Friday, January 31, 2014

Right time to review the following security standards


Security is the keyword that makes or breaks an organization and an essential requirement of cloudification of your business. Even though it is debatable whether compliance and security are one and the same, it is easy to see that security concerns begat the other.

Instead of adding a reading list, I am summarizing some of the security related acronyms that I came across while looking at the security standards and the standards adopted by some of the countries.

Here are some links to Asian Standards.

China:
http://csis.org/publication/national-security-and-chinas-information-security-standards

India:
This is quoted from the following:
"The International Standard IS/ISO/IEC 27001 on “Information Technology –
Security Techniques – Information Security Management System – Requirements”
has been adopted by the country"
In effect it adopts IEC 27001 for its requirements.

http://www.naavi.org/cl_editorial_11/draft_guidelines_43A-79-cyber_cafe/senstivepersonainfo07_02_11.pdf

Japan:
Also follows ISO 27001 and it is required by companies just like in India.
http://www.safis-solutions.com/resources/IndustryNews/iso27001.shtml

Regarding the acronyms:

PII is ―"any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information."

The above is taken from NIST's document at this link:
http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf

Although this is a very broad definition, because of our education, work, or other activity the PII for most people should readily be available. It also turns out that even if you are non-PI source now, once you carry our activities like applying for driver's license; getting an new email address etc may turn you into a PII source.
More here on this:
http://www.gsa.gov/portal/content/104256


PCI
Payment Credit Card Industry Data Security Standard (PCI DSS) applicable to credit card transactions. PCI DSS puts down the requirments to secure entities that deal with processing, storing or transmitting credit card information. There are no visible penalites for not being PCI compliant.

PA DSS is Processing Application Data Security Standard where the application  includes entities that store, transmit Credit Card Information electroncally such as Point-of-sales devices at retail stores; shopping carts on on-line; restaurants; your tax preparer  etc.

Members of Payment Card Industry Security Standard Council (PCI SSC) are American Express, Discover, JCB, MasterCard or Visa

More here:
https://www.pcisecuritystandards.org/security_standards/documents.php?document=pci_dss_v2-0#pci_dss_v2-0

PIPEDA - Canada
Personal Information Protection and Electronic Documents Act (PIPEDA) is an act of Canadian government related to electronic commerce.

"An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions and by amending the Canada Evidence Act, the Statutory Instruments Act and the Statute Revision Act
"
This is a quote from the following site:

Details here:
http://laws-lois.justice.gc.ca/eng/acts/P-8.6/

Directive 95/46/EC - Europe
A directive of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Download the directive in pdf here:
http://ec.europa.eu/justice/policies/privacy/docs/95-46-ce/dir1995-46_part1_en.pdf

This here,
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML
Comprehensively covers the global features of 'Personal Privacy'. It is good read.




Honolulu SQL Training: Register, the classes are going to start soon

The two non-credit courses offered by the Pacific Center for Advanced Training are going to start soon. Register and upgrade your database skills.

Course content and more details here:
http://hodentek.blogspot.com/2013/12/sql-training-in-honolulu-introduction.html


Wednesday, January 29, 2014

Oracle Day in Honolulu, January 28, 2014

Converge, Connect was the theme of the Oracle Innovation Forum in Honolulu,
Hawaii. With an attendance of over 100 there were lots of interesting
discussions. The event took place in the ball rooms of Westin Moana Surfrider
on the beach side of Waikiki.



The event started off with the key note, Innovation in Practice by Gayle
Fitzpatrik focusing on innovation, convergence and integration. She touched
upon Oracle Cloud Solutions. 25 million Users, and over 10000 customers makes a
compelling case. There were many slides showing how Oracle Cloud Solutions were
better than others in all respects including flexibility, security, and
performance. She also spoke about the dawn of the M2M era and the Internet of
things. In any case business should be good in the coming years with over 50
billion connected devices. Some examples of Oracle solutions adopted by industry
was also mentioned with  lot more details about a Regional Power
Company.

Mark Kelder of Oracle described the Oracle 12 C features; the advantages of
pluggable vs. separate databases for an enterprise. The scaling of pluggable
databases beats that of Separate databases by a wide margin. With Container
Database 12.1, the upgrading in place (in-situ) is a matter of minutes (I am not sure if I got the unit correct; I will sure when the promised PPT arrive)  and you
can plug/unplug databases as required (versions 10.2, 11.1 and 12.1). Point in
time recovery for plugged databases is another great feature which is most
appropriate for SaaS. He also described the cloning of pluggable databases for
test and development as well as dual format covering both row and column for
the in-memory database.

