Security Considerations to Think about when Migrating to the Cloud

cloudbackupCloud computing is quickly turning into something of an omnipresent practice, and for good reason.

And with a progressively mobile world and workforce, the power of the cloud has never been better. It needs no telling that technology designed to be available from wherever must have tough, up-to-date security to ensure that the only hands able to gain access are the only ones granted access.

It is important for businesses to talk to their provider to evaluate the attention being paid to privacy, security and compliance with data laws when they’re migrating to a cloud computing environment. Any provider must be in a position to improve on every one of those facets, but also should, at the very minimum, be in a position to equal what’s already in place.

Cloud Technology Risk Assessment Vital for Effective Security

If you ever want to be assured of effective security, then undertaking a comprehensive rigorous risk assessment when shifting to the cloud is paramount. However, this is not the end-all. Businesses should factor in every possible issue that may arise, and this also goes out to the cloud-computing partner.

Providers must be able to provide not just a thorough risk assessment: planning and proposing solutions for any problems that may come up should be part of their mandate. Cloud providers should be able to map their policies and procedures pertaining to any security mandate or contractual responsibility linked to privacy, security and compliance presented by their clients.

Solve Security Issues and Maintain Compliance

Ongoing maintenance and scanning are things a managed services provider should be able to offer. That, in addition to taking care of issues to do with log, vulnerability and security information management. Their compliance should help you in meeting many of the regulatory needs that include HIPAA/HITECH, PCI DSS as well as SOX.

Your security plan should also include value-added offerings such as vulnerability management and managed logging services. Such features help the IT team to cope with the demand, knowing that your cloud-based networks are regularly being monitored and logged.

Uphold the Security Foundation that allows for Adaptation with your Needs

It’s important to take utmost security practices into consideration when shifting to the cloud, but also equally important is maintaining that foundation and seeing to it that those practices mature and improve with the technology and needs of your firm.

You can even have a talk with your provider regarding how you see your company growing in the future, and have a plan in mind on how you would want to see your systems grow with you.

Choose a Reliable Provider to Whisk you to the Cloud

You can never underestimate the benefits of choosing a reliable provider when making the leap to the cloud. On top of cutting down on expenses and scalability, off-site management and maintenance can free up some valuable time for employees to focus on other important internal improvements other than server maintenance.

For businesses that consider all aspects of security when migrating to the cloud, they can sleep better at night knowing that due diligence has been followed when choosing a provider with proven credentials. This will only play in ensuring the safety of their network as they channel their energies to other matters.

Should All Computer Hackers Be Vilified?

hackerRecent news articles provide a constant reminder of the nation’s computer network security issues. The government and large companies are equally vulnerable to hackers seeking to obtain private data or corrupt sensitive files. The media continually condemns all hackers without recognizing the significant benefits provided by hackers. As a nation, there is little understanding of what hacking actually is and how, without hackers, many advancements would not likely have occurred. So, the question then becomes, are hackers good or bad?

That question is far too complex to have a simple answer. Hacking can be simply defined as probing software for vulnerabilities. Hackers are simply programmers who use their skills to identify weaknesses in software and explore ways to exploit those weaknesses. What typical consumers fail to understand is that hackers can use their skills to improve software as well as abuse its vulnerabilities. In fact, white hat hackers routinely work with organizations to find and close existing loopholes before less scrupulous hackers can take advantage of the weaknesses. Of course, there are times when companies and governments ignore warning signs until the damage is already done.

At that point, white hat hackers still close the loopholes and work with clients to minimize the potential for further intrusions. Because all hackers use essentially the same skill sets, it becomes a question of which ones are better able to spot potential vulnerabilities. While companies have, in the past, been loathe to spend the money necessary for top quality protection, black hat hackers often have the upper hand. With the recent highly publicized attacks on major businesses and governments, that may change.

