Players”: Oracle, Alibaba and IBM. This consolidation of the IaaS market sets the stage for a new year that will see the three smaller players double down on growth strategies aimed at evolving from niche into major player.
- Oracle’s strategic emergence: While 2018 has been a good year for the niche players, Oracle’s strategy deserves a deeper dive. Despite a comparatively late arrival to the IaaS market, the company has made up for lost time in 2018 by focusing on building its enterprise community. In terms of growth strategy, Oracle has focused closely on its database, building out its autonomous, self-healing, high-performing platform. This focus on database is a good strategic move, since the database is the first place many enterprises look when deciding on a cloud provider.
Moving into 2019, Oracle’s focus on the database will likely pay off with a bigger market share. For enterprise IT leaders in particular — who are often very discerning in terms of identifying a solution that aligns with and augments their overall strategy — Oracle’s focus on its database, enterprise applications and features will be a differentiator. Oracle’s enterprise focus, coupled with the relative newness of its offering, places it in a unique position to take a potentially significant market share from The Big Three in the new year.How enterprise customers can maximise the cloud wars
As the cloud wars rage into 2019, what does this mean for enterprise customers? Can businesses looking to leverage a cost-effective, features-rich and scalable cloud platform use the cloud wars to their advantage?
The answer is yes — but only if enterprises pursue IT spending and cloud computing strategically. Here are some important cloud computing considerations enterprises should bear in mind as they prepare for the new year:
- Focus on a multi-cloud strategy: Despite the fact that six industry players are vying for cloud dominance, from an enterprise perspective, the cloud is hardly a single-player game. Increasingly — and particularly over the past few months — there has been an enterprise push to adopt a multi-cloud strategy. Not only does this approach allow companies to avoid the dreaded vendor lock-in; it also enables them to make decisions based on performance, reliability, security and cost — all of which create a more cost-effective and scalable cloud strategy.
- Do a platform audit: For enterprise, what made sense as a cost-saving cloud solution two years ago could be racking up the bills now. That’s why it’s important for companies to conduct a comprehensive audit of the platforms they’re using with an eye to where costs can be cut.
- Manage cloud platforms effectively: Deploying a multi-cloud strategy is an important first step, but then there’s the challenge of managing it. While a hybrid cloud architecture provides enterprises with the most cost-effective and autonomous approach to IT, it can quickly become onerous if it’s not properly managed. That’s why many organisations are turning to dedicated solutions providers that help manage a hybrid architecture.
By working strategically to build a multi-cloud strategy — and proactively working to manage it — enterprises can take advantage of the cloud wars’ stiff competition, channelling competing solutions into a hybrid architecture that meets the needs of their business.
Sash Sunkara, co-founder and CEO, RackWare
Image Credit: Everything Possible / Shutterstock
Nearly five million data records are lost or stolen worldwide every single day according to the Breach Level Index. That’s a staggering 58 records every second. It’s no wonder, then, that cybersecurity risk management is now a major strategic priority for organisations the world over, and one that leadership teams are increasingly collaborating to defend against.
Which begs the question: where should the chief information security officer (CISO) sit in the leadership team? There are several options, and a savvy organisation will test out a few different models to see which suits their structure before deciding. But, before contemplating whether to have your CISO report into your chief information officer (CIO) or chief risk officer (CRO) or anything else in between, it’s first important to understand the pros and cons of each.The CIO
Historically, the CISO has reported to the CIO in an organisation and this is often still the case today. Given that the CIO will have the best overall understanding of cybersecurity – and that the CISO is expected to secure IT systems and data under the umbrella of IT – it makes sense for this to be the case.
It’s important to remember, however, that, because their agendas are so closely aligned, CIOs often have competing priorities that may affect the CISO’s cybersecurity agenda. For instance, when it comes to budget, the CIO may prioritise infrastructure and development over the CISO’s security priorities.
Furthermore, as employee training outside of the IT department becomes more of a priority for CISOs – so that employees can stay abreast of new technologies being used in-house, as well as basic cybersecurity procedures – a CISO’s priorities quickly fall out of the CIO’s remit and into other departments.The CRO
We’ve seen a move across to this leadership model in the last year or so – particularly when it comes to organisations in the financial services industry. While it’s certainly true that the CRO tends not to report into the CEO (and so arguably doesn’t have as much pull as other members of the C-suite), a CISO is, in many ways, best placed in the risk team.