Troy Kitch spoke on Internet of things and various security regulatory
compliances (PII, PCI, PIPEDA, PCI DSS and Directive 95/46/EC). Unfortunately I missed most part of his talk.

In the afternoon Srividhya Kasturi explained the details of Oracle Mobile
Solution covering Mobile Apps; Mobile Platform and Mobile Security. She
mentioned MbaaS, the Mobile backend as service. There was a lot of talk in
trying to answer, what is driving the cloud? Globalization; data explosion;
rise of mobile devices; Social media; and the necessity to modernize to
survive were all mentioned.

I am not sure if this is the order of importance in the driving forces
but what appears to be given is security is still a troubling issue.

She also touched upon a hybrid cloud with private cloud (SaaS, Paas, and IaaS) and Public Cloud (SaaS and PaaS). 5 considerations for cloud integration were laid out; Connectivity, flexibility, (Visibility-Management?), security and scalability). CISCO WebEx order management system with Oracle SOA Suite was mentioned.

Michelle Beasley and Gia Villanueva compared and contrasted traditional ETL+CDC
vs. the modern E-LT + real time. Ross stores case study was mentioned.

All in all it was an interesting day with all the modern buzz and Oracle as
usual extended impeccable hospitality to the attendees.

Full schedule here:

Monday, January 27, 2014

Creating and connecting to a Contained Database in SQL Server 2012

Contained databases are the best choice if you have migration in mind and with SQL Servers both in-house and the cloud, migration will always be an important item to consider.

Read this article for the benefits of Contained databases:
http://stackoverflow.com/questions/5932293/what-is-the-real-benefit-of-contained-databases

SQL Server 2012 only supports partially contained databases and in future versions this may change.

Depending of the version of SQL Server Management Studio you may or may not be able to connect to the Contained database although you will be able to create one. Once you get connected (SQL Server authentication) you will be able to access only the connected database.

The following link describes some error messages you may encounter trying to create a contained database and connect to it. You can use both SSMS as well as T-SQL to create a partially contained database.

http://hodentekmsss.blogspot.com/2014/01/troubleshooting-connection-to-contained.html

The next image shows the tree structure of a partially contained database.



 

Thursday, January 23, 2014

UK Government Chooses the OS - the winner is...

According to this article in TechRepublic, UK's Communication-Electronics Security Group seems to have checked out Linux, Windows and Mac OS X from the stand point of security and have come up with Linux as a clear winner.

After you read the article please also read the interesting comments both pro and cons before you jump into big conclusions.

The test for cheching out the Oss consisted of the following:

•VPN
•Disk Encryption
•Authentication
•Secure Boot
•Platform Integrity and Sandboxing
•Application Whitelisting
•Malicious Code Detection and Prevention
•Security Policy Enforcement
•External Interface Protection
•Device Update Policy
•Event Collection for Enterprise Analysis
•Incident Response

The specific OSs tested were Ubuntu 12.04 LTS; Windows 8  and  Mac OS X and the summary of the rating is:

*Ubuntu 12.04 nine of the 12 tests and had zero significant risks
*Windows 8 passed seven with 1 significant risk
*Mac OS X passed eight tests with zero significant risks

Well security is a very important parameter in the choice but there are other criteria such as cost as well. With Microsoft not supporting Windows XP in the near future there may folks looking for a suitable platform and perhaps some Windows folks may go over to Linux.

Wednesday, January 22, 2014

Windows XP Support anti-malware support extension

Windows XP help and support cut-off starting APRIL 8, 2014 would have resulted in moving out of Windows XP from everywhere including the 0.5 million ATM machines.

Now this extension will provide anti-malware security till July 2015. Not much of an extension but better than nada.

Read the full story here:
http://blogs.technet.com/b/mmpc/archive/2014/01/15/microsoft-antimalware-support-for-windows-xp.aspx

Windows XP is 'no longer supported operating system' means,

"Windows XP users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft."

I think users should simply bypass Windows 7 and go directly to Windows 8.1, of course this will depend on those selling software for ATM machines.

 

Get this free, Open source office suite - LibreOffice

Download this small sized (1.56MB) LibreOffice Office suite. You can use it for Word Processing; spreadsheet editing; creating presentation and for making drawings.  Why pay $149.99 for Microsoft Office or even $39.99 for Microsoft Works, this one is free.

