Trust requires transparency

I came across this excellent post via Bruce Schneier’s blog;

The post highlights that while Verisign has publicly claimed that they have dealt with the recent breach of their systems and that the Domain Name System (DNS) has not been compromised, they are still very light on details of what actually happened and how the DNS system was protected and has in fact not been compromised.

The point of the post is that for us to truly trust them and the systems the own and run again they must be open and transparent.

This is an excellent point and one well worth remembering.  While it may appear that the most secretive systems or organisations may be the most secure, actually it is likely we can place the most trust in those that are most open where we can clearly see and verify the security of their systems and processes.

Read the post and Verisign’s statement and make up your mind on whether you think you would be more ready to trust them if they were more open and transparent.

Be secure, open and trustworthy..


Joke of the day..

The below is of course hypothetical and similarity to any real people or situations is purely coincidental..

Hi can you design solutions for our environment?

Sure, could you provide me with details of the environment, ideally some sort of architecture document covering what it comprises of and how it’s configured?

No we don’t have that.

OK, could you provide me with access to the environment so I can understand it, how it’s configured and any capacity constraints etc.


Erm OK.. I’m off to buy a magic 8 ball then.

Dilbert couldn’t do better

Back to more serious posts next!


Project suggestions..

So I am currently working on what my MSc project should cover.  As the overall title of the MSc is Distributed Systems and Networks the project should likely incorporate some sort of networked / distributed system.  Given my continued interest in IT Security and the fact one of my favourite modules was actually titled ‘Distributed Systems Security’ I’d also like to incorporate a strong security focus into the project as well.
As I am also working on some cloud security related work for the Cloud Security Alliance I am thinking something ‘cloud’ related would be good as this would bring together aspects of security, obviously distributed systems along with being a very current topic.
The purpose of this post is to garner ideas and suggestions for project content and/or possible titles as I am struggling a little to decide the best and most interesting / useful option.  Likely especially relevant to the guys I am working with on CSA projects, but obviously open to anyone – what areas would you like to see further research in, where could my MSc project and value and insight?
Please feel free to post here or email me with any ideas and suggestions. Many of you have my email, however if you need it; it’s on my LinkedIn profile.  I’ll keep this blog updated with my topic decision and also link to the project once it is complete.
Thanks for your interest – looks like this is going to be an interesting and busy year!

The Internet of Things

Intel has created a graphical representation of all the different devices connected to the internet along with some key milestones throughout the development of the internet.

These include;

– the first connected computer in 1960

– the birth of what we now know as the internet / world wide web from 1989 through the ’90s

– the Sega Dreamcast which was the first connected games console

– through to current devices such as the iPad.

The graphic also predicts the future, estimating 4 billion people connected with 31 billion devices by 2020!

The graphic can be found in various sizes here;


Bad Science 15 minute overview

Following from my book review of ‘Bad Science’ by Ben Goldacre, his 15 minute overview was posted on Ted;

If you are curious about the content of the book, or just what he means by Bad Science then I highly recommend checking this speak out.


Choosing the right project(s)

Choosing the right projects to focus limited resources on is clearly key to the success of any business.

When projects / programs are prioritised in in your (most) businesses is this always done using the best and most objective methods available?  How are they chosen in your organisation?  How are the chosen projects and programs then prioritised against each other?

Most organisations will no doubt claim to have a very organised and agreed approach to this process based around business priorities and the clear business benefits from each project being considered.  If you look more closely though the reality is often very different with processes like these;

–          Which project is sponsored by the most senior individual in the organisation?

–          Which project is being pushed by the most aggressive sponsors/ individuals?

–          Which project has the best sales pitch (e.g. best presentation)?

–          Which project is being pujshed by the sponsors / individuals with the best political connections in the organisation?

–          Whish project will provide the greatest return on investment (ROI)?

While I am sure you are thinking that ROI sounds like a reasonable choice for choosing projects, and indeed used 100% impartially it can be, however it easy to manipulate ROI figures and most ROI statements such as “will save xx millions” have little supporting, reproducible, evidence.  Also, in reality how many projects thoroughly calculate the ROI on a project after it is completed and hold those who made the statements accountable for their accuracy?

In addition to the above thoughts on how projects are chosen, it is also clear that the more projects an organisation has to choose from the less time they are likely to be able to put into correctly choosing the best projects for that organisation.

One logical approach to the process of choosing and prioritising the best projects for your organisation is that of value graph analysis.  Interestingly this process has come up twice recently, in the book ‘Simple Architectures for Complex Enterprises’ and on the recent ISEB Enterprise and Solution Architecture course I attended.

The idea of Value Graph Analysis is that it allow you to impartially take into account factors such as the risks of doing or not doing the project, the cost of doing the project, the potential returns of doing the project, the time and resource requirements to complete the project.

While the included factors in a graph can be tailored, both sources that highlighted this approach suggested the same set of default / typical factors;

–          Market Drivers – what market reasons support the project?

–          Cost – what is the project cost?

