Internet Presence :: Words that mean much more then 'web site'. A presence on line is about being found. It's about being noticed, and it is about interactivity with your client.
Unusual Stocks: Moller International (MLER.PK)Moller International
could be considered yet another penny stock trading on the pink sheets with a far-out idea. However, this one is a bit different from the usual. Moller is in the business of designing, developing, manufacturing and marketing personal vertical takeoff and landing aircraft. The intended first product is the M400 Skycar
. This automobile is intended to have a top speed of 350 MPH while achieving 28 miles per gallon. They aren't shipping anything yet, but are accepting deposits to "secure delivery positions for our M400 Skycar". The company has been involved in an SEC dispute recently, which appears to have been resolved, and doesn't seem to be in a big hype mode - the message board at Raging Bull
, a hotspot for penny stock chat, is pretty quiet. Despite being a pink sheet stock, they are fully reporting to the SEC, although their financial situation seems poor at best, with only $14,037 of cash at the end of 2002.read more:
Solving big business problems in our little toolbox application. A use case for Project Distributor.
Project Distributor: Introduction to our distributed web service model
So Darren and I have put in about a month now on the Project Distributor website. We are starting to reach that critical point where the site is pretty cool, we have plenty of users, we are thinking about running out of the allowable bandwidth for the demo site, and all sorts of other things that tend to happen all at once. Now, there are some problems you can design yourself out of, and others that you really have to throw some money at. Our latest enhancements can be summed up in a short list.
- Buy a domain name and start hosting in two places. Project Distributor.com should be up fairly soon to accompany MarkItUp.ASPXConnection.com
- Have people host their own versions of the application. And that means a big source release is in the future. At this juncture risk fragmentation.
- Design away fragmentation with a series of ingenious features that will make everyone want to use the application at hand.
I'm here to talk about the last two, since Darren already bought some additional hosting for us. The concept will be to release a fairly stable version of the application so that groups can host tools, code snippets and other source/binary releases for their teams to share. The application is very lightweight and easy to set-up, so it won't require a bunch of hand holding and configuration to get up and running initially. From our standpoint we solve a number of issues at this juncture. The most obvious problem is what we classify the Lutz Roeder use case. .NET Reflector is the key type of application we'd love to get hosted because it makes it a bit easier to find, not that Google does a bad job, we'd just like to get a bunch of tools in one place, with some features for feedback, new releases, and some cool client tools for publishing.
Now, Lutz would put his application up and he'd whack our bandwidth. He is the prime example of someone that should be hosting their own tools, but possibly using our interface. He doesn't have to, we haven't even asked him yet in fact, but if he decides to do so, then all the better for the web application moving forward. Users such as Lutz probably want a certain level of control over their own sites as well in terms of branding and controlling access. This will only come from hosting the application yourself (and maybe some other features we'll see later).
From a security standpoint many teams will also want to host their own servers. In this manner they get control over the hardware their sources and binaries are stored on. They can accept tools up to any maximum (instead of our imposed limits) and provide unlimited download bandwidth if they choose. Or they can take advantage of our gating mechanisms to make sure their server doesn't get overloaded with downloads and open their tools up to the public.
The only major problem from this source release is that the initial problem we were trying to solve, promoting the visibility of tools, starts to erode. You see, the more sites that host their own tools the harder it is to find the right site with the right tools. We are trying to solve this in a number of ways. The first is allowing users of a site to store bookmarks to other projects and external resources. This is only a temporary fix, because it still doesn't allow a mass search and categorization infrastructure required to truly promote the visibility of the tools being hosted. We have to come up with a solution that brings all of the sites, but we don't want to create just another portal or gateway site. That is boring. Now you have the background, so how will we solve the fragmentation issue?
Designing away Fragmentation
I won't lie to you, I've implemented this model several times, but have never had a project that was capable of really showing off the feature set we are about to talk about. The concept is to unify all of the sites, by allowing them to easily manage views of data from all of the sites combined. Each site owns their own content, maintains their own users, but in turn peers with other sites to obtain additional content.
Web services provide a dual feature set in this model. At the current level they allow us to generate really great client-side tools for managing, well, your tools! We have a drop-client target right now so you can drag and drop new releases to existing projects in just a few seconds. Some new tools for working with build systems to promote the source code up to the server are in the works. We natively integrate with your RSS reader and will have our own alert services in the drop client just in case you don't have one. There aren't any search or local caching features, but those are also planned for the drop client so you can background download new releases, just like Windows Update.
That doesn't solve fragmentation though, that just makes me realize how much work I have left to do. The second feature of web services lies in the ability for each site to aggregate data from the many other sites that are out there hosting the application. Remember, everything we make available at the service layer can also now be remoted. The more caching we put into the data layer, the more performant the entire process will be, and we can even tune the caching depending on whether the data layer is merging off-site contents or database contents.
I'm sure there is another name out there somewhere, but for the past 2 years I've called these peer sites. Each instance of the project distributor will have a number of options allowing for adding peers that will be aggregated and added to the local collection while users traverse the site. The first step is to get the peer sites running in a read-only mode. And set up some really great options so the entire process can be controlled. This solves a number of use case scenarios for us including the following.
- Fragmentation can be mitigated through proper configuration. If everyone aggregates 5 or 6 sites into their peers, then we have a huge network now of interconnected peers and users can pick and choose which one they use for purposes of searching the tool network.
- Peer connections are unidirectional or bidirectional. Access is configurable. Teams can include tools from external sites while keeping their own tools completely private. They can exist behind a DMZ or a private network.
- Users can host their own personal tool sites in the same manner as the team sites. They can configure statically which projects to make available even. In this way you can build a collection of personal tools that you love, and have the latest information automatically update on your machine for your perusal.
Peer sites solve plenty of visibility issues, but that is pretty much all they solve for now. We still want to enable all of the features available to the client tools. After all, the web service methods and proxy infrastructure is in place to do so much more.
Well, we want to solve another problem. That is where you edit your data. A master site is where the users, groups, projects, etc... are all hosted, but thankfully, you'll be able to log in through any site (assuming it is peered with your master site) and then edit your own projects and such. This is a remote principal context and is actually one of the cooler features associated with the peering functionality of project distributor. We'll be fully secure in our login and credentials region, but unfortunately we'll still be transferring data in open text in the short term. Maybe we'll fix that with enough push back.
A clone site is where we empower a site to act on behalf of a master site. For me, my local project distributor is currently cloned to the main project distributor site. What does this mean? Right now it means I get all of the data from PD, and that users who trust my site can log-in to their project distributor accounts and cross edit data. Pretty nice if you ask me. It basically means you can fully host a project distributor installation and never, ever have to install a database server. Users can just act on behalf of a remote server.
This isn't a super reusable model like some of those you read about in the popular software architecture books, and it probably accounts for why master/peer/clone sites don't exist very often. The considerations for every option are heavily customized to the problem being solved, and I'm sure we'll be making modifications or updating the configuration context for a while. Right now you can independently configure your primary server type, whether master or clone, whether or not users can use you for a pass-through authentication and edit server, whether or not web services are enabled so peers can enable unidirectional only communications, setting up asymmetric security credentials. Man, you name it and it is in there
For the peer section we have full and selective modes. A full peer pulls all of the data on the remote peer locally for display (in a delay caching manner, just like you'd expect, unless you set up a scheduled pull which is also possible). I expect most people to configure full peers because they really are really easy to set up and maintain. A selective peer is where you specify the groups/projects that you want to display. This is best for a user setting up their own personal toolbox who wants to select a couple of items from many different peers.