You can save your files created with OpenOffice to Microsoft Office suite formats.

Download from here: Please read to the end of this post before you download.

http://www.sonicdownloads.net/download/Utilities/LibreOffice/?a=14349&f=advertisedotcom_libreoffice_intyield2

Here are some screen shots that you may want to look up before downloading:

 
It is pretty easy to install and use requiring very little resources.
 
 
This is further to the above:
 
I did not download this program from the above link as too many unwanted programs tried to sneak-in. Here is a list I had to contend with:
 
SpeedUpMyPC
WebSparkle
SeverWeatherAlerts
CleanWater Action Reminder
Secure Web
Genieo
ArcadeParlor
BrowserSafeGuard
Slow PC_Fighter
Driver Genius
Internet Updater
 
I had to remove all of them one at a time. I decided not to install LibreOffice suite.  

 

Tuesday, January 21, 2014

The good, the bad and the ugly of downloading programs

It has become quite common to bundle up lots of stuff from various  vendors  in a download whether the person downloading wants it or not. To be fair they do give options to accept or decline and sometimes even after declining they get in any way.

These programs may not fall in the 'bad' and 'ugly' categories but they are not required by the user and they  should not be bundled.

You may have to get rid of them from your Add/Remove programs and there are some add-ons to your browser that you may  have to get rid of and some of them cannot be disabled and produce horrible pops-up ads. I think  this process should be more 'ethically managed'.

I have had similar experiences while trying to install the latest version of flash; almost anything from Softpedia web site and even Microsoft.

Here are the programs that got into my computer even after declining them in the installer windows while installing Silverlight 5.

 
I just needed Silverlight 5 and find minimal interest in the others. It took a while to get rid of the unwelcome visitors.
 
Here are programs I removed from my computer:
 
 
 
 
 

Trick to bring up Object Browser in Visual Studio Express 2013 for web

Object browser is a great menu item in Visual Studio if you are trying to dig into the details of a program. Unfortunately it is missing (I don't think only in my installation) in Visual Studio Express 2013 for web. Object Browser is also absent in the Other Windows submenu item.


In order to make it show up, you can click on an object like a button, or a text-box and from the drop-down menu click on Go to defintion shown.



This will bring up the object browser as shown.

 

Saturday, January 18, 2014

Some great features in the January 2014 Windows Azure update

Access Scott's Weblog to learn details of the latest Windows Azure update on
January 16.

Here is an abbreviated version for your speedy review.

The following are the enhancements that you can see is update:

  • Web Sites: Staged Publishing Support and Always On Support
  • Monitoring Improvements: Web Sites + SQL Database Alerts
  • Hyper-V Recovery Manager: General Availability Release
  • Mobile Services: Support for SenchaTouch
  • PCI Compliance: Windows Azure Now Validated for PCI DSS Compliance
These take effect immediately (either the relese or in the preview item).

Web Sites: Staged Publishing Support:
Staged site publishing can be enabled. The staged site URL is different from that
of main site. This is very helpful in site/app development before going to
production and deployment from staging to production can be instantaneous for
content as well as configuration.

Web Sites: Always On Support
Now 'AlwaysOn' has come to the Web Sites as well. With this enabled you can see
if anything needs attention as the site is pinged periodically to verify that
the site is running smoothly.

Monitoring Improvements: Web Sites + SQL Database Alerts
There is nothing like enough monitoring, the more you can monitor the better you are
prepared to handle problems. The two new improvements introduced with this
update are:
  • Metrics updated every minute for Windows Azure Web Sites
  • Alerting for more metrics from Windows Azure Websites and Windows Azure SQL Databases
Now you can create alerts to 6 different services:
  • Cloud Service
  • Mobile Service
  • SQL Database (New Today!)
  • Storage
  • Virtual Machine
  • Web Site (More Metrics Today!)
Windows Azure Hyper-V Recovery Manager: General Availability Release

This release to production is ready including enterprise SLA.

Mobile Services: Support for SenchaTouch

You need to add an extension from SenchaTouch. SenchaTouch is a well know HTML/JavaScript-based development framework for building cross-platform mobile apps and web sites. With today’s addition, you can easily use Mobile Services with your SenchaTouch app.

Windows Azure Now Validated for PCI DSS Compliance

Windows Azure is now validated for compliance with the Payment Card Industry (PCI) Data Security Standards (DSS) by an independent Qualified Security Assessor (QSA):Neohapsis.