After all, by virtue of the fact that a CRO team addresses risk, and that cybersecurity poses a very specific risk to all organisations, underneath the CRO is a good option. Businesses relying on greater insight into enterprise risks should recognise cyber risk is a big part of this, and a CISO therefore would need to be consulted.The CFO
When it comes to placing your CISO below the chief financial officer (CFO), the most significant benefit is that it means the CISO has some serious sway when it comes to getting financial backing from the board. When it comes to CFO making critical decisions about cybersecurity spending, it makes sense to position them next to the CISO who knows the most about how and where spending should be committed.
However, proving to the CFO that they will see a return on their investment in cybersecurity, and successfully returning on that investment, can often be an uphill climb for any CISO.The CLO
A CISO reporting into a chief legal officer (CLO)? It’s certainly more unusual, but not beyond the realms of possibility and rationale. After all, if an organisation is to truly accept the risks – not just financial, but also reputational – involved with cybersecurity and any data breach, the legal team should always be involved. Especially in the wake of the general data protection regulation (GDPR) being implemented earlier this year; legal officers, of course, handle all issues related to governance and compliance.
The negatives? Well, cybersecurity isn’t a legal team’s priority as such so when it comes to dealing with the CISO, it’s likely to be on a much more episodic and inconsistent basis than they might like.The CEO
The CISO reporting into the CEO directly, however logical, is still rare. Unless the organisation in question is particularly tech savvy (e.g. a tech company), they’re unlikely to have placed the importance of cybersecurity at such a high level yet. Nevertheless, I’d recommend it.
Reporting to the CEO maintains the independence of the CISO role and can enable a fuller, more open discussion with all the senior stakeholders. Yet adding the CISO to the CEOs direct reports runs against a trend of CEOs seeking to reduce rather than increase the number of principals who directly report to them. CEOs want less not more distraction from their focus on strategy an operational leadership.
This perhaps explains why those predictions of CISOs reporting to CEOs haven’t yet been realised. Many CEOs actually may prefer their CISO reporting into the CIO who can then filter out relevant information.The Board
Several companies have considered this, and it is worth testing out whether having the CISO report directly to the board of directors or one of its committees is successful.
The board’s prime responsibility is to supervise management. As organisations become more digital the board needs to know the unvarnished truth of an organisation’s cyber performance. A CISO who directly reports to the board can facilitate the process of exchanging critical information that isn’t sanitised. These sessions also could allow the board to get discrete cyber information outside of the main board meetings when their attention is drowned out by a plethora of other issues. A major challenge with this model is whether the board contains enough knowledge of cybersecurity issues to make this engagement meaningful enough.
There’s no right or wrong way to fit the CISO into an organisation, so long as their recommendations are heard by the entire company. Cybersecurity is relevant to each and every department, and as long as they aren’t in any way siloed, the CISO will have a place in any part of the company.
Greg Day, VP & CSO, EMEA, Palo Alto Networks
Image Credit: Totojang1977 / Shutterstock
Businesses have become more tech-savvy than ever before. Digital transformation has been talked about for years – and it’s the challenge that every business is trying to solve and simultaneously stay ahead of. With long-established brands shutting their doors as a result of not being able to adapt to an increasingly digital society, and challenger brands popping up across every sector, digitisation is the key to surviving – and thriving.The evolution of sport and business
We’ve come a long way from dusty racetracks and stopwatches. Technology has improved the accuracy, enjoyment and experiences of both athletes and spectators at sporting events.
From photo finish equipment to goal line tracking, body sensors and Hawk-Eye video review technology – the sports industry has become slick, and awash with technological innovation. And it seems that the record breakers of the future will need to take full advantage of the technology on offer to stay on top. So it is in business – digital transformation is an essential way for any (and every) company to gain and maintain a competitive edge.From stadiums to office buildings
There are many athletic tactics that companies can adopt to become agile and stay on top of their game – working on their own or with a provider:
- Data recording. In sport, this is the ability to record data – using either wearables or smart clothing. These are fitted with sensors that track a player’s performance metrics. Arenas, like smart courts, can also offer these data insights. Using this data can identify ‘marginal gains’ – by identifying weaknesses and areas of improvement – and help athletes improve their game.
In business, having a greater awareness of metrics and data is crucial for success. Just like in sport, data can drive performance. By investing in the right tools, companies can predict customer trends and behaviours and make calculated decisions that will boost sales opportunities and increase customer retention – thus leading to an increased revenue stream.
Data-driven insights will be able to facilitate this process, with Artificial Intelligence (AI) and machine-learning tracking and predicting purchasing habits. This will help companies instantly identify – and better yet, anticipate – and meet consumers’ needs.