We have an extensively exhaustive configuration module already and we'll be continuously adding more to it. The concept is to easily modify your toolbox to your own designs without having to touch the code. If we haven't given you enough options to satisfy your need then we'll have to make something up, because I'm just about running out ;-)
These are the basics of the model ideas I have for project distributor. That doesn't mean Darren doesn't have other great ideas happening as well. He has some pretty extensive UI enhancements, but I'll let him talk about those. We even have another product idea that is kind of a bolt-on for project distributor, but that is probably a couple of months out putting it into next year. Unfortunately we have too many ideas for our own good right now. Better than not having any ideas I guess. I'll try to drop some code with some of the ideas above, that way you can get a look at how the entire system is implemented. I have some diagrams as well, but I'm far too tired right now to add the img tags to the HTML view.
Companies Up Spending for Wireless Infrastructure, Apps
Companies are building on-campus networks and seeking a secure way of supporting remote workers.read more:
NetX 0.4 released
[2002-03-26] Netx is an open-source JNLP client which downloads code over the network, caches it, and runs it in a secure environment. Netx runs Java applications and applets using JNLP to describe what resources to download and how to execute the code.read more:
On the goofy statement from ''the Vatican''"Hezbollah, Iran's proxy, used the safety of its Lebanon position to attack civilian populations in Israel.
And Israel is supposed to just sit there and take it? Are the only good Jews those who go meekly to their deaths at the hands of cutthroats?
"And what about the Lebanese Christians, most of them Maronite Catholics? Does the Vatican suppose they welcome the militant presence of the Islamofascists in their country, these terrorists who are bringing such destruction onto Lebanon? There will be no secure peace for the Arab Christians of Lebanon as long as Hezbollah remains a force."Michelle Malkin
has more reactions by other Catholics, who
know that Sodano is a raving euro-liberal who's retiring in September (finally).
Great comments at Amy's
, pro and con.
Plus: Read David Warren's
thoughts on "The War of 2006".read more:
Vitrium Develops Secure DRM System for PDF Documents
Vitrium Systems has developed a secure online distribution system for PDFs that allows the publisher to control who accesses the document and reports back on who read it.
Moniker.com Wins Special Secure Domain Registration Award
Fast Growing ICANN Accredited Domain Name Registrar wins Special World Association of Domain Name Developers (WADND) Award recognizing secure domain registration. [PRWEB Nov 3, 2005]read more:
Bharosa Announces Online Authentication Solution to Counter Check 21-Based Fraud
Bharosa, a provider of secure multifactor online authentication solutions, today announced a solution to authenticate users at the point at which they access highly sensitive digital check images online. The new product, Bharosa CheckPad? expands Bharosa?s bundled suite of Virtual Authentication Devices?, answering demand from financial institutions for Bharosa patent-pending technology applied to digital check image encryption. [PRWEB Nov 7, 2005]read more:
Sander A. Kessler & Associates Selects Lumtron?s AccuraImage 2006? Document Management and Control Solution
High-visibility, prominent insurance broker in the Los Angeles area has chosen AccuraImage 2006 as their new document management & control solution. Sander Kessler & Associates is looking to increase customer service and be more responsive to their clients' needs with secure, instant access to client documents. [PRWEB Nov 10, 2005]read more:
Alert: New HIPAA Rules Could Affect Your Organization
On April 21, 2005 (just over three weeks from today), a new Health Insurance Portability and Accountability Act (HIPAA) security rule goes into effect. The requirements of this rule, which are basically information security best practices, focus on the three cornerstones of a solid information security infrastructure: confidentiality, integrity and availability of information.The imminent HIPAA regulatory requirements encompass transmission, storage and discoverability of Protected Health Information (PHI). Given the widespread use and mission-critical nature of email, enforcement of HIPAA encryption policies and the growing demand for secure email solutions, email security has never been more important to the healthcare industry than it is right now.read more:
3 Criteria for Controlling Enterprise Spam - Or: T*ake Y O U R email ba & ack + From the Sp@mmers! 0400constrictor bubble snake informational
If you have a business, then you have a spam problem. The efficiencies of communicating through e-mail not only benefit organizations like yours; they also benefit the spammers who profit off of sending pernicious e-mails to millions of people every day. In fact, spam is so cost-effective that it costs less than $0.0004 to send a single spam. Thats 25 emails for just one penny! This article explains the three most important ways you can secure your e-mail system against spammers and contains a link to even more detailed information on regaining control over your company's inbox.read more:
Secure Your E-mail Systems - Protecting Against Port 25 Vulnerabilities
Protecting networks from viruses and hackers has traditionally been the responsibility of the Firewalls, Virus Scanners, and Intrusion Detection Systems (IDS) set up by enterprises as a defense against the myriad attacks they come under each day. These measures prevent attacks against the network on every port except port 25 and port 110 the ports used by SMTP (Simple Mail Transfer Protocol) and POP (Post Office Protocol) to transmit e-mail from one server to another.read more:
Email Security Governance: Email Encryption and Authentication
While recent government regulations vary in scope and purpose, the need to protect and ensure the integrity of information is universal. Much of the information germane to business today is assimilated and communicated over messaging platforms such as email. As a result, the need for a comprehensive approach to the secure delivery of email affects almost all organizations, regardless of industry or size. As with many management challenges, the unknown is the most significant cause for concern. In the case of email and messaging security, the most ominous threat is often the lack of ability to measure information flowing in and out of the corporate email network.read more:
Browser security versus virtual autism
I tend to ignore articles on security because I don't have a lot of respect for the security companies. As far as I can tell, most security stories are credulous regurgitations of these companies' misleading press releases. Their vested interest in FUD, their conflict of interests with their own customers, their alarmist and uninformative tendencies: all these things make it hard to take them seriously.
Just this last week there was one or other of this motley crew claiming 'Windows more secure than Linux'. The numbers were blatant nonsense, counting any Linux vulnerability once per distribution, for example, and I'm not interested in that non-story.
In amongst the usual stream of commercial effluent, I found myself reading a couple of interesting papers on phishing.
If you're anything like me (and I hope you're not) you receive several hundred spam messages a day. For my home account, one of the mod3 Solaris zone hosting
dudes set up a greylisting
system that pretty much squashed the problem. Work uses a commercial filtering system that doesn't work nearly as well, and doesn't even let me say 'drop anything in any non-European language', which would be a very
effective work-around for me. I'll admit to having been nervous about the greylisting idea ('but won't it delay genuine mail?'), but I've only been inconvenienced once so far, and that wasn't for long. I waste far much more time wading through the obvious spam at work every day
than I did on the one occasion I've had to wait for a web site to retry its confirmation mail.
Anyway, given the amount of spam that gets through at work, I see quite a lot of phishing attempts. Some would be worryingly convincing if I had any connection with the alleged institutions, many are fairly obviously bogus if you give them more than a second's glance, and some are laughably bad. That last class has always interested me the most. My assumption was always that such mails wouldn't fool anybody, leaving me wondering why the prospective phisher didn't try a bit harder?