All Microsoft Datacenters appears to be covered from looking at the http://go.microsoft.com/fwlink/?LinkId=389875. Here is a screen shot of what is covered:
image.

 
Have a good week end!


 

Thursday, January 16, 2014

SQL Server T-SQL Window functions

Windows functions in SQL Server's T-SQL is not related to the Windows operating system but the kind of more detailed ordering (and all the calculations you can do with the ordered set) than you can get by using the regular Group By clause. Windows functions are obviously much more powerful than what you get by mere grouping and sub-queries. There are many enhancements in SQL Server 2012 which are most useful in analytic calculations.

The following windows functions were introduced in SQL Server 2005:
Row_Number
Rank
Dense_Rank
NTILE

These are enhanced in SQL Server 2012 by providing functions that provide better analytics,



  • Windows Order and Frame clauses
  • Windows Offset functions
  (Lag, Lead, First_Value, Last_value)
  • Windows distribution functions
  (Percent-Rank, Cume_Dist, Percentile_Disc and Percentile_Cont)

Conceptually it is as if you have created a window of rows to which you apply some processing and the result is returned in a single row as related to the windowed rows). You define the window in which the processing takes place by the clause OVER.

Details of a single example using the RANK function can be found here

Big Data Generation 2: Conseil Européen pour la Recherche Nucléaire

2012 marked the year when Higgs Boson (aka Higgs Particle predicted in 1964)  was discovered at CERN. In order to get to this, immense research was undertaken spanning many years of hard work.

One of the main challenges is the data storage of the immense amount of data that is gathered every second, non-stop. The other challenges are how to make this data available to 1000's of scientists globally and how to find the rarest of events that is hidden in this immense amount of data. This is clearly the area of what we call 'Big Data'.



Big data is generated here and federated across the World.

"CERN’s 17-mile-long collider generates hundreds of millions of particle collisions each second. Recording, storing and analyzing these collisions represents a massive challenge; the collider produces roughly 20 million gigabytes of data each year. CERN stores that data partly on the premises in Geneva, but has to distribute roughly 80% to data centers all around the world. So far, CERN has amassed about 200 petabytes of data."

The above is quoted from here,
Trends in Big Connectivity: Higgs Boson & the Science of Big Data

CERN’s Big Data processing relies on the Hadoop Distributed File System for storing massive amounts of data.

Huawei plays a big role in facing this data storage challenge with its cloud / storage solutions. Follow the details here

http://enterprise.huawei.com/en/search/index.htm?ssUserText=cern

CERN relies on NetApp Storage solutions.
Watch this NetApp Video:


About CERN:
It is too well known that needs an introduction, but if you have missed here is an intro and a video from CERN.

Conseil Européen pour la Recherche Nucléaire, or European Council for Nuclear Research's main field of activity is Particle Physics. The physics to understand the building blocks of this universe and how they interact.

It should be noted that the World Wide Web (the first scripted) was invented by Berners-Lee in 1989 also at CERN.
http://home.web.cern.ch/about
Here is a movie that tells you what CERN is about:
http://cds.cern.ch/video/CERN-MOVIE-2012-193

Monday, January 13, 2014

Get out of your mobile carrier contracts

I cannot but echo the sentiments of John Legere, CEO of T-Mobile when he said,

"Carriers have counted on staggered contract end dates and hefty early termination fees to keep people bound to them forever. But now families can switch to T-Mobile without paying a single red cent to leave them behind".

 May be you should take up T-Mobiles offer detailed here:

"T-Mobile offers to pay termination fees"

Get details of my experience of my contract here:
http://hodentekmobile.blogspot.com/2014/01/do-not-get-into-two-year-contracts.html


 

Wednesday, January 08, 2014

Microsoft and Education

Microsoft is trying to do some workout with students on their overall development- scholastically speaking. It is high time that the improvement in education standards are addressed. USA may be a great country but not in educating its students despite massive spending.

In fact, quite far down in Mathematics and Science rankings among the OECD Countries as you can see from this 2009 report and probably not much better off in recent surveys as well. Shocking but true.

Overall



Mathematics and Science


Here is Microsoft's Education related site.


There are plenty of Apps on the internet (you just have to click off Face Book etc..) which will make your learning a pleasure. I do not mean that you should get rid of Facebook and twitter but...

