NSA open sourced a powerful software reverse engineering tool, Ghidra

WIRED: The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open Source. https://www.wired.com/story/nsa-ghidra-open-source-tool

How do you start on the path of Digital Transformation?

What is Digital Transformation?

Most of the definitions I've found are grandiose, vague and elusive at best. From an implementation perspective, the definition is, IMO, very simple:

Find better ways to use available technology.

I realize that's still pretty vague, but I have some concrete details and examples to show you how you can start addressing this challenge.

How do I start?

The best way we've found to help companies start down the path of Digital Transformation is to create a list of questions that need to be answered. Specifically, we've expanded the definition above to:

Find better ways to use available technology to provide answers to our daily/weekly/monthly questions.

Once we have at least one question that we want to answer, we can identify information or technology gaps in our current environment. For example, an extremely common question among companies is:

How many servers do we own and what is the status of each?

We've found that this seemingly simple question can cause fistfights to break out in a meeting. That's because multiple different departments have different answers, and the true answer has been an elusive quest for a number of years. The goal is to identify the data required to answer the question and the location(s) of that data if available. For example, you may have the beginning of an answer that looks like this:

For the development servers, Jim R. has a manually updated spreadsheet at location XXXX on Sharepoint. 

For the engineering servers, Nancy P. has a homegrown database that only she has access to.

For the website, we think Ashok V. has a spreadsheet that may or may not be up-to-date.

Notice that we don't actually have an answer at all, but we're identifying areas of interest that may get us the information we need. This exercise shows areas where improvement is needed. In this case, it should be apparent that some type of asset discovery and management system is needed to enable us to get a valid answer to the question. What we normally find is that the customer actually owns one (or several) tools that can provide the required function, but no one in the meeting knows about these tools. This usually leads to another question similar to:

What software do we currently own and what are the capabilities of each title?

And you have to go through the same process as above with this question. I guarantee that it will be frustrating for everyone involved, but this is the process that is absolutely required. 

Further along in the process, as new systems are introduced, the owners of those systems need to be aware of the questions that the system will need to provide answers for so that they can be architected appropriately. For example, any new online system needs to be able to provide data that can answer the following questions:

How many users are actively using the system?

How many failed transactions have occurred in the past (hour/day/week) and which users were affected?

Is the system working properly at this moment and is it accessible to all of my users?

There are literally thousands of other questions that you may have, and part of Digital Transformation is identifying those questions so that the answers can be obtained quickly. And this is where another version of my original definition comes in handy:

Find better ways to use available technology to save time.

You can come up with tons of different reasons to use technology more wisely, and they are all perfectly valid reasons for you to continuously work on your Digital Transformation.

Customizing bash command line completion

What am I talking about?

In the bash shell on Linux, you can type a character or two then hit the TAB key to get a list of the commands that start with those characters. You can do the same to complete the name of a file you're trying to edit or directory you're trying to change to. It turns out that you can customize this command line completion behavior by installing the "bash-completion" package. This package is often installed by default and has been available for several years.

What can you do with bash-completion?

You can have the TAB key complete command arguments for you. For example, the 'curl' command has tons of arguments. You can customize bash to auto-complete the parameters for you. You just need to create a specifically coded file named 'curl' in the /etc/bash_completion.d folder. Here's a great tutorial on creating these command completion scripts:

https://iridakos.com/tutorials/2018/03/01/bash-programmable-completion-tutorial.html

Even more helpful, here is a ton of them that have already been created:

https://github.com/GArik/bash-completion/tree/master/completions

If you've got a command with tons of options, you can use this to make it easier for you or your users to successfully create a working command.

You Probably Don't Need Blockchain

Here's a great article detailing some popular blockchain use cases and how they can be subverted:

https://blog.smartdec.net/you-do-not-need-blockchain-eight-popular-use-cases-and-why-they-do-not-work-f2ecc6cc2129

While reading it, note that there are often other (simpler, cheaper, more mature, more widely known) technologies out there that can solve the problems you're trying to solve.

One big example is the combination of digital signatures with an immutable data store . This captures the identities of the participants, the information provided by the participants and the timestamps of all entries.

