defense in depth

33 results back to index

pages: 719 words: 181,090

Site Reliability Engineering by Betsy Beyer, Chris Jones, Jennifer Petoff, Niall Richard Murphy

Air France Flight 447, anti-pattern, barriers to entry, business intelligence, business process, Checklist Manifesto, cloud computing, combinatorial explosion, continuous integration, correlation does not imply causation, crowdsourcing, database schema, defense in depth, DevOps,, fault tolerance, Flash crash, George Santayana, Google Chrome, Google Earth, job automation, job satisfaction, linear programming, load shedding, loose coupling, meta analysis, meta-analysis, minimum viable product, MVC pattern, performance metric, platform as a service, revision control, risk tolerance, side project, six sigma, the scientific method, Toyota Production System, trickle-down economics, web application, zero day

Maintaining a guarantee of data integrity at large scale, a challenge that is further complicated by the high rate of change of the involved software systems, requires a number of complementary but uncoupled practices, each chosen to offer a high degree of protection on its own. The 24 Combinations of Data Integrity Failure Modes Given the many ways data can be lost (as described previously), there is no silver bullet that guards against the many combinations of failure modes. Instead, you need defense in depth. Defense in depth comprises multiple layers, with each successive layer of defense conferring protection from progressively less common data loss scenarios. Figure 26-2 illustrates an object’s journey from soft deletion to destruction, and the data recovery strategies that should be employed along this journey to ensure defense in depth. The first layer is soft deletion (or “lazy deletion” in the case of developer API offerings), which has proven to be an effective defense against inadvertent data deletion scenarios. The second line of defense is backups and their related recovery methods.

Google was able to restore the lost data in a timely manner by executing a plan designed according to the best practices of Defense in Depth and Emergency Preparedness. When Google publicly revealed that we recovered this data from our previously undisclosed tape backup system [Slo11], public reaction was a mix of surprise and amusement. Tape? Doesn’t Google have lots of disks and a fast network to replicate data this important? Of course Google has such resources, but the principle of Defense in Depth dictates providing multiple layers of protection to guard against the breakdown or compromise of any single protection mechanism. Backing up online systems such as Gmail provides defense in depth at two layers: A failure of the internal Gmail redundancy and backup subsystems A wide failure or zero-day vulnerability in a device driver or filesystem affecting the underlying storage medium (disk) This particular failure resulted from the first scenario—while Gmail had internal means of recovering lost data, this loss went beyond what internal means could recover.

., the medical industry and the military, as previously discussed) have very different pressures, risk appetites, and requirements, and their processes are very much informed by these circumstances. Defense in Depth and Breadth In the nuclear power industry, defense in depth is a key element to preparedness [IAEA12]. Nuclear reactors feature redundancy on all systems and implement a design methodology that mandates fallback systems behind primary systems in case of failure. The system is designed with multiple layers of protection, including a final physical barrier to radioactive release around the plant itself. Defense in depth is particularly important in the nuclear industry due to the zero tolerance for failures and incidents. Postmortem Culture Corrective and preventative action (CAPA)4 is a well-known concept for improving reliability that focuses on the systematic investigation of root causes of identified issues or risks in order to prevent recurrence.

pages: 470 words: 144,455

Secrets and Lies: Digital Security in a Networked World by Bruce Schneier


Ayatollah Khomeini, barriers to entry, business process, butterfly effect, cashless society, Columbine, defense in depth, double entry bookkeeping, fault tolerance, game design, IFF: identification friend or foe, John von Neumann, knapsack problem, moral panic, mutually assured destruction, pez dispenser, pirate software, profit motive, Richard Feynman, Richard Feynman, risk tolerance, Silicon Valley, Simon Singh, slashdot, statistical model, Steve Ballmer, Steven Levy, the payments system, Y2K, Yogi Berra

Recall the attack trees:a series of OR nodes are only as secure as the weakest, while a series of AND nodes are as strong as their combination. In general, the security of a particular technology depends on the easiest way to break that technology: the weakest link. The security of several security countermeasures depends on the easiest way to defeat all those countermeasures: defense in depth. For example, a network protected by two firewalls, one each at two different network ingresses, is not defense in depth. This system is only as secure as the weakest link: An attacker can attack either firewall. A network protected by two firewalls, one behind the other, is defense in depth: An attacker has to penetrate one firewall and then the other in order to attack the network. (It always amazes me when I see complex networks with different brands of firewalls protecting different access points, or even the same brand of firewall with different configurations.

Cryptography can be defeated by brute-forcing the key, crypt- analyzing the algorithm, or (the weak link) social-engineering the password from an oblivious secretary. But protecting the computer behind a locked door, or a well-configured firewall, provides defense in depth. Remember the opening scenes of Raiders of the Lost Ark? Indiana Jones had to get past the spiders, the wall-of-spikes trap, the pit, the poison darts released by stepping on the wrong floor stones, and the self- destruct mechanism tied to moving the statue. This is defense in depth. He bypassed the wall-of-spikes trap by avoiding the triggering mechanism, but he might have dodged the wall, jammed the mechanism, or done half a dozen other things. The security of the trap depends on the easiest way to avoid it. But just as attacking a system is more complicated than simply finding a vulnerability, defending a system is more complicated than dropping in a countermeasure.

