Infocon: green

 ∗ SANS Internet Storm Center, InfoCON: green

Keeping an Eye on Tor Traffic

Keeping an Eye on Tor Traffic, (Thu, May 26th)

 ∗ SANS Internet Storm Center, InfoCON: green

ISC Stormcast For Thursday, May 26th 2016 http://isc.sans.edu/podcastdetail.html?id=5013, (Thu, May 26th)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

Once Upon a Time

 ∗ A List Apart: The Full Feed

VMWare Security Advisories, (Wed, May 25th)

 ∗ SANS Internet Storm Center, InfoCON: green

VMware has released the following new and updated security advisories:
...(more)...

Patch

 ∗ xkcd.com

My optimizer uses content-aware inpainting to fill in all the wasted whitespace in the code, repeating the process until it compiles.

Position Wanted: Front-End Director

 ∗ Zeldman on Web & Interaction Design

WE have creative directors and design directors, but we don’t seem to have any front-end directors. And maybe we should.

For years at big companies, people in different silos have written CSS with no information or understanding about each other’s work. This results in huge, sloppy files that have a negative impact on site performance, as folks write more and more complex rules trying to override pre-existing ones … or “solve” the problem by adding dozens or even hundreds of classes to their CSS and markup.

Professionals with serious front-end chops have tried to solve the problem by coming up with complex rules and systems which, by the time they filter their way down to less experienced developers, get turned into dogma. Every time I see a front-end article’s comments section rapidly fill with absolute statements about whether it’s okay or not to use id, I recognize that someone’s good idea has turned into somebody else’s religion.

And while I commend my colleagues who craft approaches to CSS that help avoid the inevitable problems large-scale enterprises encounter when many coders in many silos work on many components without talking to each other, I think there may be another way to look at the problem.

We all know having many people in many silos write CSS any old way doesn’t work, unless you consider bloat and poor performance working.

And while restricting how you allow people to write code solves some of these problems, it introduces others: too many class names is just another word for bloat.

So how about following the example of other creative endeavors, and putting a single mind in charge? After all, no matter how many disparate photographers, teamed with how many art directors, work on a given issue of a periodical, there’s always a lead art director who advises, helps plan shoots, and ultimately approves the work. Every orchestra requires a conductor. And no matter how many animators work on a film, there’s always a director. There’s a reason for that.

Imagine shooting a film with no director and no storyboards, in which each scene was written by a different screenwriter, and nobody knew the shape of the overall story. It wouldn’t make a coherent movie, much less a good one. Yet that’s how too many big organizations still approach front-end design and development.

So here’s a thought, big orgs. Instead of throwing a thousand front-end developers at your problem and seeing what sticks, consider creating a front-end director position as empowered as any other director at your organization.

The post Position Wanted: Front-End Director appeared first on Zeldman on Web & Interaction Design.

ISC Stormcast For Wednesday, May 25th 2016 http://isc.sans.edu/podcastdetail.html?id=5011, (Wed, May 25th)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

Stop Using "internal" Top Level Domain Names, (Wed, May 25th)

 ∗ SANS Internet Storm Center, InfoCON: green

Cert.org this week warned again that internal top level domain names can be used against you, if ...(more)...

This week's sponsor: ​FullStory

 ∗ A List Apart: The Full Feed

With our sponsor FULLSTORY, you get a pixel-perfect session playback tool that helps answer any question about your customer’s online experience.​ ​One easy-to-install script captures everything you need.

ISC Stormcast For Tuesday, May 24th 2016 http://isc.sans.edu/podcastdetail.html?id=5009, (Tue, May 24th)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

Technical Report about the RUAG attack, (Mon, May 23rd)

 ∗ SANS Internet Storm Center, InfoCON: green

RUAGis a Swiss based company that participatesin the aerospace, defense, and space industries. In ...(more)...

Rainbow

 ∗ xkcd.com

Listen, in a few thousand years you'll invent a game called 'SimCity' which has a 'disaster' button, and then you'll understand.

Digital Data

 ∗ xkcd.com

“If you can read this, congratulations—the archive you’re using still knows about the mouseover textâ€!

ISC Stormcast For Monday, May 23rd 2016 http://isc.sans.edu/podcastdetail.html?id=5007, (Mon, May 23rd)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

The strange case of WinZip MRU Registry key, (Sun, May 22nd)

 ∗ SANS Internet Storm Center, InfoCON: green

When we want to know if a document (.doc, ...(more)...

Python Malware - Part 2, (Sat, May 21st)

 ∗ SANS Internet Storm Center, InfoCON: green

I would have liked to create a PEiD signature for

ISC Stormcast For Friday, May 20th 2016 http://isc.sans.edu/podcastdetail.html?id=5005, (Fri, May 20th)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

EITest campaign still going strong, (Fri, May 20th)

 ∗ SANS Internet Storm Center, InfoCON: green

Introduction

Originally reported by Malwarebytes in October 2 ...(more)...