Here is a video of one of the APPs from the store. it is available for all the vendors, not only MSFT. This was randomly chosen but there are zillions of apps.

http://www.geogebra.org/cms/en/download/


Also visit;
http://www.educationcorner.com/k12-education.html

Monday, January 06, 2014

Get started on Oracle Data Access Components (ODAC) 12C

Get your copy of ODAC 12C Release 2 so that you can get most out of the following 4 components:

Oracle Provider for .NET (ODP.NET optimized for ADO.NET access to Oracle database. More here, http://www.oracle.com/technetwork/database/windows/index-085163.html

Oracle Developer Tools for Visual Studio - a free ADD-IN for VS 2010, VS 2012 and VS 2013. More here,
http://www.oracle.com/technetwork/developer-tools/visual-studio/overview/index-097110.html

Oracle Providers for ASP.NET
Oracle Providers for ASP.NET support Service providers (on both x32bit and x64bit Windows)that store application state in databases.
More here,
http://www.oracle.com/technetwork/topics/dotnet/index-087367.html

.NET Stored Procedures
This is an Oracle Database Extension for .NET. It is a feature of Oracle runnning on windows.This extension makes it easy to develop, deploy and run stored procedreus written in .NET managed languages through a wizard driven UI.

More here, http://www.oracle.com/technetwork/topics/dotnet/index-085095.html

Download your copy here:
http://www.oracle.com/technetwork/topics/dotnet/downloads/index.html

Find similar items on the Hodentek blog here:
http://hodentek.blogspot.com/search?q=oracle+developer+tools

Sunday, January 05, 2014

What are Solutions and Projects in SQL Server Managment Studio?

When you are working on a SQL Server Database related problem you may design Tables, Views, Stored Procedures and sometimes it may involve components other than the Data Engine. SQL Server Management Studio provides a means to group together all your codes in one place as part of a SQL Server Project. A solution is a container for a project(s) containing all logically related scripts and files in one place. It is available even in SQL Server 2012 Express. This is the platform to use if you want to develop scripts for Database Engine and Analysis Services. SQL Server is tightly integrated with Visual Studio,

You can work with Solutions and Projects with this interface in SSMS.

Related to Solutions you can do the following:
Create a New Solution
Open an Existing Solution
Close a Solution
Delete a Solution
Copy Items in a Solution
Remove or Delete an Item or Project
Move Items in a Solution
Rename Solutions and Project Items

Related to Projects you can carry out the following:

Create a Project
Add an Existing Project to a Solution
Change the Default Location for Projects
View Project Properties
Add New Items to a Project
Associate a Query with a Connection in a Project
Change the Connection Associated with a Query View
Change the Properties of a Connection in a Project

More about Projects and Solutions in SQL Server Management Studio  here:
HodentekMSSS

Master C# and become a Universal Coder

Is this the coming of age of C#?

Of course with your C# mastery and XAMARIN Studio you can become a Universal coder. The apps are written entirely in C# but your target platform could be Windows, Mac, Android and iOS. Isn't that cool? You can have your favorite .NET libraries and still use stuff for platform specific libraries, and have a good mash. If you have not tried XAMARIN try it now and join the 0.5B developers World wide. Down load a free version here which is really bare bones.

http://xamarin.com/

The free version gives you:

Xamarin Studio and deploying to Device(s) or deploying to App Store(s) capabilities. Perhaps the app size is limited and if you want unlimited appsize, prepare to shell out $299/year in buying a subscription. The top end costs $1899/year.

Here is the product line-up, you choose.








Friday, January 03, 2014

The difference between Power Pivot and Power Query

There may be a some overlapping functionality in accessing data as both of them have to access data sources but Power Query is more like SSIS (SQL Server Integration Services) a la EXCEL while Power Pivot (SQL Server Analysis Services) is more like SSAS.

The variety of data sources that Power Query can connect to manage is much wider than that of Power Pivot including the social media created data like Facebook and unstructured data.
Power Pivot has a more powerful analytical role than Power Query which you  can easily make out by just looking at the user interfaces.

However both of them are downloaded as add-ins for MS EXCEL 2010 or 2013 as shown (MS EXCEL 2010 in this case).


You may follow these link for more details:

Connecting to SQL Server 2012 Express from Power Pivot - 1
http://hodentekmsss.blogspot.com/2014/01/connecting-to-sql-server-2012-express.html

Connecting to SQL Server Express 2012 from Power Pivot - 2
http://hodentekmsss.blogspot.com/2014/01/connecting-to-sql-server-express-2012.html

Wednesday, January 01, 2014

DMCA.com Protection Status