David L. Farquhar, computer security professional, train hobbyist, and landlord
In computer software and general IT circles, you will sometimes hear the phrase legacy thrown around. And you may hear some conflicting information about what legacy means. So let’s talk about what legacy means and software, and computers in general.
A common problem in using Python to gather data via APIs is pagination. Most APIs have a limit on how much data they are willing to send you in a single API call. So they break the data into pages. In this blog post, I’ll go through an example of handling API pagination in Python.
You’ll frequently hear the word dataframe thrown around, sometimes by data scientists or Python programmers. It can be an intimidating subject but it doesn’t need to be. Let’s talk about what a dataframe is in Python, in lay person’s terms, and how you can use them.
The SANS vulnerability management maturity model has an entire section on manual testing. That may not be a phrase you hear very often because there are several types of manual tests. So what is manual testing in security?
Manual testing is a form of security testing, namely, looking for security vulnerabilities in a non-automated or semi-automated fashion at most. It is not the same as vulnerability scanning like one does with tools like Nessus or Qualys.
Unfortunately, how frequently Linux updates is not a straightforward question with a straightforward answer. Linux and related software get updates when the updates are ready. This can confuse security professionals who are used to companies like Microsoft and Adobe releasing updates on a predefined schedule.
A former colleague contacted me some time ago with an interesting conundrum. I thought his problem in the solution would be worth sharing, because it’s not at all uncommon. He manages a network of, let’s say, 22,000 computers. But he has licenses to scan 8,800 of them. The question is, what can he do?
The vulnerability scanner Qualys has the ability to filter superseded updates in its reports and over the API. This is a popular feature. Unfortunately, it does have some caveats that aren’t always very well understood. Here’s what you need to know about Qualys superseded updates and its caveats.
A former Microsoft executive referenced watermelon KPIs the other day on social media. It’s been a long time since I’ve heard that term, but I see examples of watermelon KPIs frequently. Let’s talk about what watermelon KPIs are, how to recognize them, and why they are bad, but people still love them.
A watermelon KPI is a statistic or metric that looks good, but upon further examination, is actually bad. Like a watermelon, these KPIs are green on the outside, but red on the inside.
Of course, saying you can update Windows without rebooting is a bit of a misnomer. Some updates don’t require a reboot, but with the ones that do, there isn’t really any getting around it. You can delay the reboot, but if you never get around to rebooting, you have a partially applied update indefinitely.
But here’s how I used to use delayed reboots to help me get more done in my maintenance window.
A pocket veto is a political term, but it doesn’t strictly apply only to governments. It is also a concept or practice in business politics. It’s something I deal with quite a bit as a security professional.