Thursday, 31 October 2013

Cloudera positions Hadoop as an enterprise data hub

Taking note of how customers have been working with its Hadoop distribution, Cloudera has expanded the scope of its software so that it can serve as a hub for all of an organization's data, not just data undergoing Hadoop MapReduce analysis.

Some of Cloudera's enterprise customers have "started to use our platform in a new way, as the center of their data centers," said Mike Olson, Cloudera's chairman and chief strategy officer.

[ Also on InfoWorld: Hadoop is not enough for big data, says Facebook analytics chief. | Harness the power of Hadoop with InfoWorld's 7 top tools for taming big data. | Discover what's new in business applications with InfoWorld's Technology: Applications newsletter. ]

"We think this is a very big deal. It will change the way the industry thinks about data," Olson said.

Cloudera has released a new beta of its commercial distribution, Cloudera Enterprise, that provides tools for managing an organization's data, as well as tools from Cloudera and third parties for data analysis.

Olson announced the beta of Cloudera Enterprise 5 at the O'Reilly Strata-Hadoop World conference, being held this week in New York. 

"It used to be that an organization had lots of balkanized data silos," Olson said. "The stuff that you used to run on a data warehouse because you had no choice, now you can run on the hub."

Putting the data in a Hadoop-based storage repository has many advantages, Olson argued. You can run different types of analytical workloads against the data in the hub. It can easily feed data to other systems, such as content management systems. It can work as an archiving system. 

An enterprise data hub, Olson said, can store data as it is generated, even if the organization isn't sure how the data will be needed. Such data may be valuable later for machine learning analysis or other uses not considered.

An enterprise hub also puts security and governance mechanisms in place to safeguard the data. Cloudera has been working on these tools for several releases, Olson said.

 "Our ambition is to draw more workloads in and make the hub more valuable over time," he said. 

Part of Hadoop's newfound ability to act as a data hub comes from software additions in the latest version of the open-source software, Apache Hadoop 2, on which Cloudera Enterprise is built.

The inclusion of YARN (Yet Another Resource Manager), for instance, allows Hadoop to handle multiple analysis applications, not just those that run on the batch process-oriented MapReduce.

To facilitate the hub, Cloudera has also set up a management framework that third-party analysis applications can plug into. SAS, Revolution Analytics, Syncsort and other organizations have ported some of their software to the platform. Porting analysis software requires that the operations be executed in parallel, as data in Hadoop is typically distributed across multiple nodes, Olson said. 

Cloudera Enterprise 5 also adds the ability to cache HDFS (Hadoop Distributed File System) contents in the working memory of a server, which can boost query response and data processing times.

The company's Navigator auditor tool now allows analysts and data modelers to search, explore, define and tag datasets. Users can add customized queries to Cloudera's Impala SQL engine. And Cloudera Enterprise 5 can work with the NFS (Network File System) nodes, which should make the process of injecting data into HDFS much easier, Olson said.  

The software also now can take snapshots of the data, providing a backup if the original data is lost or destroyed. 

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com.


View the original article here

Enterprise software revenue growth suggests recovery under way, IDC says

The global enterprise software market expanded by 5.5 percent year over year during the first half of 2013 to $179 billion, a result that suggests a tentative rebound from economic turmoil in Europe, according to analyst firm IDC.

Global software revenue ticked up 5.1 percent during the same period in 2012, IDC said Wednesday. For the full year 2013, IDC expects a 5.7 percent growth rate.

[ For quick, smart takes on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. | Find out what topics and issues affect tech's biggest names and news makers in the IDGE Insider CEO interview series. | Read Bill Snyder's Tech's Bottom Line blog for what the key business trends mean to you. ]

"Enterprises are seeing new opportunities to drive new and improved products and services by leveraging information," IDC senior vice president Henry Morris said in a statement. "Therefore, it stands to reason that software to manage, access, and share information (structured and unstructured) continues to be a priority for competing in today's economy."

The analyst firm breaks the software market into three main segments: applications; application development and deployment; and systems infrastructure.

Applications experienced a 5.8 percent sales increase in the first half of this year, driven by 28.3 percent growth in enterprise social networking product sales.

Application development and deployment product revenue lagged those results slightly, with a 5.1 percent first-half growth rate. Systems infrastructure software sales also increased 5.1 percent overall, but the system software subcategory jumped more than 8 percent due to factors such as the Windows 8 launch, according to IDC.

By region, Latin America was the fastest-growing area with an 8.6 percent uptick, followed by the U.S. with 7.9 percent. Growth was 5.1 percent in Western Europe.

Asia-Pacific saw a 6.6 percent rise in software revenue but only when Japan is excluded. A devalued yen resulted in a 9.2 percent drop in software revenue there when calculated in U.S. dollars, IDC said.

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris' email address is Chris_Kanaracus@idg.com.


View the original article here

Eucalyptus eases way to bring Amazon cloud deployments in-house

Service Desk Comparative ReportGartner's recent magic quadrant for IT Service Support Management included no vendors as leaders or innovators. Learn why and how ITinvolve is delivering an innovative service desk solution that empowers IT staff through social collaboration and visualization to improve incident analysis and triage to speed incident resolution time.