Now I'm starting to wonder if the criminals aren't just being clever, expending no more effort than necessary to fool the foolable.
Reading Why Phishing Works
, I was shocked by the lack of acumen displayed by the experiment's subjects. The sample size was, I felt, small: only 22 people. I'm also not sure how representative of the general public university staff and students are. All the same...
Even if you don't care about security, if you're a programmer it's worth reading the paper just to see how far out of touch with technology many users are. In particular, they have no idea what's easy to fake and what's hard to fake.
That text and graphics inside the page are more trusted than text and graphics in the browser's own UI shows you just how much the disconnect between the user's model and system's model can cost.
It's also interesting to see how much of the browser people just ignore. I was thanked for adding a 'new' feature to Terminator the other week when all I'd done was add a tool tip to draw attention to a feature that had been there much longer. That was understandable because the feature was otherwise invisible and only enjoyed by people who had just assumed it would be there. This paper, though, suggests that browser features that you and I probably consider highly visible just aren't seen. Or they're seen and misunderstood, which is potentially worse when they're security features.
Not all of the problems identified in the paper are anything to do with technology, though. Except insofar as they suggest that people are bad at transferring real-world common sense to the 'virtual' world, or bad at realizing that they're the same
I wonder if the woman who 'will click on any type of link at work where she has virus protection and system administrators to fix the machine, but never at home' would agree to be beaten by said system administrators with baseball bats in the grounds of a local hospital. Presumably that would be fine, because the hospital can fix things up afterwards? So no harm done, right?
And there's the woman who types in her username and password to see if a site's genuine. Presumably she'd be happy to give me her life savings to see whether I can be trusted to return them?
I do hope those two are now starred out. But I know they aren't, and I know there are millions like them, sharing LANs (or even machines) with us.
I showed the paper to my girlfriend. She didn't know about https: versus http:, didn't know there was a padlock icon anywhere (and I'll admit that I had to look for it in Safari; I'll be switching to Firefox completely as soon as it has spelling checking), or what the padlock means, and definitely didn't know anything about certificates. It had never really occurred to me before that there were millions of people out there typing their financial details in to HTML forms without the vaguest idea of which end of the firestick the boom comes out.
We've accidentally created a whole race of virtual autists, devoid of their usual ability to infer trustworthiness.
If you think that's an over-statement, read the paper and look at the cues the participants were using. In ignorance of the high-tech stuff the browser was offering, they were falling back to tried-and-tested visual cues, despite the fact that it's trivial to copy any image, text, or video on-line.
The authors have a suggestion, if you're not too depressed to keep reading. The Battle Against Phishing: Dynamic Security Skins
describes a way of improving the browser's security indicators, but I didn't really get how it's supposed to address what seems to be the more fundamental problem: people just don't know what they're looking for. If Firefox's yellow location bar is as invisible as it appears to be, is that battle not already lost?read more:
Passwords: Bad "best practices"
So, you think that your password is secure? Let's see: does it contain a mixture of uppercase/lowercase letters, punctuation marks and digits? Yes? Well, even in this case, your password might be still completely insecure. Read ahead why...
To understand the problem, we need first a little rehash of the basic password cracking techniques. The simplest algorithm would be to simply (1) enumerate all English words and names from a given dictionary and (2) check to see if this word matches as your password.
You might say - but in this context we are talking about other characters like punctuation marks and digits that are part of the password. What would an attacker do in this case? Simple - use a little psychology.
The problem is that most people feel that adding digits and other characters is just a burden. When the 'password will expire today' dialog comes, they will be in a hurry to get a new password, maybe an easy-to-remember word, and then alter it in a few ways:
1) First, the password needs to have a capital letter. Most people will naturally choose the first letter from our English word to be capitalized. So, a word like 'flowers' becomes 'Flowers'.
2) Second, the password needs to contain some digits. The password would look nicer (and easier to remember) when these digits are appended to the word. Even more, people are usually unimaginative here, and just append one digit, or in more complex cases, digit sequences like '123' or '01' or eventually their birthdate.
3) Third, we need some non-alphanumeric characters. Well, let's see. If we replace an 's' with '$', 'a' with '@' or 'o' with zero, then we get what we want, right? It is hard to resist the tentation to replace 's' with '$' at least (and not an 'a' with '$'), and therefore getting a false sense of security. In some cases also using delimiter characters like '!' or '#' to separate the word from the digit sequence.
So, with the example above, the altered forms of the word 'flowers' might be: 'Fl0wer$' or 'Flower$01' or 'Fl0wers#123' and so on and so forth.
The problem with these alteration rules is that they are so predictable. All the attacker has to do is to take the same list of English words, and apply the rules above. He will probably get a longer list by, say a factor of 10-100 which is not that much.
In conclusion, it's not that hard to enter into the minds of regular people, and neither in the minds of attackers. So, if you used any of these rules above, then stop using them. Instead, here are some rules to create strong passwords.
P.S. As for me? I just uuidgen.exe to create a random sequence of digits.read more:
Web API authentication for mashups
Jason Levitt has been teasing me in our discussions on cross-domain requests about Yahoo's upcoming authentication API.
The recurring problem: how to offer web APIs that can be mashed up but involve personal data?
You want to allow for a large number of third parties to integrate with your services, but don't want phishing sites to abuse them.
Let me do a quick re-cap of the problem space before analyzing the pieces of Yahoo's solution.
Here is what is possible today for web browsers and what some people have recommended for the future:
In all these cases, there is no good authorization story, that would allow for working with personal data stored in the service in a secured way.
A number of techniques for controlling access to web APIs are generally used: user authentication cookies (or HTTP auth), API keys and crossdomain policy files.
The problem is that API keys and crossdomain policy files are too restrictive because the service needs to decide which third-parties to let in.
On the other end, access control based on the user authentication cookies are very open to un-planned integration, but also create a huge phishing risk.
This is a classic example of the confused deputy problems that appear in principal-based security models.
As a result, most web APIs today don't involve any user data (search, maps, ...) or non sensitive user data.
Yahoo appears to be tackling the challenge with its announced 'browser-based authentication' (bbauth)
. From the little information
I could gather so far, from Drew Dean's slides, it seems less of an authentication than an authorization system. Unlike cookie based approaches, which give access to any agent presenting user credentials (principal-based security), it appears to follow a capability-based security model
, which only grants access if the agent uses the proper 'secure handle' or 'capability' to call the service. Such capabilities are sufficient to gain access to the service and don't need any additional authentication, they are communicable tokens of authority.
Let me re-iterate that I don't think this protocol is about Identity, unlike Passport, TypeKey or CardSpace (aka. InfoCard), but rather simply authority and access. This characteristic is important: we want services to cooperate without being tighly coupled at the identity level. Drew Dean's slides frames the issue as allowing 'Pseudonymous delegation of partial rights', which means the names of a user in different services don't have to match and the authority that is granted is granular.
What's great about this model is that the authority carried by a capability can be as granular as the design and scenario require, and are only be given out to third-parties under certain conditions, which again are chosen to fit the desired requirements and user experience.
