Pages

Wednesday, June 27, 2012

IT Roles Facing Extinction

This is a nice article that I wanted to share with everyone.


For years IT has understood itself as strictly a support service that responds to, instead of enacts, innovative change. In the future, IT leaders will face a host of multi-dimensional challenges as global business increases in technological complexity. Some of the challenges include harnessing mobilization and employees' use of social media for business, developing both employee- and customer-facing business applications, streamlined analysis of big data, increased adoption of virtualized servers and storage, and streamlining cloud support, to name a few.
A number of analysts believe that the nut-and-bolts programming and easy to document support jobs will go to third-party providers outside the U.S. In its wake will be a need for IT workers with versatile skill sets not normally found within IT. Abilities such as project management (for intricate, multi-tiered IT projects), public speaking (for interfacing both with corporate business and clients), and mathematical expertise (for engineering and development tasks) are just some of the IT skills that will be in demand in the near future.
It will not only be a diversity of necessary skills, but where those skills can be used that will be crucial. For example, application development skills will be instrumental for those working in the service provider sector, software development area, or on IT teams within large or small organizations.
In the future, IT will be outward focused, business-centric, and business-enabling instead of simply a stop-gap, support service. IT will become a multi-pronged enabler for clients as well as an active agent for marshalling the power of technological innovation toward increasing a company's ROI to gain a competitive advantage. In this regard, business-facing expertise and skills will be on equal footing with tech-based knowledge.
Today, there's a huge amount of focus on getting more efficiency using virtualization, the cloud, Web 2.0, networking, and mobility. Better efficiency and innovation will reduce the number of technicians needed for certain tasks within the datacenter. Going forward, IT teams and organizations within mid-size and larger corporations will be smaller in size. This will all be due in equal measure to automation; trends such as virtualizing servers, storage, and desktops; access to cloud-based services; outsourcing beyond the U.S.; and the migration away from IT-based occupations.
It's safe to bet that the pure technology positions will steadily diversify as complexity within the datacenter increases. This will include roles such as business-enterprise architects, business technologists, systems analysts, network designers, systems auditing, and project managers, including more rounded skills that expand knowledge bases and challenge traditional IT comfort zones.
The following are some of the key areas where traditional IT administration skill requirements will be changing and where some skills will become obsolete.

I. Programming

While coding and basic programming will be outsourced beyond the U.S., essentially for software that can run only on the PC, mobile programming is poised to take huge strides. This includes writing code specific to the operating systems for Android, Apple, and Windows Phone 7, among others. In the near future, the mobile market is set to dwarf the PC market in sales. This means traditional programming languages, such as Cobol, Delphi/Object Pascal, and Transact-SQL ColdFusion, are examples of older languages being phased out. Even tried-and-true Flash development is being eliminated. Taking their place, skills in languages such as the following will be increasingly in demand: MS.net, Python, Ruby, HTML5, RESTful Web Services, Javascript, and JQuery.

II. Datacenter

In terms of basic networking, a number of traditional IT operations will be superseded by higher-level skills or eliminated altogether. Typical network administrator tasks such as wiring and coupling blade servers, updating and installing patches, or provisioning storage will be outmoded skills due to new advancements that are already taking place. These include cloud sourcing for additional CPU power and storage allocation. Server and desktop virtualization will reduce the need for multiple administrators because automation and centralized management will enable a single individual to handle the tasks. This has already begun taking place, but we will see it occurring on a much greater level as these processes take a firmer hold in every datacenter.
In the area of communications, the consolidation trend continues. Instead of traditional telephony, Unified Communications (UC) represents a paradigm shift similar to what's occurring in other technologies. UC combines presence, VoIP, IM, email, and conferencing into a single comprehensive service. Gone are the service technicians responsible for rewiring and maintenance. UC makes those skills unnecessary. In the future, one or two systems analysts will centrally handle communication implementation and flow from within the datacenter.

III. Data Technology

The exponential increase in data in the future has often been commented on. With the rise in mobilization, and all its attending media features, we will not only be producing more data, but companies' demand for that data will increase as well. Business success will hinge on an organization's ability to make sense of their accrued data and using it to achieve key strategic goals. With that will be the need for analysts who can identify and predict trends ahead of the competition as well as defining what data is needed and where to get it. This is just one example of technical capabilities being combined with business savvy and know-how to produce actionable results. Gone are the SQL database administrative duties. The ability to blend the unstructured (big data) with the structured (business interests) represents a unique skill set that illustrates that convergence of abilities that will be in greater demand.
An IT professional who has the technology background to offer abstract skills (math, engineering) as well as an ability to interact effectively with the business and service sector (public speaking, interpersonal skills) combined with the intangible (imaging and visualization, imagination) represents key attributes for the successful data technologist. These technicians can build meaningful, structured results out of often incoherent piles of data.