- Recuperation. In sport, Michael Phelps – one of the most decorated Olympians of all time – used a hyperbaric (altitude) chamber to increase his white blood cell count via breathing thinner air in the build-up to the Rio Olympics. This allowed him to reduce his body’s recovery time, by circulating more oxygen around whilst swimming. This also ultimately increased his performance.
In business, when mistakes happen, minimal recovery time is crucial – especially when these mistakes involve user information and digital platforms. Investing in business continuity solutions that offer backup and two-channel connections will keep your recovery time down, reduce your costs and help maintain customer trust. It’s also crucial to have a strategy in place, should downtime or disaster strike. Maintaining transparency and following a distinct, mapped-out plan of protocols, processes and strategies will minimise a business’ recovery time.
In addition, performing regular audits will help you identify issues before they strike – thus helping companies both minimise the impact of these events, and maintain brand confidence.
- Critical thinking. In sport, Tour de France cyclists train with special glasses that reveal heart rate, incline and speed. Athletes are also able to cycle and run while being in communication with their trainer via earpieces and headsets – which helps them optimise their performance.
Critical thinking. In sport, Tour de France cyclists train with special glasses that reveal heart rate, incline and speed. Athletes are also able to cycle and run while being in communication with their trainer via earpieces and headsets – which helps them optimise their performance.
Communication is one of the most important aspects of a business model. When different teams, and members within those teams, are speaking and communicating effectively, this will enhance business efficiency and productivity – and minimise mistakes and misunderstandings. In addition, effective communication will empower employees when it comes to tackling tasks autonomously. Good communication empowers a team, and benefits every business, regardless of the sector it operates in.
- The right input. In sport, diet-specific apps make it possible to track the macros and nutritional information of everything you’re putting in your body – to ensure that you’re consuming the right amounts of fat, protein and carbohydrates to reach peak fitness performance levels.
The right input. In sport, diet-specific apps make it possible to track the macros and nutritional information of everything you’re putting in your body – to ensure that you’re consuming the right amounts of fat, protein and carbohydrates to reach peak fitness performance levels.
Planning and forecasting is also important. By predicting pitfalls and problems, and planning for how to protect against them, and recover in the worst-case scenario, businesses will be well-placed to operate (and recuperate) effectively. But this is only achievable if all aspects of a business are constructed and upscaled correctly.
Technology has revolutionised every aspect of our lives – and for businesses to be able to compete in today’s increasingly saturated marketplace, they must embrace the opportunities that digital transformation can provide – or risk falling behind.
Companies without adequate in-house IT resources can source the support of managed service providers, which will help them develop, innovate and stay ahead of the game in today’s rapidly-evolving digital landscape – across all sectors.
Ben Savage, Sales & Marketing Director, Timico
Image Credit: Konica Minolta Business Solutions UK
Across organisations of all sizes, software is driving real business value as it has transformed processes, broken down legacy systems and unleashed the wave of app-driven business models. Software is changing the business landscape, levelling the playing field for businesses of all sizes to compete and innovate through software development.
To stay competitive, market leading businesses are committed to producing software in the right way, adopting the principles of continuous integration, continuous delivery and DevOps. While continuous integration involves automation, builds and quick changes, continuous delivery focuses on moving code through the pipeline. DevOps ties the two principles together and is focused on changing business culture to support and promote collaboration between departments.
Indeed, all organisations want to succeed and reach their development goals across projects. In reality, however, this journey is rarely direct and it often takes time and a collective effort. The role of DevOps is to embrace failure as part of this journey and ensure that if you fail, you fail fast and learn from your mistakes. From this, you can leverage the newly gained insights to improve your process going forward.
However, if there are ways to avoid some of these mistakes, then perhaps many businesses would be able to improve and learn faster. Considering this DevOps philosophy, there are common failures teams are likely to come across. Here are some common mistakes businesses might face and how best learn from them.Typical DevOps failures and how to avoid them:
1) Unforseen lock-outs
It is easy for developers to lock themselves out when automating deployments using configuration as code, forcing them to manually log in to each machine to fix it when an incorrect change is pushed and deployed across all machines.
How to avoid this: Developers must ensure they have the right protections setup, validating configuration, and all the changes put in place frequently and from the early stages of development. By implementing an official process for both application code and infrastructure code changes, companies will reduce the risk of affecting other environments, saving developers time and improving the quality of the project.
2) Deploying out of line
Often developers will run both continuous integration (CI) and continuous delivery (CD) at the same time to speed up automated testing and feedback cycles. A common mistake to avoid when doing this, is to run deployment as well. This will misconfigure the code, implementing new changes to the final product before it has been tested – defeating the purpose of automated testing before deployment.
