Here are a couple of interesting articles from the last few days on Slashdot.
First, comes in a very non-surprising survey saying that “40 percent of organizations store admin passwords in Word documents“. Judging from my personal experiences in different companies, I’d say this number is much higher if you extend the Word documents to Excel spreadsheets and plain text files. I think pretty much every single company I’ve worked at used such common files for admin password storage (at least at some point).
“Why or why?!!!”, the security concerned among you might scream. Well, I think there are two reasons for this. The first one is that password management is complicated. There are tools that help with this, but even those are rarely easy to use. Storing the passwords in a secure, encrypted storage is one thing. But, how do you share them with just the right people? How do you trust the tool? What happens if the file gets corrupted, the software updates, the license expires, or the master password is lost? The risk of losing admin access to all your equipment and accounts is scary. On top of that, there is the issue of changing passwords (especially when people leave the company) – not a simple job if you have a variety of accounts (hardware, software, services, etc) and a lot of people who have a varying degree of access. Or automation scripts that need access to perform large scale operations. Personally, I don’t think this problem has been solved yet.
The second reason is in this other Slashdot post – “Sad Reality: It’s Cheaper To Get Hacked Than Build Strong IT Defenses“. This is very true as well. A simple firewall and a strong password policy is often more than enough for many organizations. The risks of compromise are low. In those cases where it does happen, you’d often get some script kiddie consequence like a Bitcoin mining app or affiliate links spread across your website. Both are quite easy to detect and fix. Is it worth investing hundreds of thousands in equipment and personnel to prevent this? For many companies it is not.
The fact of the matter is that a lot of people don’t really care about security or privacy on the personal level, and that then translates into the organizational mentality as well.
Just think about people leaving in all those high crime areas. Some of them think the risk is worth it – maybe then can make more money there or have a more exciting life. Some of them simply can’t afford to move anywhere. That’s very similar to the digital security, I think. Some don’t care and prefer to run the risk, saving the money on protection. Some simply can’t afford to have a decent level of security.
O’Reilly runs a nice and simple article on what is risk management. They look at it from the perspective of a web application, but the suggestions are generic enough to be applied universally. The highlights are:
- Managing risk
- Identifying risk
- Remove worst offenders
- Review regularly
I particularly liked this paragraph from the identifying risks section:
You will likely find that there are obvious entries in the list, but there should also be entries that surprise you. This is good. You want to uncover as many of your risk vulnerabilities as possible, and if some of them don’t come as a surprise to you, you probably haven’t dug deep enough.
More and more paper work is moving into the digital domain, including legal documents. I’ve previously linked to Docracy – a service that provides a collection of legal documents, as well as tools to negotiate and sign them. Today I was made aware of another service – FormSwift. Some might find it to be more comprehensive, up-to-date and user friendly than the alternatives.
Have a look at the FormSwift’s collection of the free legal forms, which cover such categories as business, family, financial, life planning, real estate and other. Their tools are pretty sweet too, with support for Word and PDF files, and an online editor for PDF – not something you see every day.
Here is something that I don’t need now, but I’m sure the day will come when I’ll be looking for a resource like this – 800-Numbers. It’s a categorized listing of a whole lot of companies with their 1-800 toll free numbers.
Slashdot runs these two stories, a day apart:
Nobody is dying (yet), but it’s an interesting change in trends. Read Slashdot comments for more insight.
CommitStrip nails one of the ways of getting into a bad project …
I remember reading an interview with Matt Mullenweg (though can’t seem to find a reference now), where he said that this sort of thing happened with Automattic. People were asking them for commercial support, but they didn’t want to do it, so they started with an insane amount of like $5,000 per month and all of a sudden found themselves with a queue of people outside.
And they were not alone, of course.
400+ Awesome Free Tools To Build Your Business – is an awesome collection of tools, resources, and creatives for anybody trying to grow their business. You’ll find anything from logos and document templates to ebooks, hosting and developer tools.
Bloomberg reports on a largest technology acquisition ever (excluding telephony):
Dell Inc. agreed to buy EMC Corp. for about $67 billion in the largest technology acquisition ever, creating a corporate-computing giant that will use a wider product lineup to woo customers as demand slows and competition stiffens.
Dell plans to pay $24.05 a share in cash plus tracking stock in EMC’s prize holding,VMware Inc., valued at about $9 for each EMC share, the companies said in a statement Monday. The price of $33.15 a share is 28 percent above EMC’s closing level on Oct. 7, just before reports surfaced that a deal was in the works.
Zend Technologies, the company behind PHP, has been acquired by Rogue Wave Software. This sounds like huge news, except that I have no idea about who Rogue Wave Software are, what they do, and what’s their plan in regards to PHP. Sure, the announcement suggests that they’ll help to push PHP technology into the enterprise. But, I guess, that remains to be seen.
Congratulations and kudos to Zend Technologies for all the work they’ve done so far.
The $4 billion venture capital firm Andreessen Horowitz is sharing some of the startup metrics that they use (part 1, part 2). Here they are just for the overview, follow through to the blog posts for details:
- Bookings vs. Revenue
- Recurring Revenue vs. Total Revenue
- Gross Profit
- Total Contract Value vs. Annual Contract Value
- Life Time Value
- Gross Merchandise Value vs. Revenue
- Unearned or Deferred Revenue and Billings
- Customer Acquisition Cost (Blended vs. Paid, Organic vs. Inorganic)
- Active Users
- Month-on-Month Growth
- Burn Rate
- Cumulative Charts vs. Growth Metics
- Order of Operations
- Total Addressable Market
- Annual Recurring Revenue
- Average Revenue Per User
- Gross Margins
- Sell-Through Rate and Inventory Turns
- Network Effects
- Economies of Scale
- Net Promoter Score
- Cohort Analysis
- Registered Users
- Sources of Traffic
- Customer Concentration Risk
There are also some tips and tricks on charts and data presentation, like truncating the Y-axis. Here is an example:
Overall, quite a bit of useful information for analysis of different startups. No wonder their portfolio is so impressive!
P.S.: Love the creative approach to the domain name as well … a16z.com (16 letters between A and Z in the company name Andreessen Horowitz, minus a space).