The headline on 31 July 2020
Term of the Day: Four Eyes Principle
The four eyes principle is a workflow requirement that specifies two individuals must approve some action before it can be taken.
In a business context, the four eyes principle is often required for contract approval. Although neither individual might detect all errors, two readers are likely to miss different things so that, collaboratively, they will catch more mistakes.
In a refinement of the basic principle, random rotation of authorized individuals may be required to serve as the second pair of eyes. This is so it cannot be known with any certainty which two individuals will be dealing with a given approval.
Here are a few other examples of the four eyes principle at work:
- Pair programming uses the four eyes principle to review code changes.
- Some data management systems require that important record updates be approved by two separate people before the data is committed.
- Banks sometimes designate special ‘four eyes zones’ in which two people must be present and within each other’s line of vision at all times. Continue reading about the four eyes principle…
The headline on 29 July 2020
Ask Woody is no-nonsense news, tips and help site for Windows, Office and more. You can post questions about Windows 10, Win8.1, Win7, Surface, Office or browse through their forums.
Gitea is an open-source solution designed to provide the easiest, most-painless way to set up a self-hosted Git service. In addition to version control, it offers collaborative features like bug tracking and wikis. Supports Linux, macOS and Windows, on architectures like amd64, i386, ARM, PowerPC and others.
tinc is a VPN daemon that uses tunnelling and encryption to create a secure private network between internet hosts. Appears to the IP-level network code as a normal network device, so you don’t need to adapt any existing software.
Enterprise Dish is a podcast for IT pros that features industry experts, the latest trends plus analysis on what is happening in data center and productivity environments. Episodes run 20-30 minutes long, so fairly digestible. It generally has a Microsoft focus, but it’s still applicable for general IT.”
Term of the Day: Ransomware recovery
Ransomware recovery is the process of resuming operations following security exploit in which the attacker encrypts the victim’s data and demands financial payment for the decryption key. Fast recovery time is one of the most important aspects of ransomware recovery. Even if an organization refuses to pay a ransom because they know they can restore data from an unencrypted backup, the cost of downtime can result in lost revenue and reputational damage. When testing a ransomware recovery plan, it is important for administrators to schedule backups that run frequently; this will ensure that any data loss during the restore process will be acceptable.
Organizations that follow the 3-2-1 rule of backup are often in a good position to recover data in a timely manner after a ransomware attack without having to pay a ransom. This type of layered backup strategy ensures there are always three copies of recent data, on at least two different media types, with at least one copy air-gapped and stored offsite or offline.
The headline on 28 July 2020
Term of the Day: Microlearning
Microlearning is an educational strategy that requires complex topics to be broken down into short-form, stand-alone units of study that focus on a single learning objective. The goal of microlearning is to create instructional modules that close a specific skill or knowledge gap and can be viewed as many times as necessary, whenever and wherever the learner needs them.
Scientific research suggests that a self-directed, modular approach to talent development improves knowledge retention. It also empowers employees by giving them the opportunity to build new skills in the context of the job they are being paid to do, without having to take time away from their job to go to training.
Although microlearning is most often associated with independent learning, modules can also be strung together to create guided learning experiences for individuals or small groups. The convenience of microlearning, from both the learner and the educator’s point of view, has made this type of instructional delivery very popular for delivering security awareness training in corporate learning environments.
Microlearning modules typically reside in a knowledge base library and are tagged with metadata for easy search, access and reuse. Having the ability to easily update learning modules is an important concern for educating employees in highly regulated industries such as finance and healthcare because information can change quickly.
The headline on 25 July 2020
Term of the Day: Serverless Computing
Serverless computing is an event-driven approach to cloud application design and deployment. This approach to software development does not eliminate servers, it only moves them into the background during the design process. In a serverless computing deployment, the cloud customer only pays for resource usage and there is no charge when an application sits idle.
The name serverless is meant to emphasize the idea that computing resource considerations can be moved into the background during the application design process. Developers can drop in code, create backend applications, create event-handling routines and process data – all without worrying about servers, virtual machines (VMs) or the underlying compute resources because the actual hardware and infrastructure involved are all maintained by the provider.
