Spirent acquisition of Mu Dynamics marries heavyweight load-bearing, barrage-level security testing | Security Bistro http://bit.ly/IoitP5
Why Cloud is Bad for Startups
It’s been a year since we launched blitz.io, an awesome multi-tenant application performance testing/monitoring platform running on AWS and Heroku. Looking back at the year, it’s been an amazing ride and we’ve helped a pretty diverse class of users that have no intent on becoming performance experts to really understand the difference between concurrency and hits. But I’m pretty disillusioned right now. Not to mention bored. And I think its the cloud.
NoOps, ShmoOps and Somebody Else’s Problem
This week there’s been much talk about NoOps with posts from @adrianco, @allspaw and @krishnan, to name a few. It all started with this infographic from @appfog. The challenge is that the combination of the words No and Ops is wide open for [mis]-interpretation.
Adding New Relic Analytics to Blitz
We are excited to announce that Mu Dynamics has added New Relic as the first of many analytics plugins to bring their awesome metrics into our Blitz post-rush statistics. New Relic offers solutions to monitor, troubleshoot, and tune your production web apps 24×7. Available immediately, New Relic Pro customers can begin using Blitz to run as many load tests as they want, when they want it, while automating load and performance testing into their continuous deployment.
On the Blitz side, it means that when you use New Relic to monitor your app, after rushing that app with Blitz you can overlay New Relic data on the standard Blitz response time charts. We can show you inside-out metrics (such as CPU and memory utilization) in addition to outside-in metrics (response times, rates and number of users), giving you complete visibility into your app or your web site.
Sound good? It is. And the response charts are even prettier now too.
Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1
TLS record handling vulnerability in GnuTLS [MU-201202-01] [CVE-2012-1573]
ASN.1 length decoding vulnerability in Libtasn1 [MU-201202-02] [CVE-2012-1569]
Download The PGP Signed Text Version Of This Advisory
Note: Thanks to Red Hat Security Team for requesting the CVE IDs above.
blitz.io: Using Redis Transactions with CouchDB
At blitz.io, for a while there, we were only relying on CouchDB clusters as the primary NoSQL database with some in-memory caching. As we grow (rapidly) and scale out, there are aspects of what we collect and store that are transient and real-time. While CouchDB is awesome for the map/reduce, replication and incremental view indexes, the real-time queues (emails, counters, stats, etc) natural lend themselves to, yup, redis. We are in the process of rolling out geo-located redis instances as part of our global infrastructure.
How to win in the age of cyber war
While the bad news is that experts are declaring that we have entered the age of cyber war, the worse news as we enter 2012 is that security systems and professionals are just not able to keep up. Security attacks are increasing in their complexity and intensity every day. These range from inter-state attacks (like the one on Raytheon this year and the ones from China that are being investigated by the U.S. government) to cyber-crime (that includes countless malware and DDOS attacks against businesses and consumers).
Validating Application Detection Signatures
In the new world of next-generation networks, pretty much every leading network equipment manufacturer (NEM) today has application-awareness built into their products. Whether it’s an application firewall, serving gateway or edge router, they’re all using deep packet inspection (DPI) to look deep into the network traffic to identify the specific application.
For example, Cisco has Application Visibility & Control, Juniper has AppSecure, Palo Alto Networks has App-ID, Sandvine has Traffic Identification and Tellabs has Application Identification.
Each vendor has their own proprietary database comprised of hundreds or thousands of application signatures and on finding a match, their system can then take action based on the defined policy (e.g. block an application, apply QoS, etc…)
Before these new application signatures are released however, testing is needed to ensure the accuracy of the detection. One of the major challenges is to avoid the false positive, in which an application is misclassified.
Dear Angry Nerds, meet Blitz the Bird Thrower
This is a repost of my Atlassian’s guest blog, announcing a Bamboo plugin for blitz.io.
The pig of a problem
We all know what happens when your app performs like a pig. You lose users, customers and revenue. Your app is slow, the failing pigs don’t amuse your customers and you hear about it as the trending topic on Twitter. In most cases you don’t even know that it’s slow until you push the app into production, multiple times a day. How can you identify performance bottlenecks earlier in the cycle? And, if you don’t discover them how to you find and fix them as fast as possible?
Enter Blitz – a performance testing tool, built by Nerds that were angry at how the existing tools weren’t keeping pace with the new Application Development Lifecycle that has Continuous Integration as its center piece.
4 full bars but no buzz?… start doing DPI
Ever been in a situation where you have four full bars but can’t make a call? I have, and that’s what made me realize that signal strength is but one of many factors that affect connectivity. Fancy wireless techniques like spatial beam forming and frame aggregation between the cell tower and the phone sounds really cool but if the network is congested at the back end then magic on the radio side won’t amount to much for the user. Full Post »
