ID I aM

Starting to feel a sense of frustration. No it doesn't effect me personally. I am still the same 'white hat' as always. I went through the series of interviews for different positions recently. It was an absolute waste of time. What caught my attention is a level of arrogance and mindless stupidity coming from the people who should be paying attention. Each interview was along same well travelled paths: Can you install software? Can you connect it to the ERP (or whatever they connecting it to) ? etc. So they all concentrate on the Functional requirements. Most forget the security of your software falls into the Non-Functional requirements. No one had a slightest idea that before you implement Functional requirements you need to make sure that your 'Security Software' being it Sailpoint, Oracle or Forgerock or whatever: is in itself secured. The buzz word 'security software' doesn't make it to be secure on its own. Someone has to do it. Otherwis

Was talking to my friend 'White Hat' He is still hopefull and optimistic. Alone as everyone left to the BlackHat he still picking at his bugs and whatever he can find there. Will he be able to deliver on the promise and save us from Darth forces? I hope he will.

I find it extremely interesting that Linus Torvalds Linkedin profile doesn't have any 'Recommendations: Received (0) Given (1) Linus hasn’t received any recommendations yet.' You may say he doesn't need it. Everyone knows he invented Linux. Well almost everyone :) But it also shows and reflects the world we are living. You barely hear his name and he is not in the news. I know people with 10, 100 recommendations. It is all about building and maintaing your connections. So the old saying goes: "Its not what you know, its who you know" It works amazingly well even nowadays in the age of knowledge. I think of the Linus legacy and I think of: Security and stability Extensibility and simplicity I think of Bill Gates legacy and I think of: Unsecure and untrustworthy Proprietory and complex One is humble and down to earth creator The other is shrewd and cunning businessman One is doing OK The other is billionaire You can now run Linux on Windo

Cloud Wars are upon us. We had no choice and no one really asked us whether we want them. They came to bind us all. Those who live with their heads in the clouds and feet on the ground will survive. Those who don't won't. It is irrelevant what you think or do. Very few people are really think and know what is really going. The Developer as it was and is now will disappear. You can develop whatever you want and eventually it will be offered as a Service by them. You too small and no one can see you. They will swallow everything and everyone. The idea is very neat and smart. If you hold the 'Shift' key and type number 4 it will give you an answer - $. Yes it is 4 big Cloud providers out there: Microsoft, Oracle, Amazon and Google (MOAG) Everything will run in the Cloud (MOAG). Even if you crazy talented and develop something outstanding and use MOAG to run your next big thing eventually they will swallow you. Think Netflix on Amazon. Netflix was a king un

There are around 8 billion people on this planet. Do the Math its quite simple. As far as an outside world is concerned you don't exist. You can't prove you exist. No one who is outside of your immediate family knows you exist. No one really cares if you exist or what you do unless it directly or indrectly affects them. Creating profile on Linkedin or Facebook doesn't prove you exist. Shouting from the top of your lungs doesn't prove you exist. What then? Help somebody, love, raise the children (yours or somebody else's), listen to the music and dedicate yourself to the cause bigger than your own ego. Then when you die you will know that you have existed :) There are around 8 billion people on this planet. Do the Math its quite simple. As far as an outside world is concerned you don't exist. ........................ ......... ... .

Have been using Soundcloud for some time and love it simple interface and ability to quickly share music. Recently learned that SoundCloud closing some of their offices. Times are tough but hopefully they continue to offer free music sharing platform Check out my 'Madrid at Night' recording https://soundcloud.com/anatoly-smolyansky-37777993/madrid-at-night

While undergoing few interviews in the past few months I realised why we get so many breaches and issues in the industry. With so many qualified security professionals the obvious question to ask is: "How is it possible with so many CISSP's, CISM's, CISA's etc. that almost every week we hear about new breach, new security issue and so on?" Not trying to diminish the value of the certifications just pointing out on something that no certification will teach - imagination and thinking outside of the box. During the interview with one well-known company SVP of security have asked me: "So when would you use SAML instead of Oauth?" I answered to the best of my ability and in the end pointed out that SAML is somewhat heavier with all SOAP message exchanges etc. and somewhat old protocol. The question itself didn't make sense as SAML is used with Oauth in some cases :) They can complement each other. Then I asked question of my own: "Is there

Building up on my previous blog post. Typical scenario: Validate Payment service                                                                                                    High Level Design Ingridients for the Design soup: 1. Docker 2. Oracle Application Gateway - OAG 3. Oracle Service Bus - OSB I won't delve into Docker as it is pretty straightforward to install and configure. Pick your distribution: CentOS, OEL etc. OAG is the topic of the next blog post :) OSB is running in the Docker containers - HA, DR OSB service configuration is pretty straighforward as well and fairly typical: 1. Create Business Servic e pointing to the real ValidatePayment Composite app running on SOA infrastructure cluster. 2. Create Pipeline 3. Create Proxy Service Now Service Bus is acting as a router and simple transformer here. SOA composite (BPEL/ Mediator) is acting as an orchestrator and enricher.                                                            

Many times in my classes and projects people mix between Mediator and OSB Now picture above tells a story :) Mediator only works within Composite App OSB enterprise wide integrations, SLA's etc. Mediator and OSB do have overlapping functionality and the final differentiation: 1. OSB only used for non-functional requirements and its job is to Virtualize and route. 2. BPEL on the hand used for Orchestration between different services. Last picture will tell a better story :)

This blog not just technical and there many sides to me. I am human being and not a robot. My mum had tested me :) Undoubtedly will be the times of despair and darkness. There will be times when I will be standing alone and in the darkness. But the Light only comes out of the Darkness :) and there is no need to be afraid of it. I need to remember this in the darkest moments..... and Believe.