Read now »

View the original article here

iOS apps vulnerable to Wi-Fi hijacking bug

iOS apps vulnerable to Wi-Fi hijacking bug

Researchers from device security firm Skycure have unearthed an unnerving vulnerability in iOS that can be used to hijack a number of apps when used on an insecure Wi-Fi network. And it might not just be an iOS issue, either.

Skycure calls the problem "HTTP Request Hijacking," or HRH for short, and it exploits the way many iOS applications deal with receiving an HTTP 301 status code ("Moved Permanently") from a server.

"Most mobile apps do not visually indicate the server they connect to," says Skycure, "making HRH attacks seamless, with very low probability of being identified by the victims."

At its core, the attack is essentially a variant on a standard man-in-the-middle attack. If an app is used on an insecure Wi-Fi network, an attacker can intercept requests sent by the app, reply to the requests with a 301, and trick the app into being redirected to a hostile server.

This is bad enough, but iOS apps have a behavior quirk that makes them particularly vulnerable to the attack: Whenever they receive a 301 redirection request, that request is cached indefinitely. In other words, once an attacker uses a request hijack on an iOS app, its requests are redirected continuously to the hostile server until the cache is cleared ... and the user may never know about it.

HRH attacks do require a few conditions to be met before they can be pulled off successfully. Most crucially, they need to be "physically near the victim for the initial poisoning," meaning that the attacker has to know where the user is connecting via Wi-Fi and hijack that specific connection.

Skycure has declined to name specific apps that are affected by this bug, as part of its responsible disclosure policy. Instead, the company has created a sample application that demonstrates the problem in action, along with a short video demonstrating the hijack. Most importantly, Skycure has published code in its article that allows concerned iOS developers to fix the problem quickly.

The New York Times Bits Blog was one of the first third-party sources to spread the word, noting that the same researchers also found another iOS-related security issue, back in 2012, in which LinkedIn's iOS app turned out to be leaking sensitive information when it collected meeting details from users' iOS calendars. LinkedIn has long since fixed that problem, but more recently it's come under fire yet again for another iOS app, LinkedIn Intro.

In a final note to its post, Skycure adds that "HRH isn’t necessarily a problem of iOS applications alone; it may apply to mobile applications of other operating systems too." In the abstract, the mechanism of an HRH attack isn't specific to iOS. If another platform -- Android, for instance -- behaves the same way in caching 301 requests, the same attack could conceivably be performed there as well.

Let's hope that's not the case -- but better yet, let's find out if it is true and do something about it.

This story, "iOS apps vulnerable to Wi-Fi hijacking bug," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.


View the original article here

Lenovo claims battery life crown with new Yoga tablets

Lenovo is claiming that its new Yoga tablets will offer 18 hours of battery life when browsing the web, which would be the longest when compared to other tablets.

The company's new Yoga tablets, which will come in 8-inch and 10.1-inch versions, will provide 12 to 14 hours when watching high-definition video, said Stephen Miller, Lenovo ambassador. The tablets were announced at a launch event in New York.

[ Also on InfoWorld: Tablets shipments to mushroom by 53 percent in 2013. | Understand how to both manage and benefit from the consumerization of IT with InfoWorld's "Consumerization Digital Spotlight" PDF special report. | For a quick, smart take on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. ]

The battery life can be even longer if the tablets are set to low screen brightness, Miller said.

If Lenovo's claims of battery life hold up, the Yoga tablets will beat competition handily. Tablets today are at best able to squeeze up to 11 hours of battery life. The Yoga tablets have high-capacity cylindrical batteries similar to ones used in laptops, which helps prolong battery life.

The 8-inch tablet, which is priced at $249, weighs 400 grams. The 10.1-inch tablet is at $299 and weighs 603 grams. The tablets will run Android 4.2 and be available in the U.S. on Wednesday. The company did not comment on worldwide availability.

The battery is housed in the tablet's circular base, which makes it easier to grip the device. A kick-stand allows the tablet to sit firmly on the table.

With a circular base, the Yoga tablets bears a resemblance to Notion Ink's now-defunct Adam tablet, which was one of the first Android tablets to ship when it became available in late 2010.

The Yoga tablets run on MediaTek quad-core processors with a clock speed of 1.2GHz. Both of the tablets display images at a resolution of 1,280 x 800 pixels.

Other features include a 1.6-megapixel front camera, a 5-megapixel back camera, up to 32GB of internal storage, and micro-SD card slot for expandable storage.

Lenovo has introduced a range of tablets, PCs, and hybrids in the last few years. The new products are important as buyers move away from PCs to mobile products.

"We shipped more smartphones and tablets than PCs," during the third quarter, Miller said.

Agam Shah covers PCs, tablets, servers, chips and semiconductors for IDG News Service. Follow Agam on Twitter at @agamsh. Agam's e-mail address is agam_shah@idg.com.


