Monthly Archives: november 2013

Open source belandt tussen wal en schip

29 november 2013
By

Senior Open Source Software Consultant

Expert van Computable voor het topic Open Source

Meer

Het is voor bedrijven noodzakelijk om de snelle veranderingen in onze maatschappij te volgen. Consequentie hiervan is dat zij hun ict-voorzieningen snel aan moeten kunnen passen zonder daarmee concessies te doen aan de beschikbaarheid en veiligheid van systemen en gegevens. Om dit te bereiken worden er afspraken gemaakt over waaraan dergelijke veranderingen moeten voldoen of onder welke condities deze uitgevoerd mogen worden.



Deze afspraken, of wel principes, worden architectuur genoemd. Het architectuurdenken is heel gebruikelijk bij grote bedrijven en organisaties omdat niemand alleen in staat is deze complexiteit te overzien. De interne it-organisatie, externe leveranciers en dienstverleners hebben zich allen te conformeren aan deze (enterprise) architectuur, het zogenaamde: werken onder architectuur.

Architectuur als middel


Voor wat betreft de (infrastructurele) architectuur kunnen dit afspraken zijn over, gegevens, informatie beveiliging, applicaties, interfaces en de infrastructuur zelf. Zo kunnen bijvoorbeeld het aantal operating systemen of databases beperkt worden. Met dergelijke beperkingen wordt de infrastructuur beter te overzien en de organisatie is daardoor beter in staat het beheer uit te voeren. Ook consequenties van wijzigingen zijn zo beter te overzien. Architectuur is daarmee geen doel op zich, maar heeft tot doel een consistente en veilige ict te realiseren waarop efficint wijzigingen doorgevoerd kunnen worden. De architectuur ontwikkelt zich ook in de tijd en zal kan niet statisch zijn. Enterprise architecten zijn verantwoordelijk voor het naleven van de bestaande architectuur en het ontwikkelen daarvan.

Enterprise architecten


Veel enterprise architecten zijn echter onbekend met open source software en de (detail) mogelijkheden die dit biedt voor de architectuur. Als Linux al een platform binnen de architectuur is (en dat

Bron: Computable Lees het complete artikel hier: http://www.computable.nl/artikel/opinie/open_source/4937025/1277105/open-source-belandt-tussen-wal-en-schip.html

BYOD Policies to Bring 1 Billion Devices to Businesses by 2018

27 november 2013
By

More than half of all mobile devices in the United States will have security apps installed by the end of 2018, according to Juniper Research’s findings.

The number of employee-owned smartphones and tablets used in the enterprise will exceed 1 billion by 2018, as the growing trend of bring your own device (BYOD) redefines business connectivity, according to a report from analytics firm Juniper Research.

The report, Mobile Security: BYOD, mCommerce, Consumer Enterprise 2013-2018, found that although the trend has the potential to benefit organizations in terms of enhanced employee satisfaction and productivity, the threat from unprotected employee mobile devices is of significant importance.

Western Europe currently represents the largest revenue hub for the mobile security vendors, and more than half of all mobile devices in the United States will have security apps installed by the end of 2018, according to the findings.

In the consumer segment, Juniper forecasts a steady growth in revenue for security software, approaching 40 percent of the global mobile security sales revenue by the end of 2018.

The report said this would be driven primarily by increased consumer awareness of available security solutions andcriticallyof the risks posed by fraud and malware to data stored on and accessible through their smartphones and tablets.

With these concerns in mind, growth in the mobile security market is currently being driven by the enterprise segment, particularly in the areas of BYOD and mobile device management.

According to a recent report commissioned by Lookout Security and conducted by Forrester Consulting, 69 percent of IT executives report that they are very concerned about the threat of mobile malware, viruses and spyware. In addition, the report found 60 percent have experienced lost or stolen phones in the past year.

Seventy-two percent agree there is a gap between current mobile security solutions and the security threats that businesses face today,

Bron: Linux and Unix Nieuws Lees het complete artikel hier: http://www.channelinsider.com/mobile-devices/byod-policies-bring-a-billion-devices-to-businesses-by-2018.html/

What Software-Defined Security Could Mean for the Channel

27 november 2013
By

Before long, the industry will hear more about software-defined security. The rise of SDS could represent both peril and opportunity for channel companies.

The IT industry is entering the era of software-defined infrastructure, starting with software-defined networks (SDNs). SDNs were quickly followed by the emergence of software-defined storage (SDS)which, together with SDNs, are the foundation for the software-defined data center.

Given those advances, it’s only a matter of time before the industry sees the emergence of software-defined security (SDS)a technology whose time has come, the folks at the Cloud Security Alliance (CSA) say.