Blockchain does have some valid use cases (e.g. cryptocurrency management), but it certainly shouldn't be seen as the best way to solve existing problems.

A collection of scripts for automating IBM APM SaaS

This is a collection of scripts from Richard Xiao for getting data out of APM Cloud:

https://github.com/xiaojias/ipm-auto/tree/master/scripts

A great video on deploying and operating Kubernetes at scale

Here's a video from Chick-Fil-A's IT team describing exactly how they use Kubernetes clusters at the edge (in each restaurant). The problems and their solutions are really intriguing.

https://www.youtube.com/watch?v=8edDcy3oeUo

Improving the QRadar to ServiceNow integration by adding QRadar event payloads to ServiceNow incident

Using the standard configuration for the QRadar/ServiceNow integration gives you some great capabilities, but some of our customers have asked for more information in the generated ServiceNow incidents. Specifically, they've asked to have the payloads from the events associated with the offense to be added to the Description of the incident in ServiceNow. This provides extensive details about the events that triggered the offense in one pane of glass so the SOC engineer doesn't have to separately open QRadar to get this information.

This can be accomplished my making some configuration changes in both QRadar and ServiceNow. I'll provide the overview here. If you would like more details, please contact me.

1. Add the offense start time to the incident description in the mapping within QRadar.
2. Create a ServiceNow business rule to parse the offense id and start time from the description whenever a new incident is created from QRadar.
3. In that same business rule, use the offense id, start time and a stop time (equal to start time +1) to submit an Ariel query to QRadar via REST to have the query run.
4. In that same business rule, parse the results of the previous REST call to get the results id, then make a second REST call to obtain the actual results, which will be the payloads of the events that caused the offense (and resulting incident) to be created.

The solution doesn't tax either system very much at all and makes life easier for the security engineer researching the issue.

Install IBM's QRadar Community Edition 7.3.1 on CentOS 7.5 instead of RHEL 7.5

IBM offers a QRadar Community Edition for free available here:

https://developer.ibm.com/qradar/ce/

The documentation states that it runs on "CentOS or Red Hat 7.5 with a Minimal install". If you're installing the OS from scratch, I would recommend that you use CentOS 7.5 (officially CentOS 7 1804) because it works much better than Red Hat. Specifically, I downloaded CentOS 7.5 from here:

http://repos-lax.psychz.net/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-Everything-1804.iso

There are smaller downloads in that same directory, but I wanted to get everything I might need. I then installed it with 16GB RAM and 8 cores and selected the "Minimal Install" option (this is the default option). I did this install under VMWare Workstation 14 Pro running on a Windows 10 laptop.

I could then directly follow the install instructions from IBM:

https://developer.ibm.com/qradar/wp-content/uploads/sites/89/2018/08/b_qradar_community_edition.pdf

What doesn't work very well or at all:

(Guess how I know these)

The QRadar install will 100% fail if you try to install it on CentOS 7.6 (1810). The prerequisite checker will tell you that 7.5 is REQUIRED.

Trying to install on CentOS 7.5 using the "Server with GUI" option fails on glusterfs* package problems.

Installing on RHEL 7.5 requires that you configure your RHEL instance to be registered with the Red Hat Subscription Manager

Integrating systems today is both easier and more complex than ever

Integrating IT systems used to require a LOT of sweat and tears just to get the plumbing configured (think of updating a SharePoint site when a new z/OS dataset is created). Today, thankfully, all of the plumbing is available and there are tons of different options for integrations. So the problem now is surveying your specific environment to identify all of the tools that people use and then architecting and implementing a solution that works well for everyone.

As an example, you may use SalesForce for CRM, ServiceNow for service desk, Maximo for asset management, Oracle Cloud for financials, AWS for some applications, Grafana for operations dashboards and Sharepoint for internal web sites (just to name a few). All of these solutions have workflow engines and connectors that can allow you to integrate them all together. But you first need to answer a couple of questions that are similar to those associated with custom application development:

Who are the people and personas that we're trying to help?

