Delicious dessert blog

Married to Chocolate

Subscribe to Married to Chocolate: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Married to Chocolate: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

The notion of Elastic Load Balancing, as recently brought to public attention by Amazon’s offering of the capability, is nothing new. The basic concept is pure Infrastructure 2.0 and the functionality offered via the API has long been available on several application delivery controllers for many years. In fact, looking through the options for Amazon’s offering leaves me feeling a bit, oh, 1999. As if load balancing hasn’t evolved far beyond the very limited subset of capabilities exposed by Amazon’s API. That said, that’s just the view from the outside. Though Amazon’s ELB might be rudimentary in what it exposes to the public it is certainly anything but primitive in its use of SOA and as a prime example of the power of Infrastructure 2.0. In fact, with the exception of GoGrid’s integrated load balancing capabilities, provisioned and managed via a web-based interfa... (more)

Behind the Scenes, SANta Claus Global Cloud Story

Cloud Expo New York There is a ton of discussion, stories, articles, videos, conferences and blogs about the benefits and value proposition of cloud computing. Not to mention, discussion or debates about what is or what is not a cloud or cloud product, service or architecture including some perspectives and polls from me. [Santa Photo Via ABC news] Now SANta does not really care about these and other similar debates I have learned. However he is concerned with who has been naughty and nice as well watching out for impersonators or members of his crew who misbehave. In the spirit of the holidays, how about a quick look at how SANta leverages cloud technologies to support his global operations. Many in IT think that SANta bases his operations out of the North Pole as it is convenient for him to cool all of his servers, storage, networks and telecom equipment (which ... (more)

Following Google's Lead on Security? Don't Forget to Encrypt Cookies

In the wake of Google’s revelation that its GMail service had been repeatedly attacked over the past year the search engine goliath announced it would be moving to HTTPS (HTTP over SSL) by default for all GMail connections. For users, nothing much changes except that all communication with GMail will be encrypted in transit using industry  standard SSL, regardless of whether they ask for it by specifying HTTPS as a protocol or not. In the industry we generally refer to this as an HTTPS redirect, and it’s often implemented by automatically rewriting the URI using a load balancing / application delivery solution. Widely regarding as a good idea, and I’m certainly not disagreeing with that opinion, SSL secures data exchanged between the client and the server by encrypting every request and response using a private/public key exchange. This is a Good Idea and the gener... (more)

DevCentral Top5 01/22/2010

Wow! What a whirlwind it's been the past few weeks. Between holidays and vacation and people traveling out of town, it's been an absolute zoo around here. Though I've been out the past week or so there has been an avalanche of content. I've hemmed and hawed and finally managed to slim my picks down to just five, though there are at least a dozen awesome things worth checking out on DevCentral in the past week or so. So don't be shy, get out there and poke around for yourself. For now, though, here are my top 5 picks for the week: v10.1 - The table Command - The Basics http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=2375 The new table command introduced in 10.1 is so hawesome and powerful it's hard for me to decide where to even begin describing the grandeur that is the table command. I've decided to begin at the beginning, and point y... (more)

REST API Developers Between a Rock and a Hard Place

A recent blog on EBPML.ORG entitled “REST 2010 - Where are We?” very aggressively stated: “REST is just a "NO WS-*" movement.” The arguments presented are definitely interesting but the most compelling point made is in the way that REST APIs are constructed, namely that unlike the “ideal” REST API described where HTTP methods are used to define action (verb) and the path the resource (noun), practical implementations of REST are using a strange combination of both actions (verbs) and resources (nouns) in URIs. What this does is simulate very closely SOA services, in which the endpoint is a service (resource) upon which an action (method) is invoked. In the case of SOAP the action is declared either in the HTTP header (old skool SOAPaction) or as part of the SOAP payload. So the argument that most REST APIs, in practice, are really little more than a NO WS-* API is fa... (more)