TeslaCrypt closes down...Releases master decryption key, (Thu, May 19th)

 ∗ SANS Internet Storm Center, InfoCON: green

In a surprising move. ...(more)...

ISC Stormcast For Thursday, May 19th 2016 http://isc.sans.edu/podcastdetail.html?id=5003, (Thu, May 19th)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

Resources: Windows Auditing & Monitoring, Linux 2FA, (Wed, May 18th)

 ∗ SANS Internet Storm Center, InfoCON: green

Some useful resources for your reading pleasure and implementation:

1) A recently publi ...(more)...

Bun

 ∗ xkcd.com

If a wild bun is sighted, a nice gesture of respect is to send a 'BUN ALERT' message to friends and family, with photographs documenting the bun's location and rank. If no photographs are possible, emoji may be substituted.

The Rich (Typefaces) Get Richer

 ∗ A List Apart: The Full Feed

Design systems and Postel’s law

 ∗ journal

I was first made aware of Postel’s law by Jeremy in his fabulous talk about design principles. Incidentally, he’s documenting lots of design principles here.

Postel’s law – or the Robustness principle - states:

Be conservative in what you do, be liberal in what you accept from others (often reworded as “Be conservative in what you send, be liberal in what you accept”). From Wikipedia

Jon Postel was talking about TCP and how implementations should follow this principle. Putting TCP and networks to one side for a minute, you can see how this principle can apply to many systems where there is input and output. Specifically, design systems.

The basic premise of Postel’s law is that what comes into a system can, and invariably, is a mess. Non-Compliant, delivered in a weird way, unconventional.

When thinking about this, I recall some work I did years ago on a ticketing system for a help desk. The single biggest hurdle, in order for the system to be successful was it had to be liberal in what it accepted. Tickets needed to be created from email, phone applications, web applications, voice recognition etc. The hardest part was getting stuff into the system. Only then could a single ticket be created - from various sources, in varying quality of data – in a single useable ticket for use with the large team.

Be liberal in what you accept (from emails, apps, voice, websites) and conservative with what you do (creating a single, well-defined ticket).

I see this same principle being applied to design systems.

Collaborating across an organisation to create a meaningful, impactful design system means you have to be liberal in what you accept from others into the system. Be it code, thoughts, design work, content, or criticism. That input can also come from many different teams, strategy, executives, products, people. You see, it’s a big mess! And the only way, really, to work with a system like this is to be open to all input from wherever it comes, in whatever form takes. To be liberal with what you accept.

This approach does a few things:

  1. Makes people feel involved, consulted, and listened to. This a good thing.
  2. Exposes the system to the dirtiest, out-of-date, horrendous use-cases possible. This is also a good thing. Mostly these use-cases are ignored because they are horrible.
  3. Helps turn a system that is owned, to one that is shared.
  4. Helps identify themes across an organisation.
  5. Helps the design system core team operate at a holistic level.

Policing a design system never works in my experience. It never works because people don’t like rigid systems, being told what to do, and will straight up do the opposite. Being liberal in accepting things into the system, and being liberal about how you go about that, ensures you don’t police the system. You collaborate on it.

So, what about the output? Remember: be ’conservative in what you do’. For a design system, this means your output of the system – guidelines, principles, design patterns, code, etc etc. – needs to be clear, unambiguous, and understandable. It needs to turn the messiness of a liberal input into a defined, purposeful output that people can easily slot into their workflow and use.

Once again, I find myself in a place banging heads with how work happens rather than what the work is. Someone once said to me that ‘design principles are the stars to sail our ship by’. I’m certainly going to be using Postel’s law to sail my particular ship in the months and years ahead.

ISC Stormcast For Wednesday, May 18th 2016 http://isc.sans.edu/podcastdetail.html?id=5001, (Wed, May 18th)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

VMWare Security Advisories VMSA-2016-0005, (Tue, May 17th)

 ∗ SANS Internet Storm Center, InfoCON: green

VMWare published today a security advisory about the following CVEs: ...(more)...

CVE-2016-2208 Symantec Antivirus Engine Malformed PE Header Parser Memory Access Violation, (Tue, May 17th)

 ∗ SANS Internet Storm Center, InfoCON: green

More vulnerabilities! This time the Symantec Antivirus engine. There ...(more)...

Apple Updates: https://support.apple.com/en-us/HT201222, (Tue, May 17th)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

Exploit Available For Cisco IKEv1 and IKEv2 Buffer Overflow Vulnerability, (Tue, May 17th)

 ∗ SANS Internet Storm Center, InfoCON: green

An exploit has been made publicly available for CVE-2016-1287. A patch for the vulnerability, and ...(more)...

Reliably hosted by WebFaction.com