For example, the authority granted could vary in range in action and scope: a handle could give access to the user's entire data, or maybe only partial access to part of the user's data.
The design of the capabilities could also comprise additional dimensions, such as a time restriction. For example, a capability could be only valid for 24 hours.
One of the myths of capability systems is that capabilities cannot be revoked. It is actually possible and in Yahoo's design, any granted authority can be revoked by the user at any time.
One common policy for giving out capabilities is to get consent from the user. The screenshots of the F-Spot integration with Flickr (found on this thread) show the Yahoo consent UI.
Although I don't like the desktop/web integration in this scenario and I have some concerns about repeatedly prompting the user for consent, I believe that this approach has a lot of potential for cross-domain service integrations on the web.
Cross-domain support in browsers will be the main remaining link missing to unleash some really cool web apps. In the meanwhile, you can use FlashXMLHttpRequest or some other cross-domain workaround.
I look forward to reading the documentation when the protocol is released and trying out the resulting user experience in practical scenarios. Let me know if you find any other information.read more:
Jason mentioned that the protocol is open and can be simply implemented, which means that it could be supported by other services and hopefully used in a wide variety of mashups.
Windows More Secure?Via Joe Mayo
, “Reported by CNET
, of all the CERT security vulnerabilities of the year 2005, 218 belonged to the Windows OS. But get this - ther were 2,328 CERT security vulnerabilities for UNIX/Linux systems.”read more:
Security Development Lifecycle book and Threat Tree Patterns
I bought Michael Howard
's and Steve Lipner's book The Security Development Lifecycle
here at TechEd 2006 today. Michael has a description and purpose of the book as well as a table of contents on his blog
One thing I noticed immediately is the list of Threat Tree Patterns in its own chapter. I remember I had a question about these at one of my talks
on Threat Modeling as I included a slide from one of Michael's decks that mentioned this concept. Threat Tree Patterns really help in the modeling process as these are well known and common types of threat scenarios to look for in your application. Previously, with the DREAD style
, you had to think of these yourself, and if you weren't a security expert you might miss several things. So, it helps to look at the patterns. Unfortunately, these patterns weren't readily available at the time, but now they are finally added to this book. Great!
I have read several SDL papers over the last couple of years and watched how Microsoft has fine-tuned the process. I think this will be a great read for every developer as they think through applying secure development at every stage of the software development lifecycle.
WCF and Security solutions
I mentioned previously
I worked on some security work with WCF. In March, I worked with Sam
to put together a first prototype of a WCF secure solution using ActiveDirectory as well as research into WSFederationHttpBinding and ActiveDirectory Federation Services (ADFS). Sam and crew have extended thoseinitial ideas into a set of great solutions as he describes here
, and here
(Aaron's post). You owe yourself a look to see the great work they have done.Keith Brown
also announced the launch of the Identity and Access Management developer center on MSDN
recently. His recent paper on 'The .NET Developer's Guide to Identity
'is extremely good and I have already recommended it to a few people atTechEd this year. Keith presented a session on WCF Security yesterdaymorning which I unfortunately had to miss, but I did get a chance toread the slide deck yesterday afternoon and it looks great -- if youget a chance (i.e. have access), take a look.
There are a lot of great resources starting to show up. I am hoping toadd some original items as I come across them, but in the meantimethese are a few places to check for information.
Working, speaking, and generally busy
I haven't blogged for awhile (missed a month! -- wow, where does the time go?). I have been working various short-term gigs for several months now, typically flying onsite to a few locations, as well as one-three week assignments. I also spent a couple of days teaching a VB 2005 class at a company. Those are great opportunities, but sometimes you need to settle down a little in order to get some steady income again. I started a full-time contract in Boston this past week plus I am working a few other small projects.
I will be spending a little more time on the road over the next two weeks speaking at conferences. Here is my schedule:
- May 6-7 - Code Camp 5, Waltham, Massachusetts - I have four talks I am doing: 'Threat Modeling for Web Applications', 'Reliable Applications with System.Transactions', 'Build Queuing Database Applications with Service Broker', 'Secure Data Applications' (This last one is new talk for me with a code-intensive demonstration of secure techniques to secure most kinds of data applications)
- May 9-11 - DevTeach, Montreal - 'Reliable Applications with System.Transactions', 'Build Queuing Database Applications with Service Broker', Part of the 'SQL Server Round Table'
- May 17 - VSLive!, Orlando - 'Leveraging .NET 2.0 Security Features' (Black-Belt session)
Regarding the upcoming TechEd 2006 in Boston, I found out yesterday the BoF
I submitted was not picked (thanks to all who voted, though). I have been seeing quite a bit of discussion about issues with developing as non-admin on Vista, so this would have been a very interesting discussion, but it may be too early for this. I also found recently I was picked to be an expert again in the Connected Systems group at TechEd. That should be fun.
Preventing Integer Overflows in C++
David LeBlanc, co-author of Writing Secure Code, has put together a C++ class to help developers avoid integer overflow errors. In addition, he wrote an article that is a lucid introduction t...read more:
Contest: Submit the best recipe
One of the goals of SecureProgramming.com is to provide recipes demonstrating good secure programming techniques (particularly ones supplementing our books). Anyone can submit these recipes....read more:
Welcome to SecureProgramming.com
Welcome to SecureProgramming.com!The goal of SecureProgramming.com is to provide a resource for programmers to find information on secure programming, whether it's for C/C++, Java, Perl, P...read more:
Win32: Obtaining CRLs with CryptoAPI
Recipe 10.11 in the book 'Secure Programming Cookbook for C and C++' showed an example of how to retrieve CRLs from a CA specified as a URL in the extension properties of an X.509 Ce...read more:
Using /dev/random from Python
You are using Python and would like to have a source of cryptographically secure psuedo-random numbers.read more:
Secure Apache with mod_security
(Posted 13 Jul 2006 by falko)read more:
Words from Bruce Sterling
Ever since I caught Bruce Sterling?s keynote at SIGGRAPH 2004
outlining the impending impact of spimes, I?ve keeping up with many of his writings and talks. Here?s what I?ve heard from Bruce since.When Blobjects Rule the Earth
, SIGGRAPH 2004 keynote
?All objects are defined by the culture that nourished their development: products -the mechanical age, gizmos -the digital age. Spimes (our objects of the future) are no different as they represent the composite picture of our current networked information age.?Dumbing Down Smart Objects
, Wired Magazine 2004
?Ordinary items are being embedded with rudimentary communications and tied to databases. The information associated with these items is becoming ever richer, more up-to-date, and more reflective of conditions on the ground.?The Material Future
, Ludwig-Maximilians Universitnchen 2004
?An electronic identity code is the foundation for an ?internet of things?. It can communicate identity not only at a product level, but at an object level as well. Not only can it store identity it can announce it.?Shaping Things
'A concise futurist manifesto about the technosocial transformation our objects bring upon us. If you are a digital product designer, read it.'The Internet of Things
(mp3), BusinessWeek 2005
?Sterling takes us on a wild ride through the history of techno-culture and into a future shaped by an Internet of Things.?The State of the World
(mp3), SxSW 2006 keynote
?Thousands of people have had their PCs turned into spam zombies. A third of your spam comes from innocent people who can't secure their MSFT machine because it's impossible to do so!?Speech at Conjure
, National Science Fiction Convention 2006
?This is a development, which in many ways is at the bottom of science. There are going to be new forms of science coming in off the network because there are new means of knowledge production and knowledge handling.?Bruce Sterling on media, design, fiction, and the future
, Reason 2004
?The best way to have a really great idea is to have a thousand ideas. The guy who has the thousand ideas will be valorized for idea 837 and for idea 732, but those were never the ones he treasured.?Massive Change Interview
(mp3), University of Toronto 2003
?I think the best attitude for a serious futurist to have is not pessimism or optimism, but just a deep sense of engagement. It has to mean something to you.?The Internet of Things
, Emerging Technology 2006
?We very early got into the lasting bad habit of referring to computers as 'thinking machines.' I suspect this verbal metaphor seriously harmed technical development. Even the word 'computing' sounds too much like human mathematical thinking.?Wonder, Fiction, and Design
?Why do I?a science fiction writer?spend more and more time with designers? What does science fiction have in common with industrial design? As it turns out, quite a lot.?The Wonderful Power of Storytelling
, Computer Game Developers Conference 1991
?You guys on the other hand get to reinvent everything every time a new platform takes over the field. This is your advantage and your glory. This is also your curse. It's a terrible kind of curse really.'