View the original article here

Microsoft to Windows XP users: your operating system is a major security risk

Microsoft isn't kidding when it says that people need to ditch Windows XP and has released alarming security numbers to prove its point. XP systems are indeed markedly more likely to fall prey to malware than later versions of Windows.

According to the firm's SIR (Security Intelligence Report) for the first half of 2013, Windows XP SP3 32-bit suffered a malware infection rate of 9.1 systems per 1,000 computers, which sounds modest until you read that the equivalent number of Windows 7 32-bit was 5.0 and for Windows 8 64-bit it was 1.4.

[ Windows 8 left you blue? Then check out Windows Red, InfoWorld's plan to fix Microsoft's contested OS. | Microsoft's new direction, the touch interface for tablet and desktop apps, the transition from Windows 7 -- InfoWorld covers all this and more in the Windows 8 Deep Dive PDF special report. | Stay atop key Microsoft technologies in our Technology: Microsoft newsletter. ]

To eliminate the possibility that this difference was caused by the behaviour of XP users, the firm correlated the number of infections to the encounter rate, in other words the number of systems in each OS version that met malware requiring intervention by Microsoft's security products.

Here, the different incarnations recorded roughly similar encounter rates, with XP at 16.3 percent, Vista at 16.5, Windows 7 at 19.1 percent, and Windows 8 RTM at 12.4 percent. Apart from underlining that Windows 7 is now probably the most targeted OS, it is clear that with Windows XP the ratio of encounters to infections is unflattering.

As the report's authors admit, that XP should be more vulnerable 12 years after its release than newer Windows versions is hardly surprising; malware creators have had longer to craft attacks, spot software flaws, and exploit the weaker security protection in the OS. But the point, Microsoft argues, is that the XP hardcore are taking a risk using the operating system in 2013, something that will only increase as an issue after the end of support in April 2014.

"Computers running Windows XP in 1H13 encountered about 31 percent more malware worldwide than computers running Windows 8, but their infection rate was more than 5 times as high," is the dry but accurate summary from the report authors.

Of course, all of this fits with Microsoft's earnest wish to see the back of XP and shift seats on to Windows 8. The other perspective is that Microsoft has drawn these numbers from its vast global database of systems running Windows operating systems and for this reason the numbers deserve to be taken seriously. Anyone who wants to be frightened some more might want to read a summary of the above points by Microsoft's director of trustworthy computing, Tim Rains.

For firms not able to abandon XP in 2014 for technical reasons (i.e. the need to support inhouse applications), the options are to use XP in a desktop virtualisation environment, adopt a policy of OS isolation (locking down applications, disconnecting USB ports, limiting Internet connectivity) or even buy a probably very expensive third-party support agreement.

One other interesting snippet from the report is the apparently shockfinding that running real-time antivirus software seems to be a good idea, or at least greatly reduces infection rates; malware infection rate is 7.1 times higher for those systems running real-time antivirus compared to those that don't.

This doesn't mean that when antivirus fails, it doesn't fail spectacularly -- and often enough to cause major concern about its effectiveness against targeted attacks -- but does underline that rumours of its imminent death are exaggerated.


View the original article here

MongoDB support firm says intruders may have accessed databases

MongoHQ, which provides hosting and support for the open-source Mongo database, said attackers may have accessed several of its customers' databases earlier this week.

On Monday, someone accessed an internal support application using a password that had been used for a compromised personal account, wrote Jason McCay, MongoHQ's founder.

[ Andrew C. Oliver answers the question on everyone's mind: Which freaking database should I use? | Keep up with the latest approaches to managing information overload and compliance in InfoWorld's Enterprise Data Explosion Digital Spotlight. ]

The support application contains connection information for customer MongoDB instances, along with lists of databases, email addresses, and user credentials hashed with bcrypt, a file encryption tool, McCay wrote. An audit showed that several databases may have been accessed via that support application.

"We believe we have exhausted the scope of this compromise and are directly contacting all affected customers," McCay wrote. "We are continuing to evaluate our audit logs and conducting further investigations with the help of third-party experts."

The company invalidated credentials such as IAM (Identity and Access Management) keys it stored for customers using Amazon Web Services (AWS) for backups. MongoHQ has notified AWS of the accounts that may have been affected, and AWS is offering Premium Support for organizations that need new credentials, McCay wrote.

MongoHQ, which has offices in California and Alabama, provides services to let developers create and manage NoSQL Mongo databases for their applications.

Since the breach, MongoHQ said it has reset the login credentials for its employee accounts, including email, network devices and internal applications. Employee-facing support applications have been disabled until two-factor authentication is enabled, VPN connections to those applications are enforced and employee access permissions are reviewed, McCay wrote.

In the meantime, McCay said MongoHQ is modifying its system to encrypt and decrypt data at the application level, which will mitigate possible damage from the same type of intrusion. It has also hired a security consulting firm to do a penetration test of its application stack, McCay wrote.

"Based on their recommendations, we will be hardening our applications to provide more layers of security," he wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk.


View the original article here