IV. Security

The 24/7 business cycle requires company infrastructures to always be up. Losing a day in transactions due to a security breach can be substantial in dollars, not just in the loss of credibility. Add to the mix the increase in mobile workers accessing company networks and the increase in the number of surface vectors has serious repercussions. Distributed Denial of Service (DDoS) attacks, malware run amok (Stuxnet, Flame), and cyber criminal concerns require the right security infrastructure architects to build alerting technologies, in-line defense tools, and systems designs that can repel such attacks. A number of companies will resort to third-party security providers as well as rely on cloud-based security services.
While security management skills will become increasingly important, these providers of cloud-based SaaS services will inherently provide efficient protection features, and mobile platforms will also offer better security. Within organizations, gone are the traditional back-up and recovery skill sets which will be relegated to third-party providers. According to David Foote, president and CEO of research firm Foote Partners LLC., "Securing information.will change in 2020, when companies will cast an even wider net over data security-including the data center, Internet connectivity, and remote access."
Gone are the technicians who relied on security standardization, procedures, and auditing. Moving forward, security will be less about constructing layers of standardized controls within the perimeter. It will demand a careful, nuanced approach and smart solutions. New skills include those such as virtualization technologies, centralized managing capabilities via maturing dashboard tools, data mining, and the ability to implement management tools in a company's public or private cloud. 

Wednesday, June 20, 2012

Average US rate on 30-year mortgage rises to 3.71 pct.; 15-year up to 2.98 pct (Washington Post)

I've been house hunting for past couple of weeks so haven't been able to post new blogs. But I got to know about the interest rates today and thought of sharing with you all. 

In the meanwhile, if you are a first time home buyer and have any questions to ask in regards to property, location, best time to buy, negotiating the price, arranging money for down payment, home inspection, or loan process, etc then please feel free to post questions here.

WASHINGTON - Average rates on fixed mortgages rose this week, the first increase in seven weeks. But mortgage rates remain near historic lows, boosting prospects for home sales this year.
Mortgage buyer Freddie Mac said Thursday that the average rate on the 30-year loan increased to 3.71 percent. That's up from 3.67 percent last week, the lowest since long-term mortgages began in the 1950s.
The average rate on the 15-year mortgage, a popular refinancing option, rose to 2.98 percent. That's up from 2.94 percent last week, also a record low.
The rate on the 30-year loan has been below 4 percent since early December. Low rates are a key reason the housing industry is showing modest signs of a recovery this year.
In April, sales of both previously occupied homes and new homes rose near two-year highs. Builders are gaining more confidence in the market, breaking ground on more homes and requesting more permits to build single-family homes later this year.
Low rates could also provide some help to the economy if more people refinance. When people refinance at lower rates, they pay less interest on their loans and have more money to spend.
Still, the pace of home sales remains well below healthy levels. Economists say it could be years before the market is fully healed.
To calculate average rates, Freddie Mac surveys lenders across the country on Monday through Wednesday of each week.
The average does not include extra fees, known as points, which most borrowers must pay to get the lowest rates. One point equals 1 percent of the loan amount.
The average fee for 30-year loans was 0.7 point, unchanged from last week. The fee for 15-year loans also was unchanged at 0.7 point.
The average rate on one-year adjustable rate mortgages slipped to 2.78 percent from 2.79 percent last week. The fee for one-year adjustable rate loans was 0.5, up from 0.4.

Monday, June 11, 2012

Pay-as-you-go service with iphone


Recently Sprint announced its plans to sell iphone in its pay-as-you-go business. The users of  pay-as-you-go  plans usually get cheap flip phone or intermediate level smartphones or blackberry devices. This news opens up options for users to buy a high end smartphone device such as apple and still be on a  pay-as-you-go plan.

This move by Sprint and Apple indicates couple of things:-

1. Nearly 40 % of Apple's revenue is from iphone. iphone is the most sought after device on the planet today and Apple knows the potential of the product. But most of the users today already have a smartphone (either Android or iphone or blackberry, or something else). So the only market where iphone could be sold was the  pay-as-you-go segment where, as I mentioned earlier, consumers don't have much choice when it comes to selecting a good phone.

