Computers

On that start page called the dashboard, Google Analytics lets you reorganize your default stats view for a given site. Reorganizing your dashboard means you save time because you don’t have to always click through to the various sub-categories whenever you look at your traffic. To remove any of the default boxes, click their X. To add a new box to your dashboards, go to a statistic in Analytics you find interesting, and hit the “Add to Dashboard” button at the top. You can then go back to the dashboard and drag & drop the boxes around into positions you prefer.

As I didn’t need most of the boxes Analytics offered by default – visitors overview, map overlay, traffic sources overview, and content overview – I kicked all of them, and currently changed my view to show content by title, referring sites and keywords. What’s your favored dashboard setup?

There’s still one problem here, and perhaps one of you knows how to overcome this issue: currently, I configured my preferred dashboard view for all my sites manually. That means I have to reproduce the setting over and over, a tedious job if you track several separate domains. Does anyone know a better way to do this?

[By Philipp Lenssen | Original post | Comments]

Google released two new finance-related gadgets for iGoogle. One is a chart customizable to any stock (pictured), and the other shows stock performance of different industry sectors. [Via the Google Finance blog.]

[By Philipp Lenssen | Original post | Comments]

(InfoWorld) - Mario Apicella is on vacation, so in his absence we present two classic Storage Insider columns. This week, we're revisiting storage management: learn more about strategies to keep seldom-used archives away from your first-tier storage and data deduplication.

Should you trim your file servers?
March 30, 2007: If you like to cook, you may have played the same game that I sometimes play while waiting in line at the grocery store: Checking out what other shoppers have in their baskets and trying to guess what meals they have in mind.

Silly? Perhaps, but it's better than reading the tabloids.

Watching storage vendors often triggers in me the same type of curiosity to figure out what’s cooking -- that is, in terms of their acquisitions.

The latest vendor to get me guessing is Cisco with its recent one-two punch of NeoPath and WebEx. Those two acquisitions both suggest an expansion of Cisco's menu beyond the traditional data transport focus.

I won't speculate on what Cisco plans to do with WebEx because Ephraim Schwartz has already posted some good thoughts on that, but looking at NeoPath, I see a more elaborate dish in the making than just file virtualization…

Read the rest here: "Should you trim your file servers?"

Prepare for the upcoming data deluge
April 6, 2007: Have you read "The Expanding Digital Universe"? It's a study, commissioned by EMC and put together by IDC, on the amount of digital data that we can expect to see in the next few years. (As due diligence disclosure, IDC is part of IDG, the same editorial group to which InfoWorld belongs.)

I don't know if those global predictions will prove to be correct year after year, give or take an exabyte, and frankly it doesn't matter. What matters is how much data your company is going to create and how you are going to store and manage it.

We know from past experience that blindly purchasing more capacity just pushes the problem back without attempting to solve it. Sure, you can keep buying more storage arrays if the budget allows, but at some point, you will meet an insurmountable wall, such as running out of floor space in your datacenter or hitting the limits of the electrical and cooling systems.

If -- or rather, when -- you reach one of those walls, you face spending millions of dollars to expand or move the computer room, before you can even begin to add more capacity.

What's the alternative? Unfortunately, technology is not keeping up with our capacity demands. For our long-term, nontransactional data, we desperately need a storage medium that can perform faster than tapes or optical disks and is less energy- and space-hungry than disk drives…

Read the rest here: "Prepare for the upcoming data deluge"

(InfoWorld) - As a Microsoft employee, I try to avoid writing on areas that blatantly promote Microsoft. However, I think this question is generic enough to involve Microsoft in the discussion: Can IP addresses ever be used for statistical analysis of malicious Web sites?

I’ve been a malware fighter for more than 20 years. I consider myself fairly up-to-date on the subject of malicious mobile code, malware, hackers, and exploitation vectors in general.

So it was with surprise then that I read another of Google’s recent studies purporting that IIS Web servers were twice as likely to contain malware as Apache Web servers (although Apache and IIS Web servers contained malicious Web sites in equal numbers).

This astounded me for several reasons. First, my personal experience tells me it isn’t so. I run multiple IIS and Apache Web servers on my honeynet, and my Apache Web servers get 89 percent more hacking traffic than my IIS servers.  Most of the traffic is PHP/CGI/MySQL based. This is not unexpected, as the Internet contains at least twice as many Apache Web servers, and popularity draws malicious hacking.

Second, in general and contrary to traditional wisdom, the average Apache Web administrator has less security knowledge than the average IIS administrator. I find Apache Web administrators much more likely to download and use dubious code from the Internet (which a previous Google study revealed often contained malware).

While both types of Web administrators, in general, really don’t care about security, IIS is helped by the fact that it has had only three published vulnerabilities over the last four years, as compared to Apache’s 33.

Even if we include application coding errors, ASP and ASP.Net compare favorably against PHP and CGI. PHP proponents are desperately trying to put more security into PHP, but there's a ton of insecure PHP applications out there — just read one of the many vulnerability lists.

Maybe hackers are breaking in using SQL injection or back-end database vulnerabilities? MS-SQL hasn’t had a severe vulnerability since 2003, while Oracle, MySQL, and other databases have had dozens to more than 100.

IIS 6 comes secure by default. Unless the administrator goes out of their way to make it vulnerable or unless the application adds a vulnerability, it’s very secure. When Apache is installed, its defaults are more permissive and less secure.

