IBM 5170 TEMPEST variant

IBM 5170 TEMPEST variant

I had an inquiry recently regarding the Tempest version of the IBM 5170, also known as the IBM 4459. The IBM 5170 Tempest variant was a version of the conventional IBM PC/AT designed for sensitive environments. It is more of a curiosity today, and there are good reasons why it is rare.

Having spent part of my career in the type of environment where this machine would have been used, I can elaborate on some of its design, and why it was built the way that it was. I may also be able to give some insight into why not many of these devices survive today.

Read more

What does legacy mean in software

What does legacy mean in software

In computer software and general IT circles, you will sometimes hear the phrase legacy thrown around. And you may hear some conflicting information about what legacy means. So let’s talk about what legacy means and software, and computers in general.

Read more

Handling API pagination with Python

A common problem in using Python to gather data via APIs is pagination. Most APIs have a limit on how much data they are willing to send you in a single API call. So they break the data into pages. In this blog post, I’ll go through an example of handling API pagination in Python.

Read more

What is a dataframe in Python?

What is a dataframe in Python?

You’ll frequently hear the word dataframe thrown around, sometimes by data scientists or Python programmers. It can be an intimidating subject but it doesn’t need to be. Let’s talk about what a dataframe is in Python, in lay person’s terms, and how you can use them.

Read more

What manual testing is in security

What manual testing is in security

The SANS vulnerability management maturity model has an entire section on manual testing. That may not be a phrase you hear very often because there are several types of manual tests. So what is manual testing in security?

Manual testing is a form of security testing, namely, looking for security vulnerabilities in a non-automated or semi-automated fashion at most. It is not the same as vulnerability scanning like one does with tools like Nessus or Qualys.

Read more

How frequently Linux updates

How frequently Linux updates

Unfortunately, how frequently Linux updates is not a straightforward question with a straightforward answer. Linux and related software get updates when the updates are ready. This can confuse security professionals who are used to companies like Microsoft and Adobe releasing updates on a predefined schedule.

Read more

Qualys superseded updates and caveats  

Qualys superseded updates and caveats  

The vulnerability scanner Qualys has the ability to filter superseded updates in its reports and over the API. This is a popular feature. Unfortunately, it does have some caveats that aren’t always very well understood. Here’s what you need to know about Qualys superseded updates and its caveats.

Read more

Watermelon KPI meaning and examples

Watermelon KPI meaning and examples

A former Microsoft executive referenced watermelon KPIs the other day on social media. It’s been a long time since I’ve heard that term, but I see examples of watermelon KPIs frequently. Let’s talk about what watermelon KPIs are, how to recognize them, and why they are bad, but people still love them.

A watermelon KPI is a statistic or metric that looks good, but upon further examination, is actually bad. Like a watermelon, these KPIs are green on the outside, but red on the inside.

Read more

Update Windows without rebooting

Update Windows without rebooting

Of course, saying you can update Windows without rebooting is a bit of a misnomer. Some updates don’t require a reboot, but with the ones that do, there isn’t really any getting around it. You can delay the reboot, but if you never get around to rebooting, you have a partially applied update indefinitely.

But here’s how I used to use delayed reboots to help me get more done in my maintenance window.

Read more

What a pocket veto is

What a pocket veto is

A pocket veto is a political term, but it doesn’t strictly apply only to governments. It is also a concept or practice in business politics. It’s something I deal with quite a bit as a security professional.

Read more