Tags: bruce sterling
, fab labs
, sxswread more:
Cool software: Hamachi
Hamachi : Stay ConnectedHamachi is a zero-configuration virtual private networking (VPN) application.
In other words Hamachi is a program that allows you to arrange multiple computers into their own secure network just as if they were connected by a physical network cable.
Reminds me of the old Nullsoft WASTE thing. So this is for creating a [...]read more:
Disabling the RFID in the New U.S. Passports? read more:
slashchuck writes "Along with the usual Jargonwatch and Wired/Tired articles, the January issue of Wired offers a drastic method for taking care of that RFID chip in your passport. They say it's legal ... if a bit blunt. From the article: 'The best approach? Hammer time. Hitting the chip with a blunt, hard object should disable it. A nonworking RFID doesn't invalidate the passport, so you can still use it.' While this seems a bit extreme, all indications seem to be these chips aren't very secure. How far will you go to protect or disable the RFID chip in your passport? Do you think such a step is necessary? Does anyone have an argument in favor of the technology's implementation here? "[Via Slashdot]
This report is transported by Nanny and attached here for your comfort by Web Design Toronto. Home Cleaning Ladies, Interactive Web Site, and other first-class services can be found at these websites.
Something I <font color = 'red'>Can</font> get Excited About:
Rep. Kucinich: Why I'm running for Presidentread more:
By Joshua Scheer
The six-term Ohio congressman and 2004 presidential candidate, who has been one of Congress' most vocal and longstanding opponents of the Iraq war, tells Truthdig why he again has his sights set on the Oval Office:
Rep. Kucinch spoke with Truthdig research editor Joshua Scheer*.
TRUTHDIG: What made you decide to run?
KUCINICH: Someone has to rally the American people, to let them know that the money is there right now to bring our troops home. Democrats were put in power in November to chart a new direction in Iraq. It's inconceivable that having been given the constitutional responsibility to guide the fortunes of America in a new direction, that Democratic leaders would respond by supporting the administration's call for up to $160 billion in new funding for the war in Iraq.
For me this is a call of conscience to stand up and speak out about what's going on-to let the American people know that the money is there to bring our troops home now, that we need to begin now to take a new direction in Iraq, and that to pass a supplemental in the spring for another $160 billion would keep the war going until the end of George Bush's term. Someone needs to stand up and speak out, and I decided it was my responsibility as the person who has been consistently opposed to this war since its inception, who has been a leader in challenging this thinking that led to war, that I would stand up and rally Democrats to change the course that the party has embarked on with respect to continued funding of the war.
TRUTHDIG: This is obviously your major issue, but what other issues are you going to base your campaign on?
KUCINICH: We have to take these things in sequence. From now until the spring, this is the issue: $160 billion is more than three times what the federal education budget is. This is a huge amount of money, and all the other hopes we have as Democrats to create a new agenda for the American people in housing, in healthcare, in education, are going to be destroyed by the administration's request for $160 billion.
So does that mean I'm a one-issue candidate? Of course not. I'm prepared to lead this country forward to create a universal, single-payer, not-for-profit healthcare system. I'm prepared to lead the way towards policies of environmental sustainability, to develop advanced technologies for alternative energy, for clean energy.
This campaign is about three imperatives: It's about the imperative of human unity, of recognizing that this is one world, that we are all one, that people all around the world have an underlying connection, that we are interconnected and interdependent. And we need policies that act that interconnection. We need to affirm institutions which support the idea of human unity. And that means that we support the United Nations. It means we support treaties in working with other countries. It means we support the rule of law internationally.
The second imperative is human security, and that security has to deal with basic needs: Each person in the world has a right to survive, a right to
food that is fit to eat, and water fit to drink, and air fit to breathe. Each person has a right to a roof over his or her own head. Each person has a right to have clothes on their back. Each person has a right to some means of being able to make a living. Each person has a right to be free of the fear of violence. We have a responsibility to work to secure the world from a nuclear nightmare. We need to look at what we can do to protect peoples everywhere by working for not just nonproliferation, not just disarmament, but nuclear abolition, which in fact was the promise of the Nuclear Non-Proliferation Treaty.
The third imperative I'll discuss in this campaign is the imperative of peace. There are those who believe that war is inevitable. A belief in the inevitability of war makes war a self-fulfilling prophecy. We need to be convinced in our innate capability to create structures for peace in our society. We need to be convinced of our potential as a nation to make nonviolence an operating principle in our society. This is the motivating reason behind a Cabinet-level Department of Peace, which addresses directly, in a practical way, the challenge of domestic violence, spousal abuse, child abuse, violence in the school, racial violence, violence against gays,
community relations disputes.
The imperatives of human unity, human security, peace, all create a context for human prosperity. We have the potential to create heaven on earth. New Jerusalem is within our reach. It's waiting to be called forward through the power of courage, emanating through our hearts, through our dreams, which come from the longing of our souls. This truly is a time where we can change the world and create the world that we long for.
TRUTHDIG: You obviously have issues that you care deeply about, and it doesn't
seem like you're going into this as a sort of popularity contest, but do you think you can win? Do you have a plan to win, say, the South, and parts of the Midwest?
KUCINICH: Yes. The very fact the people put Democrats in power in November over the issue of Iraq means that there exists a tremendous amount of support for affirming the will of the people to set a new course, not only for Iraq but for all of U.S. international policy. That percolation, which resulted in the Democrats gaining control of Congress, is still there. It is fairly astonishing that Democrat leaders would forget that only a month ago we were given the control of the Congress because of Iraq. It is fairly astonishing that less than a month after being given that constitutional obligation to assume a coequal position in the government, [we] would
capitulate on Iraq by publicly declaring support for up to $160 billion in additional funding to keep the war going.
I've said it before, I've said it again: It is not credible to simultaneously say you are opposed to the war and continue to support funding for the war.