These all allow attackers to bypass choke points. Networks have more subtle breaches of this type. Sometimes a company has strong network security in place, and for whatever reason links its network to that of another company. That other company may not be as secure. This both violates the choke points, and means that the network has a new weakest link that needs securing. Provide Defense in Depth Defense in depth is another universal security principle that applies to computers just as it applies to everything else. A good perimeter defense—door locks and window alarms—is more effective when combined with motion sensors inside the house. Forgery-resistant credit cards work better when combined with online verification and a back-end expert system that looks for suspicious spending patterns.

pages: 540 words: 103,101

Building Microservices by Sam Newman


airport security, Amazon Web Services, anti-pattern, business process, call centre, continuous integration, create, read, update, delete, defense in depth, don't repeat yourself, Edward Snowden, fault tolerance, index card, information retrieval, Infrastructure as a Service, inventory management, job automation, load shedding, loose coupling, platform as a service, premature optimization, pull request, recommendation engine, social graph, software as a service, source of truth, the built environment, web application, WebSocket, x509 certificate

Another problem is that if we have decided to offload responsibility for authentication to a gateway, it can be harder to reason about how a microservice behaves when looking at it in isolation. Remember in Chapter 7 where we explored some of the challenges in reproducing production-like environments? If you go the gateway route, make sure your developers can launch their services behind one without too much work. One final problem with this approach is that it can lull you into a false sense of security. I like the idea of defense in depth — from network perimeter, to subnet, to firewall, to machine, to operating system, to the underlying hardware. You have the ability to implement security measures at all of these points, some of which we’ll get into shortly. I have seen some people put all their eggs in one basket, relying on the gateway to handle every step for them. And we all know what happens when we have a single point of failure… Obviously you could use this gateway to do other things.

Depending on the sensitivity of the operation in question, you might have to choose between implicit trust, verifying the identity of the caller, or asking the caller to provide the credentials of the original principal. Securing Data at Rest Data lying about is a liability, especially if it is sensitive. Hopefully we’ve done everything we can to ensure attackers cannot breach our network, and also that they cannot breach our applications or operating systems to get access to the underlying close up. However, we need to be prepared in case they do — defense in depth is key. Many of the high-profile security breaches involve data at rest being acquired by an attacker, and that data being readable by the attacker. This is either because the data was stored in an unencrypted form, or because the mechanism used to protect the data had a fundamental flaw. The mechanisms by which secure information can be protected are many and varied, but whichever approach you pick there are some general things to bear in mind.

We want to back up our important data, and almost by definition data we are worried enough about that we want to encrypt it is important enough to back up! So it may seem like an obvious point, but we need to make sure that our backups are also encrypted. This also means that we need to know which keys are needed to handle which version of data, especially if the keys change. Having clear key management becomes fairly important. Defense in Depth As I’ve mentioned earlier, I dislike putting all our eggs in one basket. It’s all about defence in depth. We’ve talked already about securing data in transit, and securing data at rest. But are there other protections we could put in place to help? Firewalls Having one or more firewalls is a very sensible precaution to take. Some are very simple, able only to restrict access to certain types of traffic on certain ports.

Multitool Linux: Practical Uses for Open Source Software by Michael Schwarz, Jeremy Anderson, Peter Curtis


business process, Debian, defense in depth, GnuPG, index card, indoor plumbing, Larry Wall, optical character recognition, publish or perish, RFC: Request For Comment, Richard Stallman, SETI@home, slashdot, web application, x509 certificate

Summary Tripwire is a useful part of a complete system defense. It is, however, only a part, and it is, in fact, rather the last bastion of a defense in depth. It detects system changes made by an intruder already in your system. With the tools available to the modern script kiddie, by the time Tripwire detects, your system is probably pretty messed up. Fortunately, if you have been keeping your Tripwire database on CD-R media, you can use it to undo everything the intruder has done. No Linux system that spends any time connected to the Internet should be without Tripwire. But likewise, no such system should rely on Tripwire as its sole protection. A defense in depth should include a firewall, which is covered in Chapter 3, plus a network monitor such as the one discussed in Chapter 13. Chapter 13.

In some ways it is worse, because you now have a false sense of security. You assume that the absence of alerts means no attempts are being made and your system is secure. This is the reason we presented Tripwire first. To borrow from the Cold War again (and this is an apt metaphor, because it is fair to say that crackers and defenders are engaged in an arms race of attack versus defense tools), you need "defense in depth." Snort is an extremely effective part of your network defense, but it can be much more effective when used as part of a system of defense. I recommend a minimum five-part defense: 1. Snort on the outside, set to alert only on extremes. 2. A properly cond firewall; at minimum a transparent outbound masquerade with no back channels. Ideally explicit rules set for outbound traffic as well as inbound. 3.