“We think software-defined security is now quite feasible and very necessary,” said Junaid Islam, founder of Vidder, a provider of a cloud-based service for securing network perimeters. “This approach would both lower costs and be more secure.”

To turn that vision into a reality, the CSA has launched the Software Defined Perimeter project, which is being spearheaded by Bob Flores, the former CTO of the CIA who is now CEO of Applicology, an IT consulting firm.

SDS would be more secure because many breaches are a direct result of misconfigurations of security products. The technology would set the stage for not only managing those devices at a higher level of abstraction, but also for automating the management of those devices via the cloud.

CSA wants to first work with vendors to create a reference architecture for SDS at the network perimeter level and then extend the reach of that architecture to cover other areas of security in multiple phases. In the meantime, CSA plans to develop a road map outlining the various stages of the Software Defined Perimeter project that will be completed over the coming year.

As is often the case with that level of disruptive IT innovation, the rise of SDS would represent both peril and opportunity for solution

Bron: Linux and Unix Nieuws Lees het complete artikel hier: http://www.channelinsider.com/security/what-software-defined-security-could-mean-for-the-channel.html/

Dropbox joins Linux patent protection hit squad

26 november 2013
By

The economic impact of cybercrime

A company launched to defend Linux on PCs and servers is turning its attention to venture-backed cloud startups and mobile.

The Open Invention Network (OIN) has revealed Dropbox is its latest licensee, potentially shielding the cloud document-sharing service from patent attackers.


OIN owns an artillery of patents covering Linux which it makes available to members and licensees on a royalty-free basis.

Licensees are then sheltered from lawsuits by those people might bring over the patents.

Keith Bergelt, OIN chief executive, told The Register: These are the kinds of companies we are spending more time with growth companies, strong, venture-backed companies going public or who are in a position where they could go public in the next two to three years.”

OIN started in 2005 on the back of rolling litigation from SCO against IBM, Red Hat and SuSE Linux and had focused largely on Linux and the kernel on PCs and servers. Now its turning its attention to cloud and devices, convinced these are where patent attackers could strike.

Bergelt reckoned these young companies are in a great position to benefit from those in the OIN acting as a community to protect the Linux cloud.

These guys see it as everything they do rides on Linux, Bergelt said. So they see the connection is there – if they can participate in a patent non-aggression [pool] with like-minded companies, its their obligation.

Dropbox is another startup which hopes to go public, and taking out legal cover on Linux will no doubt be seen as a smart move by its investors.

Two major US funds hold a $250m stake in Dropbox with the company seeking an $8bn valuation. Both funds and value would be eroded if Dropbox fell victim to Linux patent suit.

Twitter, which IPOd

Bron: The Register Lees het complete artikel hier: http://go.theregister.com/i/cfa/http://www.theregister.co.uk/2013/11/26/oin_dropbox_linux_cloud/

Extra onderzoek betreft Werk.nl en Tunnels A73

26 november 2013
By

Het aanvullend onderzoek dat de tijdelijke commissie ICT-projecten bij de overheid naar twee cases laat uitvoeren, richt zich op Werk.nl en Tunnels A73. Dat melden ingewijde bronnen. Opmerkelijk genoeg wordt het programma Modernisering Gemeentelijke Basisadministratie (mGBA) met rust gelaten, terwijl dat toch een actueel dossier is met vele haken en ogen. Welk bureau het extra onderzoek, dat 13 december start, gaat uitvoeren, is nog niet bekend.


Afgelopen oktober rondde Policy Research zijn onderzoek af naar zeven ict-casussen van de overheid. Volgens de tijdelijke commissie ICT-projecten zijn met de conclusies uit het eindrapport van Policy Research nog niet alle onderzoeksvragen beantwoord. Er is nader onderzoek nodig naar aanbestedingsprocedures, contracten, opdrachtgeverschap en geldstromen. In dit kader worden nog eens twee projecten onder de loupe genomen. Het eindrapport verschijnt daarom zo’n driekwart later, namelijk in het najaar van 2014.

Werk.nl en Tunnels A73

Volgens ingewijden worden de casussen Werk.nl en Tunnels A73 extra onderzocht. Werk.nl zou gekozen zijn omdat op die manier ook de gehele ict van UWV mee kan worden genomen, vanwege eerdere grote mislukkingen bij de uitvoeringsinstantie. Het project Tunnels A73 wordt nog eens extra bekeken omdat er door de betrokken organisaties geen bevredigende antwoorden op vragen zijn gekomen.

