Welcome!

If everyone is thinking the same, someone isn't thinking

Lori MacVittie

Subscribe to Lori MacVittie: eMailAlertsEmail Alerts
Get Lori MacVittie via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from Lori MacVittie
In the wake of Google’s revelation that its GMail service had been repeatedly attacked over the past year the search engine goliath announced it would be moving to HTTPS (HTTP over SSL) by default for all GMail connections. For users, nothing much changes except that all communication ...
Infrastructure 2.0 enabled application delivery platforms have more than a few things in common with the Transformers. Like Autobots, there’s more to it than meets the eye. If you’re familiar with the mythology of the Transformers – and perhaps even if you aren’t – you know that the...
Cloud computing can’t assure availability of applications in the face of a physical network outage, can it? Cloud computing providers focus on providing an efficient, scalable environment in which applications can be deployed and provide for their availability with load balancing ser...
If it is, you might want to reconsider how you’re handling security, acceleration, and delivery of your applications before users “go postal” because of poor application performance. Sometimes wisdom comes from the most unexpected places. Take Jason Rahm’s status update on Faceboo...
If you’re just trading “specialized” hardware for “dedicated” hardware you’re losing more than you’re gaining.  Apparently I have not gotten the memo detailing why specialized hardware is a Very Bad Thing(TM) . I’ve looked for it, I really have, but I cannot find it anywhere. What I ...
I’m going to have to disagree with Fred for two reasons. The first is based on the rate of change and innovation in technology in the last decade that certainly points to the next decade being just as disruptive. Consider that ten years ago, in the year 2000, most of the web as it exis...
Being an efficient developer often means abstracting functionality such that a single function can be applied to a variety of uses across an application. Even as this decreases risk of errors, time to develop, and the attack surface necessary to secure the application it also makes imp...
The wrong load balancing algorithm can be detrimental to the performance and scalability of your web applications. When you’re mixing and matching virtual or physical servers you need to take care with how you configure your Load balancer – and that includes cloud-based load balancing ...
Load balancing intermediaries have long used the terms “virtual server” and “virtual IP address”. With the widespread adoption of virtualization these terms have become even more confusing to the uninitiated. Here’s how load balancing and application delivery use the terminology. ...
It sounds much more grand and lofty than it really is. To put it in layman’s terms, or at least take it out of marketing terms, aligning IT with the business is really nothing more than justifying or tying a particular IT investment or project to a specific business goal. What that mea...
In storytelling a deus ex machina is not necessarily a good thing. In fact, its use is often attributed to the author’s inability to resolve a plot point and thus divine intervention, or some other too-good-to-be-true coincidental discovery of a vital piece of information, is used to s...
In storytelling a deus ex machina is not necessarily a good thing. In fact, its use is often attributed to the author’s inability to resolve a plot point and thus divine intervention, or some other too-good-to-be-true coincidental discovery of a vital piece of information, is used to s...
Here comes St. Beaker and Santa Cloud … Twas two weeks past deployment and all through the house Echoed taps on a keyboard and clicks from a mouse The apps were all running inside VMware In hopes compute resources soon would they share. The dashboard showed statuses gr...
An e-mail exchange with Kay Kinton, a spokesperson for Amazon, on the subject of Amazon and its recent run-in with the Zeus botnet controller, raised two very interesting and valid points. First, there is a fine balance that must be maintained by providers – cloud or traditional hostin...
Like peanut-butter and jelly, cloud computing and application acceleration are just better together. Ann Bednarz of Network World waxes predictive regarding 2010 trends in application delivery and WAN optimization in WAN optimization in 2010. One of the interesting tidbits she offers...
Cloud computing environments are just as suited to illegitimate use as legitimate use. Do providers need a way to separate the chaff from the wheat to reassure enterprise-class customers that they’re doing everything they can to eliminate the hijacking of cloud computing resources for ...
A recent tweet about a free, Linux-based XML Security suite reminded me that we do not opine on the subject of XML security and its importance enough. SOA has certainly been dethroned as the technology darling du jour by cloud computing and virtualization and with that forced abdicatio...
Should the enterprise standardize on JSON or XML as their lingua franca for Web 2.0 integration? Or should they use both as best fits the application?The decision impacts more than just integration – it resounds across the entire infrastructure and impacts everything from security to p...
Before someone argues that SAJAX is a better choice I’ll include it, as well, as a “this is a great option, too” for cloud computing environments. XAJAX is strictly for PHP (which is fine for me but not for everyone) while SAJAX supports a broader range of languages and data formats – ...
While writing a separate post on the business value of public versus private cloud computing investments I specifically called out the fact that infrastructure – virtual or physical – provisioned in a cloud environment is applicable only to that cloud environment; it really can’t be sh...