This is the most important question because the personas you identify will directly shape the solution you're implementing. And answering this question with specific personas, like "Nancy the regional sales manager" will allow you to refine additional data down the road.

What data am I interested in and which systems are the golden sources of record for that data?

We spend quite a bit of time with customers simply finding all of the systems that are being used. Normally we start small, maybe with a single department, and then we work on getting a larger and larger picture. All of our clients use numerous systems that usually have some number of overlapping functions. We try to find everything in use so we can intelligently identify the ones that may be best suited to different tasks, also taking into account the number of users who have familiarity with the different applications.

Now that you've got some questions answered, what are the options available?

This is where things get messy in a hurry, and why you want to enlist the help of an experienced enterprise architect. It used to be that you could only get a workflow engine from an expensive enterprise application. Now, most companies are already paying for multiple workflow engines and they aren't using them. For example, Microsoft offers several: Flow, Business Process Flows (in Dynamics365), and Azure Logic Apps. Those are all separate (though very similar and intertwined) workflow engines just from Microsoft. AWS has Simple Workflow Service and Step Functions. And IBM has Business Process Automation or the workflow engine in Maximo. ServiceNow has a workflow component. (As of this writing, Google Cloud doesn't offer a generic workflow engine; they have Cloud Composer, but that's a completely different animal.) And each of those has a large set of connectors, triggers and actions that allow you to automate anything you need.

So which components do you use?

This is where knowledge, experience and collaboration come together. There is no one answer that generically fits the requirements for all customers. The answer has to be developed and refined based on the needs of the customer and the project. We use an iterative approach to our implementations, where we develop/customize a little at a time, while gathering feedback from stakeholders. This is commonly referred to as the Agile Methodology, and we've found that it works very well, especially for complex integrations.

The eventual solution depends on a large set of factors, and the solution is often complex. That's why we always document our solutions in a format that's easily consumed. Sometimes that means it's a Word document with Visio diagrams, and other times it's a full Sharepoint site with attached documents - it really depends on the client.

What's the point of this post?

While it's easier than ever to connect systems together, there's still a lot of hard work that has to go into implementing solutions. And this is exactly what we at Gulfsoft Consulting do: we help customers solve complex business problems by leveraging the appropriate knowledge, processes, people and tools. No matter what software you're working with, if you need help solving a complex problem, contact us. We've got decades of experience and we keep up to date on the latest technologies, patterns and strategies.

JIRA can easily be used incorrectly

This is a great article about how JIRA can easily be weaponized for all the wrong purposes:

TechCrunch: JIRA is an antipattern. https://techcrunch.com/2018/12/09/jira-is-an-antipattern/

Like all things related to Agile, it needs to be used at the appropriate stage(s), otherwise it is just wrong.

Someone needs to have a view of the overarching goal, and that's where we fit in. Gulfsoft Consulting is a group of people who have decades of experience dealing wit it all of the details of data centers and application development, and we can help you make the right decisions. Contact us to start the conversation about your digital transformation.

With new avenues to make money come new ways for others to steal that money

I just read this article about Defy Media abruptly closing:

https://www.theverge.com/2018/12/5/18125657/defy-media-youtube-logan-paul-ryland-adams-anthony-padillo-smosh-network

I wanted to share this as a warning to all entrepreneurs out there to be diligent in vetting your partners and backers. Make sure you know what you're getting into before signing anything. And try to find a trusted adviser who you can turn to with questions about business and finances.

If you run Kubernetes in the cloud, the first major vulnerability found isn't a huge issue

The first major Kubernetes (aka K8s) vulnerability was found yesterday:

https://www.zdnet.com/article/kubernetes-first-major-security-hole-discovered/

It's a pretty big deal and quite scary, but patches were immediately available upon disclosure. What's even better is that the managed Kubernetes services running onAWS, Azure and Google Cloud Platform have all been patched already. If you're managing your own K8s clusters, however, you need to patch it yourself, which just takes time and know-how.