One of the biggest challenges of serverless computing is that the top three cloud vendors (AWS, Microsoft and Google) do not make it easy for customers to migrate serverless cloud applications between platforms. In response, many developers have turned to open source technologies to build serverless frameworks that can run on any public or private cloud platform.
ExaBGP transforms BGP messages into plain text or JSON, so they can be handled by simple scripts or by BSS/OSS. Helps improve service resilience and protect against network or service failures—for example, providing cost-effective DDOS protection. It can be used to take advantage of the flow balancing capabilities of modern routers and watch for network changes by RIPE or other networks with GIXLG.
The headline on 23 July 2020
Term of the Day: Full-stack Developer
A full-stack developer is an information technology (IT) professional who has working knowledge of the programming languages and supporting architectures used in web development. Traditionally, software engineers who worked in web development specialized on one part of a website or web application either front-end (visitor-facing) or back-end (server-side) developers.
Today, full-stack developers are in high demand in organizations that have adopted DevOps, because they are able to work with both server-side and visitor-facing code. DevOps is a cultural movement that seeks to break down the silos that often exist between production and operations teams.
Term of the Day: CloudOps
Cloud operations (CloudOps) is the management, delivery and consumption of software in a computing environment where there is limited visibility into an app’s underlying infrastructure. Migrating applications to the cloud bring its own benefits, including freeing up internal infrastructure. However, what’s moved to the cloud still must be managed and while the administrative tasks required to maintain cloud-based applications are relatively the same as managing them on-site, their IT controls may be quite different.
There are four important concepts that will help admins maintain optimal operations in the cloud:
- Abstraction: administrators should decouple management from the underlying infrastructure as much as possible so that all container and VM images can be managed through a single pane of glass.
- Provisioning: administrators should allow cloud users (including applications) to request and immediately receive additional compute, storage and network resources when needed.
- Policy-driven management: administrators should require the creation and enforcement of documented procedures that place limits on what end-users and applications can do in the public cloud.
- Automation: administrators should use machine learning and If This, Then That (ITTT) principles to automate workflow in the cloud as much as possible.
The headline on 22 July 2020
Shortcut to create a new Google Drive document: In the address bar of your browser, type “sheet.new”, “doc.new” or “slides.new” to automatically open a new, untitled document of the type specified.
The DigitalOcean community offers thousands of free tutorials on the basics of many applications, tools and systems for developers and sysadmins. New content is added regularly.
tcpdump is a command-line packet analyzer for Linux/Unix networks. This network monitoring/management utility captures and records TCP/IP data on the run time. Provides statistics for the number of packets received and captured at the operating node for network performance analysis, debugging and diagnosing network bottlenecks and other issues. Descriptions of packet content are available in several formats, depending on the command used.
Iron Sysadmin is a podcast featuring expert sysadmins covering all manner of topics of interest in their field. Since 2016, Iron Sysadmin has been covering the latest industry news, ideas, strategies, and chat—always with a focus on the practical needs of real-world sysadmins.
Making a quick mockup for your newsroom website or app? You’re so going to need some random profile pics.
Google Docs and Grammarly now integrate with each other in even better ways. As you write in a Doc, a sidebar “will recommend tweaks based on three color-coded categories: clarity, engagement and delivery.” The clarity comes free; you need a Grammarly premium account for the engagement and delivery upgrades to your writing.
Term of the Day: Data storytelling
Process of translating data analyses into layman’s terms in order to help line-of-business (LOB) decision-makers connect the dots and understand the context and importance of the data that is being shared. A data story should:
- Allow the audience to quickly grasp and absorb the meaning of the data.
- Provide the audience with information in a way that is believable and easy to understand.
- Inspire audience members to share the data story with others.
- Encourage audience members to take action.
Experts often describe data storytelling in traditional storytelling terms, which includes a “hook” that will capture the listener’s attention and a narrative the listener is able to relate to personally.
Term of the Day: Business Process Mapping
Business process mapping is the visual display of all steps required to accomplish a specific organizational goal. Organizations typically use business process mapping in order to:
- Gain visibility into existing processes.
- Identify steps where technology can be used to simplify work.
- Improve communication between stakeholders responsible for completing specific organizational goals.
Business process maps use flowchart symbols to indicate different parts of a process. For example, an oval is used to indicate the start and finish points, and diamonds are used to represent a decision point in the process.