Amazon Makes the Cloud Sticky

Stateless applications may be the long term answer to scalability of applications in the cloud, but until then, we need a solution like sticky sessions (persistence) Amazon recently introduced “stickiness” to its ELB (Elastic Load Balancing) offering. I’ve written a bit about “stickiness”, a.k.a. what we’ve called persistence for oh, nearly ten years now, before so I won’t reiterate again but to say, “it’s about time.” A description of why sticky sessions is necessary was offered in the AWS blog announcing the new feature: Up until now each Load balancer had the freedom to forward each incoming HTTP or TCP request to any of the EC2 instances under its purview. This resulted in a reasonably even load on each instance, but it also meant that each instance would have to retrieve, manipulate, and store session data for each request without any possible benefit from lo... (more)

New York City : Blueprint for Cloud-enabled economic transformation

The two most fundamental requirements of any new technology investment will be covered in our upcoming webinar this week, ‘MaaS’ – Municipality as a Service. Ultimately ROI planning boils down to asking how will this new investment enable our organization to save money, and to make money? MaaS offers the potential for both, and via reviews of case studies like the City of New York, we will be showcasing what the innovation leaders are pioneering to achieve these goals. ITaaS How it will save money is a very easy answer for Cloud services, headlined under the banner term of “ITaaS”, standing for ‘IT as a Service’. Moving from a ‘buy and own your hardware’ approach to IT to a service-centric one will transform the cash flow requirements of your organization and present multiple opportunities for cost saving. Recently Cisco explained this effect in their recent white pa... (more)

HTML5 WebSocket Security is Strong

This is a two-part blog post that discusses HTML5 WebSocket and security. In this, the first post, I will talk about the security benefits that come from being HTTP-compatible and the WebSocket standard itself. In the second post (coming soon) I will highlight some of the extra security capabilities that Kaazing WebSocket Gateway offers, things that real-world WebSocket applications will want to be fully secure. A WebSocket connection starts its life as an HTTP handshake, which then upgrades in-place to speak the WebSocket wire protocol. As such, many existing HTTP security mechanisms also apply to a WebSocket connection — one of the reasons why the WebSocket standard deliberately chose the strategy of being HTTP compatible. Unified HTTP and WebSocket Security Thanks to the HTTP/WebSocket unified security model, the following is a list of some standard HTTP securit... (more)

How to Ensure Scalability as Complexity Drives Consolidation

Pop quiz time. Given three sets of three items each, how many possible combinations are there when choosing only one from each set? Ready? Go. If you said “27” give yourself a cookie. If you said “too [bleep] many”, give yourself two cookies because you recognize that at some point, the number of combinations is simply unmanageable and it really doesn’t matter, it’s too many no matter how you count it. This is not some random exercise, unfortunately, designed to simply flex your mathematical mental powers. It’s a serious question based on the need to manage an increasing number of variables to ensure secure access to corporate resources. There are currently (at least) three sets of three items that must be considered: User  (employee, guest, contractor) Device (laptop, tablet, phone) Network (wired, wireless, mobile) Now, if you’re defining corporate policy based on... (more)

Hackers Are Not the Only Ones Robbing You

Big security vendors have been pushing the same technology for over 25 years. Yet every day these technologies are proven to be ineffective and easily breached. If you’re in charge of security at your company and you’re using anti-virus and tokens and you think you’re safe, this is your wake-up call. Week after week of reported security breaches should be forcing businesses to re-evaluate the methods they use to prevent these now routine occurrences. Most recently, a team of scientists produced a report explaining how they extracted a key from an RSA token in just 13 minutes, exacting the passcode simply by prying open what looks like a USB thumb drive. This is what the world’s largest tech security vendor has in its arsenal? They sell tokens because it makes them a lot of money and they don’t have anything better to protect you with. Tokens are older technology th... (more)

Improving Your Social Skills: Top Social Media Tools

When we were little we were taught not to brag; not to call our friends early in the morning or after bedtime; and not to keep secrets. These childhood social skills – along with others – helped us maintain a positive image. In the world of social media, these rules still apply. If your profile posts only promote your products and services, your audience is already bored. If you’re making your posts while your target industry is otherwise engaged, they’ve quit listening. And if you’re using links in your posts that don’t guarantee arrival at a safe, virus-free destination, they’re not going to click. Quit bragging. Of course you are supposed to use your social media outlets to promote your goods and services and the happenings in your company. But if that’s all you’re posting, you’re a shameless self-promoter. And company profiles that share interesting industry ne... (more)