Network security is crucial for protecting data and assets. With the increasing sophistication of less than scrupulous hackers, a corresponding effort must occur to counteract potential threats. Computer industry experts have long argued that being reactive is not sufficient, organizations must be proactive to protect networks from unauthorized intrusions at all levels. To be proactive, the best hackers should be recruited to prevent unauthorized accesses to systems. The public’s perception of hackers must change to recognize the importance of white hat hackers in protecting networks.

Of course not all hackers are altruistic.  Recent news has been rife with various stories of big-headline hacks including Sony Pictures as well as Target.  These cost both companies several millions of dollars in damages as well as dented reputations.  In some cases the loopholes were  zero-day security holes, however they were quite damaging.  This leads us to the requirements for computer security and the arrays of various security protocols that everyone should have in place, whether they are a casual user or a huge corporation responsible for tons of user data.

There are the usual blogs of course, including our favorites CNet, KrebsOnSecurity, and We Hate Malware.  These can help you to keep up with various security trends and things that you “should know”.

Java programmers should also stay up to date on security holes and flaws.  There are an array of various forums and other websites that can help you stay on top of the day to day news.

Common Mistakes in a JavaScript Program

“ Errors in my script? Impossible!”

A JavaScript expert can make mistakes, even if they are simply annoying typos. In particular when a code expands to thousands of lines, the chance of something going erroneous becomes much greater. In proportion, the difficulty in finding these mistakes, or bugs, also increases.

When something does not work right in computer programs, it is called a bug. Understandably enough, ridding your scripts of bugs is called “debugging”. This topic is important enough for any serious JavaScript writer to devote an entire book to it.

We are only human, after all, and making mistakes is part of our nature. We also tend to make the same kind of mistakes; some of us even tend to make the same mistakes over and over, never learning from them. This article will focus on common coding errors those you may encounter when writing JavaScript programs. Knowing about them probably won’t keep you from making them yourself, but being aware of the kinds of mistakes that can happen might help you track down the bugs in your scripts.

Some Common Coding Mistakes— Any Programmer Can Make:

1. Undefined Variables: JavaScript is quite relaxed during defining variables prior assigning values to them. For instance, the following line will implicitly create a new variable xyz and assign it to the value 120.

xyz = 120;

Although strictly speaking, we should define the variable explicitly.

var xyz= 120;

Note: Actually, whether you use the var keyword has a common consequence on the scope that the variable has, so in fact it is always better to use the var keyword.

However, if a variable is actually used before it has been defined, an error message will arise.



the above code will cause the error shown in below if the variable xyz has not been previously defined (explicitly or implicitly).

Char: 1
Error: ‘xyz’ is undefined
Code: 0
URL: file://C:\example.htm

In addition, we must remember that function definitions also have parameters, which, if not declared correctly can lead to the same type of error.

Take a look at the following code:

function Quizreset (numOfQustions, timLimit)
     totalQAsk= numOfQuestions;
     currentQNum= -1;
     quesAsked =new  Array();
     numberOfQAsked =0;
     numberOfQCorrect =0;

When this Quizreset( ) function is called, we will get an error message such as

Error: ‘numOfQuestions’ is undefined
Error: ‘timeLimit’ is undefined

The error here is two typing mistakes in the definition of the function Quizreset(). The first parameter contains a typo that should be numOfQuestions instead of numOfQustions. And the second parameter should be timeLimit instead of timLimit .

2. Single Equals Instaed of Double equals in Comparison Expressions: This mistake is so common that you are bound to make it at least once. JavaScript expects to read double equal signs in a comparison expression instead of one. Therefore, the following JavaScript expression is an error:

if(testVar= "abc")

Like C, C++, and Java, JavaScript insists you to place two equal signs in the expression such as:

 if (testVar=="abc")

3. Improperly Nested if statements: Many scripts use lots of if expressions. To provide greater flexibility, these if statements are sometimes nested inside one another. The intent is to perform additional tests should the first return true or false.

Here is an example:

if (testVar1==1){
                //do this if testVar1=1 and testVar2=2;
        //do this if only testVar1=1;
        //do this if testVar1<>1;

Eagle eyes will see that if testVar1 does not equal to 1 , the inside test (testVar2==1) is never performed. Be sure this is what you want. If it isn’t, this logic error is hard to spot.