How to avoid this: It is crucial to put in place certain gates and checks before any code can reach the end user. For example, constructing the CD pipelines so that parallel testing is managed as a gate to production will ensure that tested and validated changes are not automatically deployed.
While DevOps principles state that teams should be able to deploy at any time, deployment must always be managed, occurring at the end of the pipeline after all the required tests, validation checks and approvals before it reaches the customer.
3) Software Configuration Management conflicts
One of the biggest challenges that a DevOps team will face is Software Configuration Management (SCM). It isn’t uncommon for solution architects early on in their career to be given access to Git (source code management and version control tracking system) repositories – which is a sure-fire way to cause problems in the first place. When trying to master the basics of Git, teams will probably encounter merge conflicts, involving one or more conflicts in the program, and detached HEAD’s (when a specific commit is checked out instead of a branch) which are not only difficult to get out of, but any changes made in this mode will be lost.
How to avoid this: It is best practice to put a branching and merging model in place to ensure the appropriate inputs are being fed into the DevOps pipeline to allows continuous integration of any test and deploy changes.
4) Poorly defined objectives
Though developers work together to push code through the pipeline, different teams can be prone to set their own KPIs. For example, a quality engineering team may use the number of tests executed per sprint as a success metric. However, as employees are almost always driven by incentives, the natural tendency would be to add more and more tests, potentially without considering outdated ones. This could affect other teams and increases test cycle time and therefore time to production.
How to avoid this: Understanding the ‘why’ of DevOps is often the most underemphasised, yet critical, lesson in DevOps. Businesses need to develop goals and objectives for that particular initiative, and then align to those goals. Once these goals are defined, the KPIs and success metrics can be aligned to the objectives. Businesses must develop a set of mutual goals, success metrics and KPIs, as this will dictate what gets prioritised when building pipelines.
5) Failure to recognise organisational barriers
A difficulty businesses frequently face is often one of company culture. Failing to fully integrate teams creates a new set of siloes, segregating departments. This causes issues when looking to implement internal development as departments often shift the blame over, rather than evaluate the business as a whole.
How to avoid this: The best way to organise teams is based on subjects such as product or functionality. Additionally, all stakeholders should be included from the start of the software development process to understand the roles of the teams. Together, this will better align stakeholders and development teams to cooperate. This in turn, will enable a business to truly practice DevOps. The culture of DevOps is just as important as the tools and technology when developing software, though it is a difficult element to change.
When taking into account the common mistakes businesses face when implementing DevOps, it is key to recognise that all businesses are different. Consequently, each will experience an individual DevOps journey and its own mishaps. There is no easy way to pull off a DevOps transformation and it certainly cannot be achieved quickly. DevOps will always present a fair share of challenges and lead to some mistakes along the way, the recipe for success is to learn and adapt. Only when doing this, will businesses be able to create their individual DevOps culture.
Brian Dawson, DevOps evangelist, CloudBees
Article contributors: Carlos Sanchez, Laura Frank Tacho, Will Refvem, Juni Mukherjee, Viktor Farcic
Image Credit: Profit_Image / Shutterstock
Posted by Moritz Muehlenhoff on Dec 06-------------------------------------------------------------------------
Debian Security Advisory DSA-4350-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 06, 2018 https://www.debian.org/security/faq
Package : policykit-1
CVE ID : CVE-2018-19788
Posted by Apple Product Security on Dec 06APPLE-SA-2018-12-06-1 watchOS 5.1.2
watchOS 5.1.2 is now available and addresses the following:
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A type confusion issue was addressed with improved
CVE-2018-4303: Mohamed Ghannam (@_simo36)
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute...
Google Chrome's latest version should be of a lot of help to people who can't distinguish between genuine system warnings and fraudulent advertisement posing as system messages.
The latest version, Chrome 71, now blocks ads on abusive sites that prompt fake system warnings, hide, minimise or otherwise limit the use of the close button, and generally do tricky stuff to force people into clicking ads and moving towards another site or landing page.
The version is available now and all Chrome users should get it automatically. It was said that Google won't block the fraudulent sites immediately. Instead, it will give them 30 days to repent and clean up their act.
Besides blocking fraudulent ads, Chrome will also warn its users of any extra costs hiding in plain sight. If a website is trying to trick its users into registering and paying for a subscription or a transaction without being upfront and transparent about it, Google will reach out to them in the same way it will reach out to ad fraudsters.
In this case, as well, webmasters will have 30 days to comply.