Opvallend is dat het programma mGBA niet is geselecteerd. Naar verluidt speelt mee dat dit politiek gevoelige ict-onderwerp de positie van minister Plasterk van Binnenlandse Zaken en Registraties in gevaar zou kunnen brengen mochten er ongevallige zaken uit een extra onderzoek naar voren komen. Plasterk gaf begin november groen licht voor de voortgang van het programma mGBA.

Zowel VVD-kamerlid Ton Elias, voorzitter van de commissie, als de woordvoerder van de Tweede Kamer willen niet reageren op vragen over de keuze voor de twee cases en het niet selecteren van

Bron: Computable Lees het complete artikel hier: http://www.computable.nl/artikel/nieuws/outsourcing/4933248/1276946/extra-onderzoek-betreft-werknl-en-tunnels-a73.html

Meet the BlackBerry wizardry that created its ‘better Android than Android’

26 november 2013
By

Free Regcast : Whats new in SQL Server 2014?

Exclusive Some remarkable technical wizardry lies behind BlackBerrys Android coup. When it was launched in January, BlackBerrys new OS was brand new BlackBerry 10 and largely app-less. But today it can execute Android apps at impressive speed. How did they do it? Thanks to some helpful inside knowledge, The Register will reveal it all.

Android runs Java applications on a JVM called Dalvik, which runs on a Linux kernel. As it’s open source, Dalvik was straightforward to port to QNX, the sophisticated embedded Unix that RIM acquired in 2010, and which powered its PlayBook tablet (released the same year).


RIM promised that this Android Player would also appear on its first QNX-based phones. But not all apps could run, and there was an insurmountable stumbling block in the way. Android apps may also call native extensions, which are ARM Linux binary libraries. And there was no way of running these on the phones – so the apps couldnt run either.

At first, RIMs engineers attempted to support native extensions by making BB10 another build target for extensions developers. They would choose BB10 as a target at compile time. But this required persuasion. And unless the developer bought into the idea, Android apps that called these Linux ARM extensions wouldnt run. Even then, the BlackBerry system could not allow side-loading of native apps. It didnt look like the Android Player would ever be truly worthwhile.

‘Binary blobs’? No probs

But one or two RIM engineers were convinced they could bridge this gap between native QNX and Linux code. They would attempt to run the Linux extensions natively on QNX, without recompilation or pre-processing. Nobody was quite sure it would work – one source says he was 90 per cent

Bron: The Register Lees het complete artikel hier: http://go.theregister.com/i/cfa/http://www.theregister.co.uk/2013/11/25/revealed_how_blackberry_made_its_better_android_than_android/

Revealed: The BlackBerry wizardry that created its ‘better Android than Android’

26 november 2013
By

Endpoint security: Anti-virus alone is not enough

Exclusive Some remarkable technical wizardry lies behind BlackBerrys Android coup. When it was launched in January, BlackBerrys new OS was brand new BlackBerry 10 and largely app-less. But today it can execute Android apps at impressive speed. How did they do it? Thanks to some helpful inside knowledge, The Register will reveal it all.

Android runs Java applications on a JVM called Dalvik, which runs on a Linux kernel. As it’s open source, Dalvik was straightforward to port to QNX, the sophisticated embedded Unix that RIM acquired in 2010, and which powered its PlayBook tablet (released the same year).


RIM promised that this Android Player would also appear on its first QNX-based phones. But not all apps could run, and there was an insurmountable stumbling block in the way. Android apps may also call native extensions, which are ARM Linux binary libraries. And there was no way of running these on the phones – so the apps couldnt run either.

At first, RIMs engineers attempted to support native extensions by making BB10 another build target for extensions developers. They would choose BB10 as a target at compile time. But this required persuasion. And unless the developer bought into the idea, Android apps that called these Linux ARM extensions wouldnt run. Even then, the BlackBerry system could not allow side-loading of native apps. It didnt look like the Android Player would ever be truly worthwhile.

‘Binary blobs’? No probs

But one or two RIM engineers were convinced they could bridge this gap between native QNX and Linux code. They would attempt to run the Linux extensions natively on QNX, without recompilation or pre-processing. Nobody was quite sure it would work – one source says he was 90 per cent sure –

Bron: The Register Lees het complete artikel hier: http://go.theregister.com/i/cfa/http://www.theregister.co.uk/2013/11/25/revealed_how_blackberry_made_its_better_android_than_android/

Revealed: The amazing BlackBerry wizardry that created its ‘better Android than Android’

25 november 2013
By

Endpoint security: Anti-virus alone is not enough

Exclusive Some remarkable technical wizardry lies behind BlackBerrys Android coup. When it was launched in January, BlackBerrys new OS was brand new BlackBerry 10 and largely app-less. But today it can execute Android apps at impressive speed. How did they do it? Thanks to some helpful inside knowledge, The Register will reveal it all.