4. Sending Output to the Script Document: The document.write() method writes over any text you have in your document, including text created using HTML markup. The following lines produce an error (“Test is not defined”) because JavaScript writes over the form before it has a chance to set a value on it:

document.write ("Welcome<P>"); = "Welcome Dear";
<FORM NAME="Test">
<INPUT TYPE="Text" NAME="box">

Avoid using the document. write () method to write in a document that contains HTML you want to keep.

5. Endless loops Lockup Netscape: An endless loop is a for or while that does not break out. This causes JavaScript to execute the loop over and over again. Here’s an example of an endless loop(there’s no expression in the second argument for terminating the loop):

for (Number=0; Number; Number++){

JavaScript prevents a complete runaway train by limiting the number of loops to a million; which takes about 30-90 seconds for the loops to be processed, depending on your computer processor speed. At that point, JavaScript displays an error message box that asks “Lenghty JavaScript still running. Continue?”

To break this endless looping you have to click “Cancel” button on the error dialog box.

6. Missing or Poor Placement of { and } Block Character: You must exercise caution that you provide the proper { and } characters to define the blocks of the if statements. Otherwise, your script is bound to behave in truly strange ways!

Consider the next example.

    alert ("TestVar1=11");


Suppose you forgot to use the { and } characters to block out the ( TestVar 1 ==11 ) if expression. What happens? JavaScript assumes that after the first line, all the following code should be executed whether or not the TestVar1==11 expression evaluates as true. The user sees the “Congratualtions” message either way.

Hence, the script should be written as:

    alert ("TestVar1=11");

7. Missing/Misplaced return Statement: The return statement at the end of a function tells JavaScript to exit the function and return to the calling statement-the command line that called the function in the first place. If the return is missing, JavaScript proceeds to the end of the function and returns anyway. There’s nothing wrong here, assuming the function does not return a value. But if the function returns a value, JavaScript automatically returns a null, which is a “blank” result. That could cause other parts of your script to malfunction.

The return statement is limited to use inside a function. The following code results in an error showing the message return used outside a function :

function exampleFunction(){

8. Stack overflow: A stack overflow is typically caused when you have repeatedly called the same function from within an “infinite loop” function, as here:

function testfunc(){

The above lines generate an error message – stack overflow in testfunc.

JavaScript loops through about 400-500 times before it runs out “stack space” and return the error.

9. Unterminated and Nested Comment: JavaScript likes to see a */ pair for every /* when defining comments. This results in an error:

/*This is an unterminated comment

To fix this problem, add a */ to complete the comment. Note that the // form of a comment automatically terminates at the end of the line (marked by a hard return in the JavaScript code).

In addition, JavaScript does not like you to nest /* mult-iline comments. The following results in an error. To fix the error remove the second /*.

/*This is a test /* of a nested comment*/

10. Wrong use of JavaScript object, method, or property: Consider the error message:

Error: xyz is not a function

Note: Here xyz refers variable text that JavaScript provides, such as an object, function, or variable name in the rest of the article.

You typically see this error when you try to use a JavaScript object, method, or property as a function. Note that there is some inconsistency in the terminology used by JavaScript. JavaScript supports a number of statements called functions: these include eval, parseInt, and parseFloat. These are functions because they are not connected to any object (if they were, they would be called methods).

However, JavaScript also considers many methods to be functions because they alter an object in some way and return the change to the object. This error message is most common when you attempt to use a method for an object that does not support that method.

As an example, the click () method is used with several form objects, notably push buttons, checkboxes, and radio buttons. The following line results in a “is not a function” error message because the click () method cannot be used with a string:


11. Wrong Use of an Object in with Statement: Consider the error message:

Error: xyz can not be used in a with statement

This error indicates you have attempted to sue an object with the with statement, and the with statement is not supported for that object. Typically this occurs when you have misspelled the name of an object and JavaScript can’t find it. For instance, the following script results in an error because the name of the text box is “textbox1”, not “textbox”.