–          Organisational Risk – what are the risk factors the project addresses?

–          Financial Value – what are the financial benefits of doing the project?

–          Organisational Preparedness – how ready is the organisation to complete the project?

–          Team Readiness – how ready is the proposed project team to complete the project?

–          Status Quo – what are the outcomes / impacts of not doing the project?

The output of assessing all the above factors is the Value Graph, an example of which is shown below as a spider graph;

Spider diagram value graph
value graph example

Values closer to the edge of the graph are considered positive.  Aside from ensuring a wide range of key inputs are included in the prioritisation process, a key advantage is that Value Graphs, especially when using the spider graph representation, enable easy comparison of projects to define priorities by comparing the relevant graphs for those projects.

I recommend checking these out; creating Value Graphs for your projects will enable clear and logical prioritisation and will definitely benefit your organisation in the long term!


Ten Technology Trends That Will Change the World in Ten Years





Not one I can claim any credit for, but I thought this was interesting enough to share. Cisco’s chief futurist and chief technologist Dave Evans’ ideas for 10 key tech trends that will change the world over the next 10 years;


As an aside, how cool is that job title?  I’d definitely like like to have that role..

He covers a wide range of ideas from huge data volumes to IPv6 to solar power to 3-D printing.  Definitely interesting and thought provoking reading.




NSA releases home network security best practices guide

The NSA has released an excellent guide titled ‘Best practices for keeping your home network secure’.  This covers the obvious things like

– securing your O/S (windows and Mac are covered) via patching and using current software etc.

– home network security via wireless encryption, strong passwords and DNS settings.

The guidance then goes further to cover areas including;

– Email best practices

– Social network site use

– Password management

– Travelling with mobile devices.

Overall while this is unlikely new information for those familiar with IT security, this is great guidance for those not working in this area.  I’d highly recommend you share this with your friends and family and help them understand the advice as it will improve their home and general on-line IT security / safety.


Cheap IOPS, Expensive Gigabytes…

Recently we implemented a fast storage solution to meet the needs of a growing (and horribly non-relational and un-normalised) database.  While actually a very simple solution from an architectural standpoint it was one of those products that performs exactly as advertised and has impressed us immensely with it’s performance, so I wanted to briefly write about it should anyone reading this need a fast server based storage solution.

The products in question are from a company called Fusion-IO, and are called ioDrives, the same drives are also available through HP who re-brand them as Accelerator IO cards.

The title of this post was actually taken from a conversation with one of the guys from Fusion-IO when we were evaluating the performance of their cards.  He highlighted that what they effectively do is ‘make IOPS cheap and Gigabytes expensive’.

IOPS = Input Output operations Per Second – basically how many times the device (hard disk / SSD / Array) can read or write to itself per second.

Reading the performance statistics for the cards provided some very impressive statistics, but obviously we wanted to prove these for ourselves, in our environment with our hardware and simulation of our typical workload (the mix of reads and writes we typically see from the application).

The cards used in our testing and subsequently our production environment are the 640GB MLC cards, details of which can be found here;

We tested the performance in an HO DL580 G7 with 4 * 8 core Xeon CPUs @ 2.26GHz and 128GB RAM, using the SQLIO Disk Subsystem Benchmark Tool from Microsoft.

The results certainly met our expectations, we saw >90,000 IOPs from a mixed read / write configuration via the SQLIO tool in our real world scenario.  This is particularly impressive given the use of very ‘normal’ off the shelf hardware components.

We were comfortable enough with the results that we recommended the use of these cards for a critical production system in a mirrored (RAID 1 across 2 cards) configuration, and as mentioned have since implemented this solution with great success.

It is worth noting that the cards do have a considerable amount of built in resilience and redundancy so not all implementations would require mirrored cards, in fact according to the vendor most implementations are not RAID 1 and they rarely if ever see any issues.

Before signing off this post I should mention my college Ben Cox who is our local DBA extraordinaire as he actually ran the tests and documented the outputs.


Movie Star

Well this week saw my, and my car’s, first foray into the world of acting.  A great friend of mine, Andre Renner and his partner in Recoil Films Sean J Vincent, are making a trailer for their next movie – ‘Their Law’.  Check out the full details at it’s going to be an awesome film.

What I discovered;

–          Filming is long winded and it takes a lot of time and effort to get just a few seconds of quality footage.

–          It was very cold waiting around between shots in a car park, and spending a couple of hours being shoved into a van and shot (repeatedly!) until about midnight in mid-January!

–          A lot of thought goes into shots / scenes to make sure everything from the layout and backgrounds to the lighting is spot on.

–          I had a great time, and am hoping to be involved in their future projects!

Overall, I had a great couple of evenings helping out, and met some great guys.

The only downside seems to have been that repeatedly locking and unlocking the car for a scene appears to have broken the central locking on the Exige, so it is currently stranded on the drive until I can get it fixed and unlock the doors!

When it is released please support this movie, it’s looking great and the guys are putting a lot of work into it.