But the mental kicker for me is my knowledge of Web site infectors. Most Web sites are not maliciously modified by individual hackers. Like client-side attacks, most Web site infections are automated. The most popular Web site attack tool, Web Attacker Toolkit, is responsible for 30 to 80 percent of all infected Web sites, depending on whose statistics you believe. It is a PHP/CGI infector. The MPack Web site infection tool, which is in the press these days for its large-scale infections, again, infects PHP-based Web sites. I’ve yet to come across a Web site attacking tool on the same scale for IIS.

I like Google and the many fine folks who work there. I’ve written positively about their related research recently. But aside from my own personal experiences and knowledge, another recent post from the Washington Post's security blog made me question Google’s summary conclusions.

The article discusses how one Web hosting company, IPOWER, is potentially responsible for more than 250,000 malicious Web sites. I doubt the figure is anywhere accurate, but it's based on the fact that nine of IPOWER’s Web servers contained 2,650 malicious Web sites (33 percent of the 8,192 virtual Web servers).

What are those servers running? No surprise: Apache and PHP.

Whether or not you believe the larger number or just the 33 percent figure, it reveals that IPOWER appears to average about 910 virtual Web sites per server.

The study in which Google purports that IIS is twice as likely to contain malware includes the following disclaimer: “Note that these figures may have some margin of error as it is not unusual to find hundreds of domains served by a single IP address.” Essentially, any Web server containing multiple virtual Web sites will cause the Google study to have sampling error.

In the IPOWER case alone, the sampling error appears to be 30,000 percent (9 servers serving up 2,650 malicious Web servers). I think any reader would generally agree that Apache Internet Web servers are significantly more likely to host multiple Internet Web sites on a single server than IIS.

How many Web servers used in the Google study contained multiple malicious Web sites? According to my research, it is not an insignificant amount. And when I find them, the servers often contain dozens to hundreds, if not thousands, of malicious Web sites. This is because the Web hosting firm has not patched the Apache software or uses a management add-on that's long known to be vulnerable. One compromise leads to hundreds.

If this is the case, is it ever possible to accurately relay IIS vs. Apache malicious statistics based upon IP addresses alone? I contend that the potential sampling error is just too large for this to be successful. How large is it? I contacted Google and members of the research team directly to ask for more clarification on their findings. I was just pointed back to the same published report. I then told them that if I could have the IP addresses used in the study, I would do my own analysis, even if it required a nondisclosure agreement. I want to find the truth, because the truth is important than whether the outcome supports IIS or Apache.

So far, they’ve not responded to my requests for the data.

(InfoWorld) - I'll never get it. Of any industry, save perhaps the stock market, you'd think the tech market would have become inured to hype. Yet every souped-up calculator that comes along seems to create ripples far in excess of its true weight in the universe. This week, it's the iPhone. Hey, I bought a MacBook Pro, so I'm certainly not immune to Apple's marketing (though I do blame the lucidity lapse on Parallels and Paul "Sasquatch" Venezia's overbearing Orchard fetish), but from an IT manager's perspective, you can sum up the iPhone in two words: Who cares?

The little white pill may be the biggest thing for summer beach-going entertainment since Danielle Steele, but for those of us managing a network, June 30 isn't going to be a heckuva lot different from the day before. 'Cause it's just a phone, see? An Internet surfing phone, see? With a badly executed access plan, batteries that can't live up to its feature set, and an apparent lack of APIs. Not like we haven't managed those before. And if you don't have a compelling business reason to manage one now, that's not going to change, no matter how many colorful TV commercials come out of Cupertino. Get a grip -- we have far weightier issues to worry about:

1. Keyword content blocking at the firewall. That includes anything with the words Paris Hilton, Angelina Jolie, or Lindsay Lohan. If we don't curb this content infestation into corporate workdays soon, broad swaths of IQ points will disappear from the American public, and there will be a spike in office AK-47 rampages.

2. Real-world use for Vista's speech-recognition technology. This needs to be harnessed for the upcoming presidential campaign coverage. That way, when the leader of the free world mispronounces nuclear, jewelry, or the names of foreign heads of state, your users' PCs can instantly translate those terms into recognizable English. This alone could save the election and dramatically reduce Prozac consumption among journalists.

3. A killer app for Second Life. The virtual meeting room idea sounded good, likewise the virtual tour of long-erased historical sites and landscapes, such as ancient Rome or Babylon. But we need more, and we need it soon. Because the driving force behind our finally realizing the Snow Crash vision simply can't be porn and rabid consumers paying 5 cents for a cup of coffee that doesn't really exist. Too cynical, even for me.

4. Patent reform and a few executions. What did Redmond say back in 2005? The company wanted to up its annual patent applications to more than 3,000? And that's just one company, just one FUD factor. This keeps up across the industry and someone's going to try and patent the process for putting on pants; then I'll have to start wearing a kilt. No one wants to see that. Reform the patent process and lop the heads off a few patent trolls. If we don't do something, the world is going to grind to a halt, a cemetery-like silence will settle over the whole country, and the only sound will be intellectual property lawyers whispering to each other at $500 an hour.

5. Invading Nigeria. Forget Iran or North Korea. The real root of world evil is Nigeria's Axis of Spam. Let's send the Marines in there. Either they'll stop 50 percent of world spam in a single go, or they'll find that pesky prince's lost fortune. Then maybe we'll each get a $3 federal income tax break in 2008. Either way, we come out ahead.

When you started reading, users banging on your office door, clutching iPhones in their sweaty hands were your primary concern. Now you can honestly say you have five more important things to worry about. It's all about perspective.