The guys interrogate each other live in Phoenix, Arizona! And Brent Spiner joins the show to talk about deciding between Night Court and Star Trek, cop shows in
From Netscape To The iPad
Katie and David discuss best practices for managing email as well as the state of third party email clients for Mac and iOS and how to make Mail.app better through the use of plug-ins and third party services.
The mission continues
William Dodd served for four years as the ambassador to Germany before resigning — after repeated clashes with both Nazi Party officials and the State Department. Erik Larson chronicles Dodd’s time in Berlin in his new book, In the Garden of Beasts.
The O’Reilly Security Podcast: Why tools aren’t always the answer to security problems and the oft overlooked impact of user frustration and fatigue.In this episode of the Security Podcast, I talk with Window Snyder, chief security officer at Fastly. We discuss the fact that many core security best practices aren’t easy to achieve with tools, the importance of not discounting user fatigue and frustration, and the need to personalize security tools and processes to your individual environment.Here are some highlights:
Many security tasks require a hands-on approach
There are a lot of things that we, as an industry, have known how to do for a very long time but that are still expensive and difficult to achieve. This includes things like staying up-to-date with patching or moving to more sophisticated authorization models. These types of tasks generally require significant work, and they might also impose a workflow obstacle to users that’s expensive. Another proven and measurable way to improve security is to review deployments and identify features or systems that are no longer serving their original purpose but are still enabled. If they’re still enabled but no longer serving a purpose, they may may leave you unneccessarily open to vulnerabilities. In these cases, a plan to reduce attack surface by eliminating these features or systems is work that humans generally must do, and it actually does increase the security of your environments in a measurable way because now your attack surface is smaller. These aren’t the sorts of activities that you can throw a tool in front of and feel like you’ve checked a box.
Frustration and fatigue are often overlooked considerations
Realistically, it’s challenging for most organizations to achieve all the things we know we need to do as an industry. Getting the patch window down to a smaller and smaller size is critical for most organizations, but you have to consider this within the context of your organization and its goals. For example, if you’re patching a sensitive system, you may have to balance the need to reduce the patch window with the stability of the production environment. Or if a patch requires you to update users’ work stations, the frustration of having to update their systems and having their machines rebooted might derail productivity. It’s an organizational leap to say that it’s more important to address potential security problems when you are dealing with the very real obstacle of user frustration or security exhaustion. This is complicated by the fact that there’s an infinite parade of things we need to be concerned about.
More is not commensurate to better
It’s reasonable to try to scale security engineering by finding tools you can leverage to help address more of the work that your organization needs. For example, an application security engineer might leverage a source analysis tool. Source analysis tools help scale the number of applications that you can assess in the same amount of time, and that’s reasonable because we all want to make better use of everyone’s time. But without someone tuning the source analysis tool to your specific environment, you might end up with a source analysis tool that finds a lot of issues, creates a lot of flags, and then is overwhelming for the engineering team to try to address because of the sheer amount of data. They might conceivably look at the results and realize that the tool doesn’t understand the mitigations that are already in place or the reasons these issues aren’t going to be a problem and may create a situation where they disregard what the tool identifies. Once fatigue sets in, the tool may well be identifying real problems, but the value the tool contributes ends up being lost.
Magician Penn Jillette has been the vocal half of duo Penn & Teller for more than 40 years. Jillette joins us to talk about his life as a magician, his new
Researchers have shown mathematically that the weirdness of quantum entanglement may be an essential part of the universe’s physics.
The idea that some people learn best from visual or audio materials has been around since the 1950s. But there’s little evidence to support it.
The web has been buzzing about the news that CrashPlan is bowing out of the consumer market with their online backup service, opting to focus on the enterprise market. Should online backup services still be part of our backup strategies? Should there be different considerations for backups vs. archives? Can we get our trust level back? The panel of Joe Kissell, Mark Fuccio, Frederick Van Johnson, and host Chuck Joiner examine why there has been such an outcry over the decision, what CrashPlan did wrong and right with both the announcement and the transition, and offer their thoughts on replacement services.
Chuck Joiner is the producer and host of MacVoices. You can catch up with what he’s doing on Twitter, Facebook, Google+ and LinkedIn.
Subscribe to the show:
iTunes: – Audio in iTunes – Video in iTunes – HD Video in iTunes
Subscribe manually via iTunes or any podcatcher:
Mark Fuccio is actively involved in high tech startup companies, both as a principle at piqsure.com, or as an marketing advisor through his consulting practice Tactics Sells High Tech, Inc. Mark was a proud investor in Microsoft from the mid-1990’s selling in mid 2000, and hopes one day that MSFT will be again an attractive investment. You can contact Mark through his web site or through Twitter.
Joe Kissell is the publisher of Take Control ebooks, as well as the author of over 60 books on a wide variety of tech topics. Keep up with him if you can on his personal site, JoeKissell.com, and on Twitter.
Frederick Van Johnson is a professional photographer host of This Week in Photo, and founder of the TWiP Network – one of the world’s most popular photography-related podcast media properties. Frederick also consults on marketing with a number of photography industry companies.
Frederick began his career as a Combat Photojournalist in the United States Air Force, where he served for 8 years, and was decorated many times for photography. Frederick’s unit was among the first in the military to receive, and put into daily action early digital imaging hardware and software. As a result, he was awarded the Air Force Commendation medal for his key role in facilitating the US Air Force transition from film to digital.
After the military, Frederick went on to study visual communication at the University of California in Santa Barbara, California. Frederick also studied at Brooks Institute in Santa Barbara, where he ultimately became Chairman of the Board of Trustees.
Frederick was also a key member of team responsible for the development of iPhoto, Apple’s award-winning photo management application.
Highly knowledgeable on multiple disciplines of photography, technology, and Internet trends – Frederick is able to discuss how emerging trends and technologies effect and benefit both amateur and professional photographers. Frederick is also author of the popular book “Global Mobile, Connecting without Wires, Walls, or Borders”.
Today Frederick lives in Sacramento, California, and continues to practice photography whenever possible. He has also been known to sneak in playing a game or two on his PlayStation or flying his drone from time to time. You can follow him on Twitter.
Page 1 of 28Older