So these are some of the reasons why I'm running for president. And I believe that I will win, because people are truly looking for a new direction. Not by incrementalism, not by capitulation, but people are looking for real leadership, people are looking for foresight. And I've demonstrated foresight by moving out front very quickly when the administration was talking about attacking Iraq-warning the country that this was folly, warning the country that we needed to avert this conflict, letting Americans know that there was no connection between Saddam Hussein
and 9/11 or Al Qaeda's role in 9/11, that Iraq did not have WMD, did not have the intention or capability of attacking the United States.
Everything I said turned out to be true. People want leaders who know what the right thing is to do in the moment of crisis, not people who will say, years later, 'Well, you know, I agree, this is what should have been done.' This is a call for clearsightedness for foresight and for action, and in each case I've demonstrated an ability to step forward. And I'm going to do it again, and I expect that the American people are going to respond very powerfully to my candidacy.
TRUTHDIG: John Kerry got tarred with the 'flip-flopper' label in 2004 for his perceived wavering on the issue of Iraq. Do you think you're going to have a better chance than someone like Kerry-or Clinton, who's also been wishy-washy on some of the issues?
KUCINICH: I haven't talked about any other candidates, and I'm not going to now. I think that my consistency speaks for itself, and I think that my opposition not only to the authorization for the war but continued opposition to its funding puts me apart from all the other candidates. I'm the only member of the House and Senate who has consistently voted against continued funding for the war.
TRUTHDIG: I saw Stephen Hesse of the Brookings Institute on CNN saying that candidacies like yours are just an ego trip. Is this an ego trip for you?
KUCINICH: I've spent the last five years of my life warning our nation about the path to war and about our occupation of Iraq. There are probably easier ways to pamper oneself.
*Truthdig interviewer Joshua Scheer worked as an entry-level staffer on Kucinich's state Senate campaign and was later a summer associate in his congressional office. In this weekly interview series, Rep. Kucinich gives his take on the goings-on in Congress in the wake of the Democrats' victory.
Secure and Accessible Contact Form Update - B20080207
Mike Cherim has updated the secure & accessible contact form plugin for wordpress, you can get the new version from here. The latest version has mainly accessibility enhancements.Share Thisread more:
eBusiness Resource Center
eBusiness Resource Center. web hosting
- World-class Data Centers
- Fast, reliable, private, secure
- Online set-up/activation
- Best-of-breed routers
- Free Setup
- Daily Backups
- Several Plans Available
- From Just $3.99/month . . .
Colocation Data Center Provider, DediPower, Selected by Risk and Compliance Firm
Reading, United Kingdom - (The Hosting News
) - June 6, 2008 - Data center and colocation services firm, DediPower's Thames Valley Hosting Centre, has been selected by technology and financial regulatory risk services firm, Fortent, Inc. to support its hosting requirements.
Paul Robinson, Global IT Director, Fortent noted, 'Fortent is working with DediPower to deliver our IT hosting requirements in the UK. The financial service sector has rigorous compliance requirements and we needed a provider who could deliver to stringent standards of security in a robust data centre and totally dependable. DediPower fully understood our requirements and supported by their proven technical excellence has demonstrated its capability and flexibility in meeting our exacting requirements. Based on our experience to date, we are very pleased with how DediPower is responding to our needs and strongly recommend them as a co-location partner.'
A provider of risk and compliance technology and information to the financial services market worldwide, Fortent required an offsite data centre in the UK to protect its critical IT infrastructure. With offices on 3 continents, Fortent, like many organisations, turned to DediPower's co-location service because of the considerable advantages it offers over maintaining servers in-house. These include significant cost savings as it becomes unnecessary to build and maintain the in-house requirements that servers demand which use up valuable capital in facilities. Additionally the benefits of enhanced security, improved connectivity and hardware reliability and system flexibility, for Fortent, made co-location an obvious choice.
DediPower's Co-location solutions offer customers piece of mind that their servers will be safe and accessible 24x7x365, all housed within a secure environment with fully managed air-conditioning, redundant power supplies and high speed connectivity. Located on the outskirts of Reading, Berkshire, Thames Valley Hosting Centre is also ideal for companies who are designing disaster recovery requirements into their IT infrastructure.
Craig Martin, CEO, DediPower remarked, 'Fortent works with the world's leading financial companies to help them manage risk and mitigate financial crime effectively and efficiently, in this market reputation is critical. At DediPower, we are pleased that Fortent has decided to entrust their core systems to our data centre and associated support services.'
Fortent provides award-winning risk and compliance solutions to financial institutions, government agencies, and individuals in more than 100 countries. It has relationships with more than 400 institutional clients, including 26 of the world's 30 largest financial firms, which use Fortent technology in over 50,000 locations worldwide.
Fortent combines technology innovation and expertise in regulatory risk to help financial institutions improve productivity and protect hundreds of million accounts from money laundering, terrorist financing, and other financial crimes. Endorsed by the American Bankers Association as the industry gold standard, Fortent's advanced systems deliver the most efficient and effective anti-money laundering, know your customer, and fraud detection available on the market today. Technology clients include The Bank of New York Mellon, Bank of Tokyo Mitsubishi-UFJ, Barclays, JPMorgan Chase, Justice Federal Credit Union (U.S. Department of Justice), Lloyds TSB, The Royal Bank of Scotland, Scotiabank, and UBS.
Through its information and training businesses, Fortent serves as an authoritative source of regulatory information, news, and guidance. Alert Global Media publishes moneylaundering.com and Money Laundering Alert, and, in Spanish, lavadodinero.com. It also produces the world's largest money laundering conference and exhibition. Other services include the industry's leading professional certification program, career planning tools, web seminars, and conferences in the U.S., Europe, Latin America, and the Middle East. Fortent's global team operates from key offices in New York, Miami, Atlanta, London, and Tokyo.
DediPower, one of the UK's fastest growing managed hosting providers, delivers a range of managed hosting solutions including: dedicated servers, application and exchange hosting, high availability multi-server clusters and co-location. DediPower is a Microsoft Gold Certified partner and a RedHat Ready Hosting partner. A winner of numerous awards, hosted sites include Sony, Sam Learning, Institute of Physics, Coca-Cola, Capita, First Great Western and Carphone Warehouse. Established in 1998 and self funded, DediPower runs its own purpose built data centres totalling over 22,000 sq ft situated in Reading, UK.
For further information, visit: www.fortent.com.
To learn more, please visit: www.dedipower.com.
Web Hosting Datacenter Provider, Digital Realty Trust, Secures Yahoo! Lease
San Francisco, California - (The Hosting News
) - June 5, 2008 - Owner and manager of corporate datacenters and Internet gateways, Digital Realty Trust, Inc., has completed a Turn-Key Datacenter lease agreement with Yahoo!, Inc.
As part of the agreement, Yahoo! will establish an advanced corporate datacenter in a Digital Realty Trust Turn-Key Datacenter facility and the two companies will target the project towards meeting the strict environmental standards of the highly respected LEED Gold certification. The Leadership in Energy and Environmental Design (LEED) Green Building Rating System is the nationally accepted benchmark for the design, construction, and operation of high performance green buildings.