Android runs Java applications on a JVM called Dalvik, which runs on a Linux kernel. As it’s open source, Dalvik was straightforward to port to QNX, the sophisticated embedded Unix that RIM acquired in 2010, and which powered its PlayBook tablet (released the same year).


RIM promised that this Android Player would also appear on its first QNX-based phones. But not all apps could run, and there was an insurmountable stumbling block in the way. Android apps may also call native extensions, which are ARM Linux binary libraries. And there was no way of running these on the phones – so the apps couldnt run either.

At first, RIMs engineers attempted to support native extensions by making BB10 another build target for extensions developers. They would choose BB10 as a target at compile time. But this required persuasion. And unless the developer bought into the idea, Android apps that called these Linux ARM extensions wouldnt run. Even then, the BlackBerry system could not allow side-loading of native apps. It didnt look like the Android Player would ever be truly worthwhile.

‘Binary blobs’? No probs

But one or two RIM engineers were convinced they could bridge this gap between native QNX and Linux code. They would attempt to run the Linux extensions natively on QNX, without recompilation or pre-processing. Nobody was quite sure it would work – one source says he was 90 per cent sure –

Bron: The Register Lees het complete artikel hier: http://go.theregister.com/i/cfa/http://www.theregister.co.uk/2013/11/25/revealed_how_blackberry_made_its_better_android_than_android/

Intel ontwikkelt multiple OS-chip

25 november 2013
By

Chipleverancier Intel ontwikkelt een chip waarmee hardwarefabrikanten zelf kunnen bepalen welk besturingssysteem zij op hun laptops of tablets willen zetten. Dit meldde ceo Brian Krzanich tijdens de jaarlijkse dag voor investeerders. De chip moet goed gaan samenwerken met verschillende soorten software.


Binnenkort zijn hardwarefabrikanten dus niet meer verplicht om een keuze te maken voor een specifiek besturingssysteem. De chip is te combineren met Android, Chrome OS en Windows. Volgens Intel kunnen fabrikanten met de nieuwe chip kosten besparen.

Maar dat de chip meerdere besturingssystemen aankan, was niet het enige dat Krzanich te vertellen had. De nieuwe chip kan namelijk ook overweg met twee besturingssystemen die op n apparaat worden gezet. Zodoende kunnen gebruikers zelf kiezen welk besturingssysteem ze op hun laptop of tablet willen gebruiken. Dergelijke producten zijn al her en der op de markt terug te vinden.

Bron: Computable Lees het complete artikel hier: http://www.computable.nl/artikel/nieuws/infrastructuur/4932966/2379248/intel-ontwikkelt-multiple-oschip.html

HP: Mobile Apps Aren’t Secure, Allow Access to Private Data

19 november 2013
By

In a new study, Hewlett-Packard found that 97 percent of the mobile applications it scanned accessed private information on devices.

Nearly all mobile applications present a risk to users, according to a new report from Hewlett-Packard’s software division. In a study of 2,107 applications published by 601 companies on the Forbes Global 2000, HP found that 97 percent of the apps in some way accessed private information on the user’s device.

HP scanned applications to see which ones were accessing private information, and then tested the applications that accessed private information for security vulnerabilities, Maria Bledsoe, HP senior manager for product marketing, told eWEEK. “While some of these apps may have a legitimate reason to access private information, the addition of security vulnerabilities puts that private information at risk,” Bledsoe said.

The HP study found that 86 percent of mobile apps do not use proper binary protections, which can shield applications against memory overflow attacks and can also restrict the ability of attackers to reverse engineer code which could then potentially be exploited.

Adding further insult to injury, HP’s analysis indicated that 75 percent of the surveyed mobile apps do not properly leverage data-encryption techniques for user data. As to what techniques developers should employ, Bledsoe said that there are specific implementation options based on the mobile operating system version.

“The key point is that developers should use their operating system’s recommended method of encrypting data as opposed to writing to the file system without encryption or using a custom implementation,” Bledsoe said.

Encryption is also a weak link for data in transit, from the mobile device to the Internet. Since the beginning of the Internet era, Secure Sockets Layer (SSL) encryption has been the cornerstone of Web security for servers and desktops. SSL is also a must-have technology on mobile devices, though it is not

Bron: Linux and Unix Nieuws Lees het complete artikel hier: http://www.channelinsider.com/mobile-devices/hp-mobile-apps-arent-secure-allow-access-to-private-data.html/