The long, lost application delivery spell compendium has been found! Its once hidden, arcane knowledge is slowly being translated for the good of all web applications. Luckily, you don’t have to be Elminster or Gandalf or <insert powerful wizard you know here> to cast this spell ...
Brenda Michelson, Principal of Elemental Links, writes "elemental cloud computing" recently tweeted: "100k buys way more public, than private, cloud computing power" which started a short but inspiring conversation on the subject centering around the observation that "cloud is the gift...
Should the next generation management of network and application network devices look and act more like Facebook and Twitter? Infrastructure 2.0 could take us there. Y ou may think I’m kidding and certainly I make this proposal with some amount of humorous intent, but there is some v...
Certainly no one would seriously argue that web applications are fast enough for everyone. SPDY is one suggested solution, but what if we combine MapReduce and SPDY? Could we develop an architectural solution that leverages the best of SPDY without requiring entire infrastructure chang...
With any luck I am already AFK for a visit with Don’s mother and his family for Thanksgiving. And I’m really (really, I swear) going to be AFK (away from keyboard) for the entire time. Really. I’m serious this time, stop looking at me like that. Ever heard of “pre-publishing?” So w...
Ever wonder why requests coming through proxy-based solutions, particularly load balancers, end up with an IP address other than the real client? It’s not just a network administrator having fun at your expense. SNAT is the question – and the answer. SNAT is the common abbreviation f...
The long, lost application delivery spell compendium has been found! Its once hidden, arcane knowledge is slowly being translated for the good of all web applications. Luckily, you don’t have to be Elminster or Gandalf or <insert powerful wizard you know here> to cast this spel...
How many times have you seen an employee wave on by a customer when the “security device enclosed” in some item – be it DVD, CD, or clothing – sets off the alarm at the doors? Just a few weeks ago I heard one young lady explain the alarm away with “it must have be the CD I bought at th...
Google’s desire to speed up the web via a new protocol is laudable, but the SPDY protocol would require massive changes across networks to support ArsTechnica had an interesting article on one of Google’s latest projects, a new web protocol designed to replace HTTP called SPDY. ...
Whenever keys, certificates, and PKI enter into a security solution’s architecture the solution almost always becomes overly complex. DNSSEC is no exception, but it doesn’t have to be. DNS plays a role in every application on the Internet. It is the 411 of the Internet, essentially, ...
The question is whether that impact is positive (a reduction) or negative (an increase). One of the biggest threats to data integrity is the introduction of malicious content via SQLi (SQL Injection) attacks. Traditional database access methods don’t provide a lot in the way of valid...
These three things have a lot more in common than you might think and all three tend to evoke similar levels of frustration. A very real problem women face when shopping is this: no two brands define a size the same. If you usually wear a size 8 in “Brand X” you might actually wear a...
When you look at the success of some very proprietary solutions and the loyalty with which customers defend them, you have to wonder if vendor lock-in is really as bad a thing as we sometimes make it sound. The subtext in the discussions around data portability and interoperabilit...
No, not the kind you do on Facebook when you’re really, really tired but the kind defined as a means to reduce power consumption without affecting application performance or availability by eliminating non-essential processing and networking whenever possible.  An article on “Drow...
Microsoft has made some fairly substantial changes to the core architecture of Exchange 2010. Given that messaging can only be described as business critical today, it’s no surprise that many new aspects of Exchange 2010 and in particular its new architecture are designed to improve a...
Cloud computing management functionality and standards are right now laser-focused on virtual machines, and most APIs include the ability to stop,start,launch,etc…at that level of the infrastructure. This is because the application is still insulated by its virtualized environment. The...
Yesterday the blogosphere, twittosphere, and other-spheres were abuzz when a new TLS renegotiation man-in-the-middle attack was disclosed. Interestingly enough, while we were all still reading about it and figuring out all the nuances, one of our own DevCentral members was out imp...
While you spend your time arguing over where application security belongs, miscreants are taking advantage of vulnerabilities. By the time you address the problem, they’ve moved on to the next one. Dmitry Evteev @ Positive Technologies Research has discovered (yet) another method of ...
Infrastructure 2.0, from a purely developmental standpoint, is about APIs. It’s about offering up the functionality and capabilities of a wide variety of infrastructure – network, storage, and application network – to be externally controlled, integrated, and leveraged for whatever pur...
Brute force attacks by spammers seeking easy access causing frustration for users with no resolution in sight At least once a day I see someone on Twitter broadcast that they have been “locked out of their Twitter account, temporarily.” A search for “locked out” returns thousands of ...