Chris Crosby, Senior Vice President of Digital Realty Trust noted, 'We are very pleased to further our relationship with Yahoo! with this new Turn-Key Datacenter agreement. Yahoo! understands the value of green datacenters both in terms of the impact on the bottom line and its importance for corporate responsibility. It is great to work with a company that is taking such a forward-looking approach to its datacenter strategy.'
LEED gives building owners and operators the tools they need to have an immediate and measurable impact on their buildings' performance. LEED promotes a whole-building approach to sustainability by recognizing performance in five key areas of human and environmental health: sustainable site development, water savings, energy efficiency, materials selection, and indoor environmental quality.
Digital Realty Trust was the first company in the datacenter industry to achieve LEED Gold certification in recognition of a Chicago datacenter completed in 2007. This new datacenter continues Digital Realty Trust's industry leadership in advancing the energy efficiency and reducing the environmental impact of datacenter facilities.
Kevin Timmons, Vice President of Operations at Yahoo! added, 'Yahoo! is committed to being an environmentally responsible business. We build our datacenters based on a rigorous analysis of key components such as geographical location, climates, building materials, cost performance, and use of alternative-energy systems.'
Digital Realty Trust Turn-Key Datacenter facilities provide state-of-the-art environments for supporting mission critical infrastructure, with advanced cooling, power, redundancy, and sustainability features to ensure that critical applications are available while optimizing energy efficiency. Digital Realty Trust's Turn-Key Datacenters are scalable from hundreds of kilowatts of IT Load to megawatts of IT load and are located in markets throughout North America and Europe.
Each Turn-Key Datacenter facility is physically secure and features a state-of-the-art power and cooling architecture that has been optimized for green operation. Every Turn-Key Datacenter is built using the company's proprietary POD Architecture and uses metered power to ensure that clients pay only for the power that they use.
Digital Realty Trust, Inc. owns, acquires, redevelops, develops and manages technology-related real estate. The Company is focused on providing Turn-Key Datacentre and Powered Base Building datacentre solutions for domestic and international tenants across a variety of industry verticals ranging from information technology and internet enterprises, to manufacturing and financial services. Digital Realty Trust's 71 properties, excluding one property held as an investment in an unconsolidated joint venture, contain applications and operations critical to the day-to-day operations of technology industry tenants and corporate enterprise datacentre tenants. Comprising approximately 1.2 million rentable square metres (12.6 million square feet) as of April 1, 2008, including 186,000 square metres (2 million square feet) of space held for redevelopment, Digital Realty Trust's portfolio is located in 26 markets throughout Europe and North America.
To learn more, please visit: www.digitalrealtytrust.com
. read more:
Web Hosting Application, Ensim's Unify, Upgrades Password Manager
Santa Clara, California - (The Hosting News
) - June 4, 2008 - Collaborative infrastructure and web hosting application, Ensim Corporation's Unify Password Manager, has been adapted to allow employees to reset passwords from any system or Windows log-in screen.
Ensim Unify Password Manager, Version 2.5, is part of the latest module in Ensim's Unify Enterprise Suite, designed to allow organizations to adhere to strong password policy enforcement, without slowing employee productivity or using up precious IT resources.
Requiring less than two hours for installation, Ensim's Password Manager is a simple solution that minimizes calls to the help desk and maximizes employee productivity. With it, organizations of all sizes can decrease the number of help desk calls for password reset s by more than 30%. Using a simple web-based interface, IT administrators can set and strictly enforce strong password policies by establishing any number of identity challenge questions that allow employees to verify their identity and securely reset their own passwords. Additionally, Password Manager provides a complete audit trail for compliance and security initiatives.
Scott Young, Vice President of product marketing at Ensim Corporation noted, 'It's great to set strong password policies, but it can also be a headache for IT departments and a drain on productivity. With Ensim Unify Password Manager 2.5, we provide a simple, effective and reliable solution for solving the growing problem of password management.'
The upgrades featured in Unify Password Manager 2.5 include the ability for employees to reset their own passwords from the Windows log-in prompt. Employees who have forgotten their passwords are no longer stuck at the Windows log-in prompt. Additionally, Password Manager 2.5 supports the higher security 'Graphical Identification aNd Authentication' (GINA) extensions that are now available and selected from the self-service portal.
Ensim Unify Password Manager 2.5 can be purchased separately or as part of the Ensim Unify Enterprise Suite. It is available immediately from the Ensim web site.
Recently, Ensim updated its Unify Active Directory Manager, Version 2.5, featuring Ensim's latest web-based Active Directory management tools. Ensim Unify, which self-installs in less than one hour, allows enterprises to alleviate common challenges, such as provisioning, password management, role management, and auditing and compliance of Active Directory servers.
Active Directory (AD) is a complex application that is affected by a number of system administrators on a daily basis. With an increasing number of senior IT managers turning to Ensim Unify Active Directory Manager to protect, insulate and secure their AD environments, Unify's AD Manager 2.5 features upgrades thatvirtually eliminate the unplanned downtime that frequently occurs through misconfiguration.
Unify Active Directory Manager 2.5 incorporates the following major enhancements:
Fine Grain Role Delegation : Allows system administrator roles to be restricted by organizational unit (OU). Simplified Policy-based Provisioning : Auto-setup feature simplifies using IT policy to define user templates. Auto setup now automatically configures end-users' home folder, logon script and home drive.
Customizable Provisioning Policies : System administrators can customize the user account creation and provisioning process by automatically configuring approved user name and display name patterns, as well as specified AD attributes. Change and Audit Logs : AD Manager already tracks the status of each change request made against AD. Version 2.5 also creates a complete log of all changes made to each individual object.
Enhanced Alert Notification Capabilities : System administrators can now customize the action reports, including usage statistics and end-user license alerts.
Founded in 1998, Ensim Corporation endeavors to redefine user provisioning and access control software. Available as snap-in tools or a full suite, Ensim Unify allows organizations to decrease operating costs, improve workforce effectiveness, and meet security and compliance goals. Ensim Application Managers for Active Directory, Exchange, Mobility, and Password Reset deploy rapidly, deliver instant dollar-saving results. With over a million users currently supported, Ensim's products are designed to eliminate repetitive administrative tasks, returning IT to the business of driving innovation. Ensim is Microsoft Gold Certified.
To learn more about the new solution, please visit: http://get.ensim.com
For more information about Ensim, please visit: www.ensim.com
. read more:
Hosting Partnership Between SAVVIS and SAP America, Inc., Debuts
St. Louis, Missouri - (The Hosting News
) - June 4, 2008 - IT infrastructure services for business applications, SAVVIS, has partnered in a hosting relationship with SAP America, Inc., in which SAVVIS will work closely with SAP in two key arenas.
Melanie Posey, Research Director, IDC noted, 'Web hosting platforms have advanced to the point where they can handle robust enterprise applications. Furthermore, these hosting platforms are gaining prominence and emerging as the IT infrastructure foundation of enterprises' global integration strategies. SAVVIS' relationship with SAP reflects this progression. The solutions and services provided by these key players in the hosting and business applications arenas offers an alternative implementation/service delivery model for enterprises focused on maintaining an integrated applications environment.'
Now a certified SAP hosting partner. SAVVIS has received certification from SAP for its ability to deliver high-quality hosting services. By hosting SAP solutions through SAVVIS, customers can leverage SAVVIS' expertise to gain scalability, reliability and speed to market.
