Safe-to-fail experiments can be used in complex environments to probe, sense, and respond. You have to know what success and failure look like and need to be able to dampen or amplify the effect of probing to handle potential failures. Safe-to-fail experiments can help you to deal with risks and uncertainty, learn, and keep your options open.
After a three month preview since re:Invent 2016, Amazon Web Services has recently moved AWS Organizations to general availability. The new service allows to centrally manage multiple AWS accounts within a hierarchy of organizational units and attach service control policies with fine-grained access permissions. AWS Organizations also supersede the formerly separate consolidated billing feature.
A researcher from Federacy released a report analyzing vulnerabilities in Docker images in public repositories. 24% of images were found to have significant vulnerabilities, with Ubuntu based ones having the most and Debian based ones having the least.
JEP 290, which allows filtering of incoming data when deserialising an object, and was initially targeted to Java 9, has been backported to Java 6, 7, and 8. The feature provides a mechanism to filter incoming data in an object input stream as it is being processed, and can help prevent deserialisation vulnerabilities like the one that affected Apache Commons and other libraries a while back.
Apache Ranger, a security management framework for Apache Hadoop ecosystem, graduated to top level. Ranger is used as a centralized component to define and administer security policies that are enforced across supported Hadoop components such as Apache HBase, Hadoop (HDFS and YARN), Apache Hive, Apache Kafka, Apache Solr, among others.
A recent study has found that 37% of Alexa top 75K websites has at least one vulnerability and almost 10% at least two. Maybe even more shockingly, 26% of Alexa top 500 websites use vulnerable libraries.
The newly formed Enterprise Ethereum Alliance has published a Vision Paper outlining “a vision for users and stakeholders to propose, implement, and integrate advances to the Ethereum protocol with support for Enterprise Ethereum protocols.” In this paper the EEA discusses many topics related to Pluggable Consensus, interoperability, Ethereum protocol updates, storage and performance.
The main benefit of continuous delivery is lower-risk releases; comprehensive test automation and continuous integration are practices that have the biggest impact on IT performance. Research of continuous delivery and IT performance tells us that implementing continuous delivery practices leads to higher IT performance and high performers achieve both higher tempo and higher levels of stability.
In a recent blog post, Microsoft announced their participation in the newly formed Enterprise Ethereum Alliance. The mission for this alliance is to learn from and build upon the only smart contract supporting blockchain currently running in real-world production and to define enterprise-grade software capable of handling the most complex, highly demanding applications at the speed of business.
At the recent World Government Summit, Hexayurt Capital and ConsenSys released a paper called “Building the Hyperconnected Future on Blockchains.” The purpose of the paper was to provide an Internet of Agreements (IoA) strategy and roadmap for the next wave of innovation in order to drive Globalization 2.0.
Atlassian has announced two new features aimed to make Bitbucket more secure: IP whitelisting and required two-factor verification.
A buffer overflow bug has caused a small number of requests to Cloudflare proxies to leak data from unrelated requests, including potentially sensitive data such as passwords and other secrets. The issue, which has been named ‘Cloudbleed’, was discovered by Google Project Zero vulnerability researcher Tavis Ormandy.
NIST has released a public draft of new Digital Identity Guidelines, described as “a significant update from past revisions.” The guidelines describe acceptable use of multi-factor authentication (MFA). Furthermore, when using biometric data as one authentication factor, it must be combined with something you have, and not something you know, such as a password.
Testing techniques like Equivalence Partitioning, Boundary Value Analysis, and Risk-based Testing can help you decide what to test and when to automate a test. InfoQ spoke with Adrian Bolboacă about different types of tests, writing sufficient and good acceptance tests, criteria to decide to automate a test, and how to apply test automation to create executable specifications.
Tracking "who did what" in a self-service public cloud can be challenging. With Google Cloud Audit Logging, Google captures log streams for seventeen services in Google Cloud Platform (GCP) .