* Posts by Softsuit

2 publicly visible posts • joined 14 Dec 2020

OVH data centre destroyed by fire in Strasbourg – all services unavailable

Softsuit

Re: Who knew data centres were flower boxes?

Water systems come in different flavors. Dry and Wet. It is hard to test a dry system. When a dry sprinkler system goes off, the pressure in the pipes drops, a valve opens, and water flows through the pipes and out to extinguish the fire. The whole system is dry until an Automatic or manual valve is open. Pretty expensive bauble to have break and possible single point of failure. If you water the servers and the wrong time. You have to plant new Servers. ;-)

US Treasury, Dept of Commerce hacks linked to SolarWinds IT monitoring software supply-chain attack

Softsuit
Pint

Three Things to consider about this Solar Winds Hack

BUF: The software package was too big to fail. To many security fences provided by one vendor. Break it up or source the software differently.

Bullet 1) The note on Solar Winds stock drop. Keeping the stock competive has probably been cause for Lean Sig Sigma being applied to the Coders and Compliance Branches processes.

Bullet 2) Coders not filing their Test Compliance Reports (TPS) and generally showing poor coding practices. Think Boeing and their Space Capsule. Dynamic Link Libraries (DLL) are god’s gift to the coder. You just add a Library and call it fixed. It is'nt really a Box set program review. Dynamic Link Libraries are just a repository for actions in the as built program. I bet you a dollar to a doughnut the library has been creeping in size instead of a whole code rebuild.

Bullet 3) Compliance is in charge of the code base validation and integrity processes. One part of Validation is certificates for the code. Probably just a fancy word for an MD5 hash of the DLL that was recompiled and added into the check of the entire module’s MD5 Hash. The integrity is real gritty stuff when you are using a modification / monitoring tool like Solar winds. What are the compliance metrics being checked. I’d be interested to see the work breakdown statement on the compliance portion. IMO I’d check my Remedy for the audits after checking its integrity.

Jeesh