2. Sprint may offer unlimited data plan (with no contract) at about a third of the cost what major players like ATT or Verizon offer. Sprint however may charge the full $649 amount for the 16GB iphone compared to $200 which ATT and Verizon charge. However ATT and Verizon make money through the 2 year contract period by charging more for the data plan usage.

3. There was no hardware change between iphone 4 and iphone 4S. So, Apple trying to sell off its iphone 4/4S inventory indicates that iphone 5 might have a different design than its predecessor and might be released by the end of this year or early next year. 

Windows Update error

Sometimes when updating my old Windows XP or 2003 system with Windows update, I receive the following error message:-

"Network policy settings prevent you from using this website to get updates for your computer"



To resolve this error, do the following:-

1. Stop the Windows Automatic Update Service
2. Goto C:\Windows\System32 folder
3. Rename the "SoftwareDistribution" folder to "SoftwareDistribution_Old" or to some other name.
4. Check all the GPO policies related to Windows Update and make sure that they are (if any) set to "not defined"
5. Search through the registry and delete any keys with "NoWindowsUpdate" or "DisableWindowsUpdateAccess".
6. Start the Windows Automatic Update service.

Fix SSL Vulnerability Part 3 of 3: Using IIS Crypto tool to disable weak ciphers and protocols

As a webserver administrator/systems administrator, you must ensure that your webserver is using strong ciphers and protocols. Your webserver can easily be flagged for vulnerabilities if you use weak ciphers and protocols. Your webserver would then be not compliant with your organization's security policies and could be vulnerable to network security hacks. 

You may receive "Web Server Supports Weak SSL Encryption Certificates" message on your network security vulnerability report if you are using weak ciphers or protocols. Enforcing the 128-bit SSL keys might not be possible in all situations because keys distributed by some vendors use 40-bit. When configuring SSL communication, the recommendation is to use SSLv3 since it fixes most of the flaws found in SSLv2. There is no known attack for breaking SSLv3 security.

There are lot of other vulnerabilities associated with SSLv2 and TLS 1.0, TLS 1.1 protocols. If you search other places, you would find tons of ways to disable vulnerable protocols in Windows registry editor etc. I recently came across "IIS Crypto" software which helps disable weak ciphers and protocols through a GUI interface.





To enable/disable the protocols/ciphers, click the "PCI" or "FIPS 140-2" button and then manually check/uncheck the protocols and ciphers that you want to enable. A restart of the Operating System is required before the settings can come into effect.

Fix SSL Vulnerability Part 2 of 3: How to ensure which protocol your server is using?

To check the protocol that your web server is using for https type traffic, you would need to download and install "OpenSSL" utility on the computer from where you will be making connections to the web server.

Please see the instructions below to download and install "OpenSSL":-

1. Download "OpenSSL" from http://slproweb.com/products/Win32OpenSSL.html

2.As of June 11th 2012, you can download either "Win32 OpenSSL v1.0.1c Light" (for 32-bit Windows) or "Win64 OpenSSL v1.0.1c Light" (for 64-bit Windows)

3. It is recommended that you download and install the "Visual C++ 2008 Redistributables" as well before installing "OpenSSL" binaries. Please install the 32-bit or 64-bit version depending upon your OS type.

4. Once the "C++" and "OpenSSL" binaries are installed on the computer you should be ready to test the protocol that your webserver is using.

i. Open cmd on the computer where you installed "OpenSSL"

ii. Change path to the OpenSSL\bin directory

iii. Type the command: "openssl s_client -ssl2 -connect SERVERNAME:443" where SERVERNAME is the hostname (or FQDN) or IP address of your webserver and port 443 is your default https port.

iv. If your webserver does not support SSLv2, then you should receive output similar to this:-


openssl s_client -ssl2 -connect SERVERNAME:443
CONNECTED(00000003)
458:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:


v. If your webserver does support SSLv2, then you would receive an output with the certificate key and lot of other information.

In the next post, I will demonstrate how to disable SSLv2 and other vulnerable protocols.

Fix SSL Vulnerability Part 1 of 3: SSL and TLS introduction

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are required for secure data communication over the internet. TLS and SSL encrypt the network communication using various parameters that are decided during the initial client-server handshake. These protocols help to prevent eavesdropping and to securely identify the web server with which the connection is being made thereby making your data transactions over the internet (such as bank account access, online purchase at amazon.com, e-bay.com or other such sites, donations to an organization using credit card/bank account, household utility account access, etc) more secure.