Chrome 71 is now available for Windows, Mac and Linux, while mobile users on Android and iOS whould get their version in the coming weeks.
You can find more details about Chrome's latest version on this link.
Image Credit: Earl Jeffson / Flickr
Symantec announced a new USB scanning station that’s aimed at securing business-critical infrastructure. Called Industrial Control System Protection (ICSP) Neural, the offering looks to prevent ‘devastating physical consequences of cyberattacks on operational technology’.
The security company argues that many organisations use legacy systems which are often outdated and quite difficult to secure with traditional security solutions. It says that most companies update their systems through USB devices, which opens up a sea of infection opportunities.
Announcing the new offering, Symantec says 50 per cent of scanned USB devices are infected with malware. Its new solution employs the strengths of artificial intelligence (AI) to detect and remove malware on USB devices.
The process itself is simple and requires no previous knowledge or training. Just connect the device, and the ICSP Neural will emit visualisations and real-time signals through the LED light ring, which indicates if there’s any malware detected or removed.
“USB devices are given away at events, shared between co-workers, and reused again and again for business and personal use, introducing the risk of accidental or malicious infection. The impact of connecting an infected device to a critical system can be devastating,” said Patrick Gardner, senior vice president, advanced threat protection and email security, Symantec.
“Behind the scenes, ICSP Neural retrofits existing infrastructure with a central nervous system utilizing artificial intelligence to protect critical infrastructure. On the front end, a rugged aluminium design embodies a simple, intuitive user experience that clearly highlights potential threats.”
Photo Credit: andriano.cz/Shutterstock
Poor mobile working technology can cost organisations up to $20,000 per employee, every year. This is according to a new report by SOTI. It says that some 1.7 billion workers nowadays rely on mobile tech to perform everyday job functions. Mobility has become business-critical, and even one dropped connection or poorly performing application per shift can translate into almost $20,000 in annual support and productivity loss costs per mobile worker.
Almost a quarter of a working day can get lost, as a consequence of poorly working technology.
The report also states that many organisations aren't using enterprise mobility management solutions, which could offer complete visibility into mobile device and app usage. That could help further streamline business-critical mobility support, improve user experience and mitigate the abovementioned expenses.
To make the irony that much greater, the majority of organisations buy into new tech, looking to improve worker productivity and boost their bottom line.
“If organizations are not leveraging an integrated mobile approach to improve the visibility, management, and support of their business-critical mobility solutions, they are limiting their ability to quickly diagnose and fix issues which directly leads to losses in revenue,” commented Shash Anand, Vice-President of Product Strategy at SOTI.
“Frankly, we were shocked to learn that 30 per cent of respondents reported that they couldn’t determine ROI from mobility. This suggests that IT teams and their internal business partners need to do a better job of showcasing the role that mobility plays in driving revenue and increasing productivity. Once ROI has been determined, there should be no barriers to making mobility investments,” Anand added.
The report states that there are three things organisations can do in order to minimise the impact of failed business-critical mobile solutions, and all revolve around the visibility and ability to remotely manage mobile solutions. Those are securing devices, managing mobile devices, and deploying mobile devices.
The full report with all its details can be found on this link.
Image Credit: Bruce Mars / Pixelbay
A few days ago, the UK's Digital, Culture, Media and Sport Committee released documents which allegedly show Facebook giving app developers special access to user data. Now, Facebook is responding, saying the whole thing was taken out of context and does not portray the whole picture.
In an article posted on the Facebook newsroom, it was said that the change in policies from 2014 and 2015 was done to prevent app developers from getting personal information from users' friends.
“In some situations, when necessary, we allowed developers to access a list of the users' friends" but not those friends' private data,” it was said.
Another issue that was tackled by the UK’s Committee was Android and the collection of call and text logs. Facebook’s answer is that the whole deal is more benign than being interpreted, with the collection was only done to “do things like make better suggestions for people to call in Messenger and rank contact lists in Messenger and Facebook Lite." Facebook even says that it recently analysed the practice and said the data isn’t useful ‘after about a year’.
Zuckerberg is fine with being in the hot seat, but demands whoever covers what they do, does it with due diligence.
“I understand there is a lot of scrutiny on how we run our systems,” he wrote in a Facebook post. “That's healthy given the vast number of people who use our services around the world, and it is right that we are constantly asked to explain what we do. But it's also important that the coverage of what we do -- including the explanation of these internal documents -- doesn't misrepresent our actions or motives. This was an important change to protect our community, and it achieved its goal.”
Image Credit: Anthony Spadafora