Friday, 2 May 2008
Wednesday, 16 April 2008
Updated Digg stats
Posted by
Richard Cunningham
at
23:14
0
comments
Saturday, 1 March 2008
phpMyAdmin 2.11.5 / PMASA-2008-1
Posted by
Richard Cunningham
at
13:41
0
comments
Labels: security
Friday, 8 February 2008
More Digg stats
First up is the digg stories by number of popular stories rather than percentages:
I also looked at what Technology is made up of. It perhaps not surprising that a lot of the news is about Apple (dark blue) or Linux (light blue), with the generic "Industry News" making up the majority:
and here is the same data by percentage:
I wanted to get some of the data for submissions though it seems I can't get data from the API for that from before the 30th December, last year.
Posted by
Richard Cunningham
at
17:36
0
comments
Labels: digg
Tuesday, 5 February 2008
Tech stories percentage dropping on Digg

Posted by
Richard Cunningham
at
19:39
2
comments
Labels: digg
Wednesday, 21 November 2007
Loss of 25m child benefit records
It should be clear to any organization, that handles this kind of data, especially in this volume, that security is of paramount importance. Here some the security measures I think should have been in place and would have prevented this from happening:
- No one should be able to download large portions of the data without special procedures for data security being enforced (say more than 1,000 records)
- Any data that is transfered should be encrypted with strong cryptography. The key(s) to this encryption should be sent separately to the data and only after the data is acknowledged to arrived safely.
- All data of this type should be sent by a secure transportation company such as Securicor.
- If at all possible the data should never leave the secure site where it is normally resident
- If anyone requests data the bare minimum that they require should be provided with no extra fields.
- Anyone who goes anywhere near this kind of data should be given comprehensive security training.
The sad fact is that any security professional or group should have been able to tell them this (and whole lot more for other scenarios), but for some reason HM Revenue and Customs didn't take this type of advice or maybe didn't implement it properly.
Before this story surfaced I had already been very skeptical of the ID cards project. It would be very hard to keep this data safe. If the data were ever lost it would be a lot more serious than what has been lost in this case, both in the number of people and the amount of data about each person. I am now even more skeptical since it seems the government can't even handle quite basic data security concepts like the ones I have outlined.
Posted by
Richard Cunningham
at
21:15
1 comments
Labels: security
Tuesday, 7 August 2007
What is Oracle's Linux strategy?
Recently Mark Shuttleworth was quoted as saying "They are hiring too many people just to deliver patches. My assumption is that they are on track to fork and build their own distribution." Now you have to wonder if they really want to get into distribution race to compete with RedHat and Novell (the most established enterprise players).
Oracle don't have much experience selling operating systems, so, what I think they are doing instead is creating a platform that the Oracle Database and other applications can run on.
I imagine most big companies have local staff that know Oracle and they put it on whatever machines they normally use for that type of thing be that Linux, Solaris, Windows or something else. These companies then have all the staff and infrastructure to maintain it.
In smaller companies, what they do seems less clear to me, they might not have a full time Oracle person or even a systems person. Given these types of failings they might go with something they think they can handle such as Microsoft's SQL server or MySQL.
As an alternative in these smaller companies Oracle could provide a complete software stack with a configured OS, Oracle and management facilities. Oracle could then maintain this system remotely (for a fee) for the company. The advantage of this approach is that Oracle can push their products to anyone who can afford them regardless of what local staffing they have.
The other problem they would avoid with this approach is, trying to get fixes against MS Windows. With Linux they know they can develop a fix in house and push it directly to the customer, if they need to, but with Windows they need to wait on Microsoft to provide a fix which probably takes a long time. Also Microsoft competes with them in the same market so they have no reason to co-operate particularly well. This would not be problem if these small companies were using Linux, but it seems a lot of small businesses use Windows exclusively. If Oracle provides and manages the Linux box, then it can sell to these companies that would otherwise be using Windows, as all the customer needs to know is that it is the Oracle Box and Oracle will fix it if it breaks.
Vertical integration is the term for this I think.
Posted by
Richard Cunningham
at
23:19
0
comments
Subscribe to:
Posts (Atom)