SAVVIS has also announced the availability of a hosted infrastructure platform for the SAP Business All-in-One solution. The SAVVIS solution targets mid-market customer segments and provides complete hosted IT infrastructure optimized to run SAP Business All-in-One. It is available exclusively through SAP channel partners authorized to resell SAP Business All-in-One and provides a low-cost, high-performance environment on which to deploy SAP applications.
Glenn Wada, Senior Vice President and general manager, SAP America, Inc. remarked, 'SAP is pleased to welcome SAVVIS as a new certified hosting partner. SAP solutions hosted by SAVVIS will provide significant opportunities for our customers. We believe that SAVVIS will help us to further address this market, delivering increased reliability, security and scalability to customers.'
Phil Koen, CEO of SAVVIS commented, 'We are proud to be a certified SAP hosting partner and to deliver hosted solutions in support of the SAP Business All-in-One solutions. We look forward to working with SAP to build one of the best hosted software-as-a-service solutions in the industry.'
BearingPoint, one of the world's largest management and technology consulting firms and an SAP global services partner that offers qualified SAP Business All-in-One partner solutions, has extensive experience helping mid-market companies implement SAP solutions with a primary focus on the high-tech, industrial manufacturing and state and local government markets.
Mark Mazur, BearingPoint's Commercial Services SAP practice leader added, 'Now that SAVVIS is a certified SAP hosting partner, mid-market companies have another option in the marketplace that will help them leverage an advanced web hosting platform while, at the same time, helping to lower their initial capital investment. BearingPoint is proud of its long-standing global partnership with SAP and we look forward to working with SAVVIS to expand our global integration services by providing mid-market customers high-performance hosting capabilities.'
Operating a global network and approximately 29 data centers in the U.S., Europe, and Asia encompassing more than 1.4 million square feet, SAVVIS offers customers a variety of flexible and cost-effective IT infrastructure services that can easily be mixed and interchanged. These include a broad portfolio of hosting services, enterprise network solutions, and managed security services.
Headquartered in St. Louis, Mo., SAVVIS, Inc. is an IT infrastructure services for business applications. With an IT services platform spanning North America, Europe, and Asia, SAVVIS is an industry leader in delivering secure, reliable, and scalable hosting, network, and application services. These solutions enable customers to focus on their core business while SAVVIS ensures the quality of their IT systems and operations. SAVVIS' strategic approach combines virtualization technology, a global network and multiple data centers, and automated management and provisioning systems.
For more information about SAVVIS, please visit: www.savvis.net
. read more:
Data Center Managed Hosting Firm, Peak 10, Expands Customer Portfolio
You Searched for
Atlanta, Georgia - (The Hosting News
) - June 3, 2008 - Data center operator and managed services provider, Peak 10, has added Georgia-based customized technology solutions firm, The Kotter Group, to its customer portfolio.
The Kotter Group will receive data center services out of Peak 10's state-of-the-art Atlanta facility. Adam Kotter, President and Chief Executive Officer of The Kotter Group noted, 'We chose Peak 10 because of the personal service and attention that we received. Most of the data centers that we considered had similar technologies, but Peak 10 was the only company that enabled us to sit down with the people with whom we would be working with and talk through our current and future data center requirements. This personal touch made all the difference. We are confident that we can count on the Peak 10 team and look forward to a long standing partnership.'
Matt Searfoss, Vice President and General Manager of Peak 10 Atlanta commented, 'Peak 10 Atlanta continues to experience phenomenal growth and success, which we owe to the talented team of individuals we have on staff as well as our unmatched services. We are very excited about partnering with local organizations, such as The Kotter Group, and providing them with customized solutions and around the clock support to meet their mission-critical IT infrastructure needs.'
Recently announced Peak 10 Atlanta customers include T3i, Secure Harbor Data Vaulting, Innovative Hosting Solutions and Iatric Systems. Peak 10 Atlanta's services and support improve reliability, increase revenue growth, lower costs and maximize internal resources for customers while keeping their valuable information technology assets close to the business. The company combines its secure network, high-tech data centers and portfolio of managed services with localized engineering and support to serve market-leading companies nationwide. Peak 10 owns and operates 12 data centers in nine key markets that include Cincinnati, Ohio; Atlanta, Ga.; Raleigh and Charlotte, N.C.; Tampa and Jacksonville, Fla.; Nashville, Tenn.; Louisville, Ky.; and Richmond, Va.
Since 1996, The Kotter Group has provided both small and large businesses with customized technology solutions, including providing hardware, software, networking, and support services. With the ability to stay abreast of technology changes, diversify, adapt and truly be experts in the field, The Kotter Group currently supports thousands of users across the United States with its technical support services, remote data backup and other unique and economical solutions for their technology issues.
Peak 10 is an independent data center operator and managed services provider in the eastern United States, delivering scalable, economical and reliable solutions for hosting and managing complex information technology infrastructure. The company combines its 12 data centers and portfolio of managed services with localized engineering and support to serve market-leading companies including LendingTree, Rivals.com, Global Knowledge, Pergo, Churchill Downs, The Fresh Market and the Jacksonville Jaguars. Peak 10 is SAS 70 Type II compliant and helps companies meet the requirements of various regulatory compliance acts such as Sarbanes-Oxley (SOX), HIPAA, PCI and Gramm-Leach-Bliley (GLBA).
To learn more about Peak 10, please visit: www.peak10.com
. read more:
secure web cam Click secure web cam to go to MMK Technologies
SEARCH RSS NEWS USING THE WORDS BELOW
secure web cam |
webcam security |
video piracy |
media piracy |
windows media player security |
secure media |
protect audio |
video stream protection |
MMK Technologies |
prevent audio theft |
prevent video theft |
web page design |
ecommerce shopping cart |
shopping store ASP |
sell online |
sell products |
products to sell online |
web technology |
website builders |
web site builder |
bradenton web design |
florida web design |
bradenton website design |
protect MP3 |
keep video from being copied |
sarasota web design |
secure upload video |
web programming |
cgi programming |
net hosting |
net development |
flash design |
flash programming |
cool flash |
action script |
flash database programming |
flash graphics |
graphics design |
graphics disign |
flash disign |
web disign |
web design |
website design |
internet marketing |
web marketing |
web site marketing |
web sites designer |
web designs |
internet design |
programming developer |
website marketing |
web development |
marketing internet |
web sites designing |
site designs |
sites designs |
internet designer |
internet designs |
e-commerce store |
web development |
web site development |
design webs |
internet site marketing |
internet hosting |
internet host |
web hosting |
web host |
sell on the internet |
sell on the web |
e-commerce store |
internet development |
florida web site design |
website development |
ecommerce store |
sell online |
affiliate program |
asp web store |
marketing program |
marketing software |
submission software |
asp programmer |
cgi store |
perl store |
internet store |
database programmer |
internet database |
online marketing |
ecommerce software |
streaming media |
video streaming |
secure video streams |
media streams |
audio streaming |
MP3 security |
avi security |
Windows Media Security |
protect video |
secure web cam |
MMK Directory Web Design website Design webmaster programmer programming hosting web marketing
Web Design Hosting and internet marketing by MMK Technologies
(c) Copyright 2005 MMK Technologies.