In my eyes, this is another data point that shows how proper use of cloud resources can be extremely beneficial to a company. Specifically, the big cloud players, especially AWS, are very similar to a highly competent and agile outsourced IT department. They have offerings that are years ahead of services that you would want to have onsite, and they've got testing methodologies in place to ensure that they're available 99.9% of the time.

It's true that there can be some issues in moving to the cloud, but many of the problems of the past now have very robust solutions that are included in the offerings. And those offerings are available on a pay-as-you-go basis in many cases. So you can easily keep tabs on exactly how much you're spending even on a per-application basis.

To ensure a successful digital transformation, contact us to get the experienced help that will put you on the right path.

A really interesting AWS DevOps job opening

I just received this email, and the job looks incredibly interesting to me. If you've got AWS and DevOps experience, please contact Bhaskar directly (contact details below):

Direct Client:: In person interview is needed. No skype/WebEx/Phone.

Location: Boston, MA

Duration: 12+ months (37.5 hrs/week)

Rate: Open

Responsibilities:

•             Help with production issues and deployments and any analytics/data science products

•             Move the team  closer to continuous deployment, improving tooling (i.e. automation) and use of infrastructure (i.e. try-test-iterate faster)

•             Setup deployment infrastructure for Mayflower, our style guide and visual component library

•             Setup deployment infrastructure for analytics and data science products, that AWS Lambda and Docker based (Goal: Reduced time to go from engagement to receiving data)

•             Create and implement a strategy to monitor Digital Services supported applications and accurately notify engineers of problems

•             Construct and maintain a Threat Model for Digital Services supported applications, and implement solutions for gaps in our security based on it

•             Develop a reusable infrastructure playbook and tooling for rapidly deploying Data Team packages to internal customers

o             Quickly standup standard environment and/or distribute or handoff work deliverables

•             Mentor the team on good DevOps practices

•             Development and deployment of RESTful APIs, including documentation

•             Setup and facilitate processes and environments for the creation of new services; this would include the creation of processes and deployments to dev, test and prod environments for the proof of concepts services developed throughout the agency.

Skills Needed

•             5-8 years of experience in the below categories

•             Experience with AWS cloud platform specifically with the following services (or equivalent services within alternative cloud-based platforms)

o             AWS CLI

o             Cloud Formation

o             Cloud Front

o             S3 management

o             RDS

o             DynamoDB

o             SNS & SQS

o             EC2 management

o             Elastic beanstalk and other auto-scaling services

o             Lambda Function (python & node)

o             API Gateway

o             AWS Route 53 and AWS Cert Manager

•             Linux terminal

•             Experience with an IaaS (preferably: Amazon Web Services)

•             Virtual machines

•             Monitor production web applications

•             People and technical process improvement/re-engineering

•             Communicating effectively

•             Continuous integration/deployment

•             Conducting technical and behavioral interviews

•             Infrastructure security practices

•             Documenting in plain language

•             RESTful APIs

•             Infrastructure automation tools

•             Amazon Web Services

•             “Serverless” architecture such as AWS Lambda

•             Microservices architecture

•             Bonus points for experience with:

o             Acquia Cloud

o             PHP

o             Drupal

o             Agile/iterative development

o             User Experience (UX) practice

o             Python

o             Ansible

o             Docker

o             Other Coding Experience

Thanks
Bhaskar

Bhaskar Nainwal
Software People Inc.bhaskar.nainwal@softwarepeople.us
Ph: 631-739-8915 © Fax: 631-574-3122

QRadar has a low cost Data Store option that lets you store and search as much data as you want

It looks like this has been around since April, but I just ran across it today. The QRadar Data Store option allows you to store as much log data as you want, without having to pay the normal EPS price. Here's more information on it:

https://www-01.ibm.com/support/docview.wss?uid=swg22009471

And a short video that talks about it:

https://www.youtube.com/watch?v=YmEKdpxADXo

It does have a cost, but it's MUCH cheaper than the normal QRadar cost, and it allows you to use the same QRadar interface to search all of your log data (rather than only your security related information).