<TITLE>This is a test example</TITLE>
function test (){
         with (document.forms[0].textbox){
                alert (value);
<FORM NAME="testform">
<INPUT TYPE="button" NAME="button1" VALUE="Start" onClick="test(this.form)"><P>
<INPUT TYPE="text" NAME="textbox1"><P>

12. Wrong use of new Keyword: You see the following error if you try to use the new keyword with an object that you can’t “instantiate”(create a new instance, or copy, of ).

Error: xyz can not be used in a with statement

For example, the error message appears in the following because you cannot use the new statement to create a new window object:

test = new window;

13. Type mismatch error : Consider the following code:

resultVar= testVar1 * testVar2;

The code generates an error message while you try to run the code :

Error: testVar2 is not a numeric literal

This error occurs when you attempt to use a non-numeric value as a number. For example, JavaScript cannot complete the expression on the third line because it cannot multiply a number by a text string.

A number of other types of errors are not essentially bugs in your JavaScript code; however, in fact exceptions to the normal circumstances that cause the code to fail. These types of mistakes could be harder to spot in large chunks of code. Furthermore, the corresponding error messages can be confusing. These types of errors can still be considered for, as you would see how to manage them by exception handling in the next section.


Brian Goetz – Stewardship: the Sobering Parts

This must-watch video is a very insightful look into Oracle’s stewardship of the Java programming language, and gives insight into the hows and whys of the language’s evolution.

What do you think of this video? Do you agree or disagree with his points?

Javascript History

olddaysoftheinternetAs experts in our field (or soon to become experts) it’s easy to forget just how far we’ve come in such a short period of time.  While I was doing some research on Java and its history I stumbled across some old articles detailing the seemingly bright future ahead for Java.  Stock exchange tickers?  Weather maps in motion?  All just a twinkle in our eye in 1996:

“By now, you’re probably feeling a caffeine buzz from hearing about Java, Sun Microsystems Inc.’s programming language for Internet applets and interactive desktop animation.

What’s with all those other coffee-flavored products pouring into the marketplace–HotJava, JavaScript, Roaster, Espresso and more? And what are government sites doing with them?

The answer so far is very little. You can visit places like Leigh Brookshaw’s resource page at http://www-igpp.llnl. gov/people/brookshaw/java/ at Lawrence Livermore National Laboratory to see how Java can be used for graph plotting.

Brian Millar, a network analyst at the Air Force’s Rome Laboratory in New York, has built a multimedia introduction to the lab with Java. Visitors with Java-enabled browsers can see extra buttons and graphics. But Millar told me he doesn’t plan to maintain it and may even remove it from the server. Look fast–it’s at javafacility.html.

Then there’s an engineer at the Naval Research Laboratory in Washington working on a Java page where users can literally listen to a satellite. There’s no address to share; it’s not ready yet.

As you can tell, these pages are experimental. Virtually no one in the government has a heavily maintained, active Java site. Java isn’t taking off as rapidly as straight Hypertext Markup Language documents on the Web because Java development is a time-consuming business best left to programmers.

Possibilities for it, of course, are endless. Imagine visiting the House or Senate Web sites and seeing constantly updated still images of the action on the floor. That sort of thing already can be done using the “server push” function on Web servers. But server push is jerky and unreliable; Java is much smoother.

Wall Street peek

How about a stock ticker-like stream of data at the Securities and Exchange Commission site? Or weather maps in motion at the National Weather Service? Or a steady stream of crop predictions on an Agriculture Department page?

Today, that would be a royal maintenance headache because Java is difficult to use. But that will change. Here are some terms going through the grinder in Javaland.

Java is an object-oriented, multithreaded programming language Sun originally developed for handheld computer devices communicating over networks. Users say Java’s not much different from C++, except that it’s platform-independent.”

McCarthy, Shawn P. “Java’s difficulty goes down bitter, but new tools may add cream.” Government Computer News 19 Feb. 1996: 37+.

Do you have any Java memories?  Post them in the comments below.