This is another powerful capability, and some of the provided plug-ins, like Xml and Alert_unixsock can greatly expand the capabilities of Snort. This is another area you should explore on your own. Summary Snort is a very powerful tool for improving the security of whole networks. It is only as good as you are, however. This tool is not best used by someone who doesn't understand the IP, ICMP, TCP, UDP, and RPC protocols at a fundamental level. It is also most effective as part of a defense in depth. If you are not particularly knowledgeable about TCP/IP and Linux administration, don't let the difficulty of this topic and this chapter drive you away from Linux and into the comforting but feeble arms of "easier" systems. Any operating system that implements any service using TCP/IP (and if you use the Internet, then your system is using TCP/IP) is potentially vulnerable to these types of attack.

pages: 229 words: 68,426

Everyware: The Dawning Age of Ubiquitous Computing by Adam Greenfield


augmented reality, business process, defense in depth, demand response, demographic transition, facts on the ground, game design, Howard Rheingold, Internet of things, James Dyson, knowledge worker, late capitalism, Marshall McLuhan, new economy, Norbert Wiener, packet switching, pattern recognition, profit motive, QR code, recommendation engine, RFID, Steve Jobs, technoutopianism, the built environment, the scientific method

, questions that enable just about any defensible space to enforce its own accesscontrol policy—not just on the level of gross admission, either, but of finely grained differential permissioning. What is currently done with guards, signage, and physical barriers ranging from velvet rope to razor wire, can still more effectively be accomplished when those measures are supplemented by gradients of access and permission—a "defense in depth" that has the additional appeal of being more or less subtle. If you're having trouble getting a grip on how this would work in practice, consider the ease with which an individual's networked currency cards, transit passes and keys can be traced or disabled, remotely—in fact, this already happens.* But there's a panoply of ubiquitous security measures both actual and potential that are subtler still: navigation systems that omit all paths through an area where a National Special Security Event is transpiring, for example, or subways and buses that are automatically routed past.

Target devaluation seeks to make vulnerable items less desirable to those who would steal them, and this is certainly the case where self-identifying, self-describing devices or vehicles can be tracked via their network connection. For that matter, why even try to steal something that becomes useless in the absence of a unique biometric identifier, key or access code? This is the goal of offender incapacitation, a strategy also involved in attempts to lock out the purchase of denied items. Target insulation and exclusion are addressed via the defense in depth we've already discussed—the gauntlet of networked sensors, alarms, and cameras around any target of interest, as well as all the subtler measures that make such places harder to get to. And finally there is the identification of offenders or potential offenders, achieved via remote iris scanning or facial recognition systems like the one currently deployed in the Newham borough of London.

pages: 361 words: 143,442

Ender's shadow by Orson Scott Card


defense in depth, gravity well

The farther out you deploy your defenses, the more of them you have to have, and if your resources are limited, you soon have more fortifications than you can man. What good are bases on moons, Jupiter or Saturn or Neptune, when the enemy doesn't even have to come in on the plane of the ecliptic? He can bypass all our fortifications. The way Nimitz and Mac Arthur used two-dimensional island-hopping against the defense in depth of the Japanese in World War II. Only our enemy can work in three dimensions. Therefore we cannot possibly maintain defense in depth. Our only defense is early detection and a single massed force." Dimak nodded slowly. His face showed no expression. "Go on." Go on? That wasn't enough to explain two hours of reading? "Well, so I thought that even that was a recipe for disaster, because the enemy is free to divide his forces. So even if we intercept and defeat ninety-nine of a hundred attacking squadrons, he only has to get one squadron through to cause terrible devastation on Earth.

"Sounds like you've analyzed my personality anyway," said Bean. "You just don't let up, do you?" Bean said nothing. There was nothing to say. "I've been looking at your reading list," said Dimak. "Vauban?" "Yes?" "Fortification engineering from the time of Louis the Fourteenth?" Bean nodded. He thought back to Vauban and how his strategies had adapted to fit Louis's evermore-straitened finances. Defense in depth had given way to a thin line of defenses; building new fortresses had largely been abandoned, while razing redundant or poorly placed ones continued. Poverty triumphing over strategy. He started to talk about this, but Dimak cut him off. "Come on, Bean. Why are you studying a subject that has nothing to do with war in space?" Bean didn't really have an answer. He had been working through the history of strategy from Xenophon and Alexander to Caesar and Machiavelli.

pages: 717 words: 150,288

Cities Under Siege: The New Military Urbanism by Stephen Graham


airport security, anti-communist, autonomous vehicles, Berlin Wall, call centre, carbon footprint, clean water, congestion charging, creative destruction, credit crunch, DARPA: Urban Challenge, defense in depth, deindustrialization, digital map, edge city, energy security, European colonialism, failed state, Food sovereignty, