OSS: SOC, Benchmarks, Mozilla, and Databases
#HowTo Cut Costs in the SOC
This is also a good opportunity to revisit your packet capture solution, where your spending should be focused on hardware and storage. If you’re paying for expensive software licenses as well, check out open source alternatives like Moloch.
[...]
Look for open source alternatives
Whether it’s replacing a point security tool or simply augmenting what you have, try to periodically justify the cost of your commercial tools. Open source projects for blue team have come a LONG way in the last few years, and many of them now rival (or, in our opinion, exceed) the capabilities of expensive commercial tools.
Conduct an analysis of alternatives for your big-ticket items on an annual or semi-annual basis. That way, you’ll always have a recent justification for the money you’re spending, and you’ll stay aware of potential challengers. Mitre has posted some guidance on Analyses of Alternatives (AoAs) here. Just keep in mind the total cost – do you have, or can you create, the engineering talent to manage new or open source tools?
Phoronix Test Suite 9.6.1 Released For Cross-Platform, Open-Source Benchmarking
One month after the big Phoronix Test Suite 9.6 release, Phoronix Test Suite 9.6.1 is out as the first and only planned point release to this quarter's feature series.
Phoronix Test Suite 9.6.1 comes with some export improvements, continued tweaking of the new (PTS9) results viewer, a new phoronix-test-suite rebuild-test-suite sub-command, reporting of more perf events via the LINUX_PERF module, external dependency updates, and more. On the Phodevi (Phoronix Device Interface) front are improved detection of newer Arm Neoverse cores, Sway compositor version detection, and better CPU model handling on newer Apple Mac computers.
Mozilla Mornings on advertising and micro-targeting in the EU Digital Services Act
On 4 June, Mozilla will host the next installment of Mozilla Mornings – our regular breakfast series that brings together policy experts, policymakers and practitioners for insight and discussion on the latest EU digital policy developments.
How Redis scratched an itch — and changed databases forever
Why would you ever write a new database? Particularly an in-memory database, which, back in 2009, made zero sense to the ruling database class of the time. Salvatore Sanfilippo didn’t really care. He wasn’t trying to change anyone’s minds about what a database should be. He just needed to scale a real-time analytics engine, and MySQL couldn’t do so cost-effectively.
[...]
In the early days of open source, some of the more well-known projects like Linux and MySQL tried to copycat the functionality of their proprietary, expensive peers (like Unix and Oracle). Over time, these (and other) projects have trended toward innovative, rather than imitative. At the same time, there were always projects, like Redis, that broke new ground or trod old ground in new ways that dramatically expanded the universe of users.
And often they started with one person’s “itch.”
For example, Daniel Stenberg just needed to be able to download and transfer currency rates for fellow IRC users, but there wasn’t a good way to do that. So he built Curl, which now boasts billions of users. In fact, you probably use Curl every day without knowing it.
Why I'm enjoying learning Rust as a Java programmer
It's been a long time since I properly learned a new language—computer or human. Maybe 25 years. That language was Java, and although I've had to write little bits of C (very, very little) and JavaScript in the meantime, the only two languages I've written much actual code in have been Perl and Java.
I'm a co-founder of a project called Enarx, which is written almost entirely in Rust. These days I call myself an "architect," and it's been quite a long time since I wrote any production code. In the lead-up to Christmas 2019, I completed the first significant project I've written in quite a few years: an implementation of a set of algorithms around a patent application in Java. It was a good opportunity to get my head back into code, and I was quite pleased with it.
Here are some of my thoughts on Rust, from the point of view of a Java developer with a strong object-oriented background.