Istio and transaction topology for serverless applications

I just watched this short video on Istio:

https://www.youtube.com/watch?v=1iyFq2VaL5Y

Basically it's microservice plumbing for Kubernetes that adds security and telemetry. So I wondered if that telemetry included topology information and found that it DOES (or it can with a plugin):

https://istio.io/docs/tasks/telemetry/servicegraph/

So in some way off future, you'll be able to "automatically" obtain topology data without having to install and manage data collectors and agents (also without asking developers to instrument their code). Kinda neat.

Every enterprise is already using serverless applications in some form or another

If you have an application that makes a call to an external application, then you're on the calling side of a serverless application. Here's a high level graphic to illustrate my point:

You essentially have no insight into how the Results are generated by the "cloud" you're accessing via IP address or hostname. So you're accessing a service, but the actual server part of that interaction is abstracted from you.

Here's a great article on the concept of "Servicefull Serverless" to go into more detail about this:

https://www.infoq.com/articles/serverless-sea-change

Now, the current definition of "serverless" leverages all kinds of possible technologies like AWS Lambda or Whisk or even Cloudflare Isolates, on top of containers and Kubernetes running in VMs (or bare iron in the case of Isolates). So it's extremely important for you to understand those components at some point, but from your view as a consumer, you're already using serverless technology.

Why employees hate their computers

I just read this article in slashdot about why doctors hate their computers:

https://science.slashdot.org/story/18/11/06/162201/why-doctors-hate-their-computers

The article really shows JUST how much it can cost do implement software incorrectly. Specifically, the process we follow includes the following questions/components to ensure that our customers have useful software once it's in production:

- Identification of ALL users of the system and their frequency of use. Once we know all of the users and how often they interact with the system, we can define priorities for each use case. For example, we would have identified doctors as high priority frequent users and ensured that their interactions with the system were the smoothest possible. There are several ways to ensure this, but one that we always require is an actual run-through of the screens with the user. This is normally difficult to schedule with the busiest users, but it MUST be done or you'll simply be burning money.

- Identification of all data to be migrated. In the case of moving to a new system (whether it's medical records, insurance claims, or anything else), ALL of the existing data must be found and must be made available in the new system in some way or another. This normally takes time, but that time is a lot less expensive BEFORE a new system goes live. Issues in a software implementation get more and more expensive to fix the farther along in the implementation, so they need to be caught early.

- For enterprise applications, "good enough" isn't. Some of the current thinking in application development and deployment says that you should get something in front of users and fix problems as they arise. This attitude is fine for a new game or small application, but it can cost money and lives in enterprise software. The people leading the implementation need to have experience in business critical applications to truly understand the cost of even a minor failure. When the cost of one minute of downtime can be measured in tens of thousands of dollars (or more!), every possible scenario has to be addressed before a production rollout.

At Gulfsoft, all of our consultants have over 15 years of experience in mission critical situations. We've worked with 911 emergency systems, satellite communications companies, large financial companies and everything in between. We know how to successfully implement large scale enterprise solutions to ensure that your employees and customers are delighted, and we can help you.

You can now use Vega to create custom graphs in Kibana

Prior to Kibana 6.2, you had to create a custom plugin to create custom visualization types. Now, however, support for Vega is included. Vega is a JSON (HJSON, actually) language that you can think of as a wrapper around the D3 visualization toolkit to allow it to display in Kibana. Here's a video with the highlights:

https://www.youtube.com/watch?v=lQGCipY3th8

IBM Announces Multicloud Manager

https://www.ibm.com/cloud/multicloud-manager

It allows you to manage containers across all the biggest cloud providers.

You can now see your LinkedIn saved articles on the desktop!

I just ran across this today, and am very happy that I can finally view the items that I save on my phone on the web version. The link to see your saved articles is:

https://www.linkedin.com/feed/saved-articles/

To save an article, you should see a little bookmark icon under all articles. Click that, and you'll get a DIC popup that tells you it's saved and give you a link to view all of your saved articles.

ITMSuper is in a new location

IBM moved the ITMSuper tool to:

https://www-01.ibm.com/marketing/iwm/iwm/web/pickUrxNew.do?source=tivopal

If you're an ITM 6.x user and you haven't used this tool, you really should download it to help with the management of your environment.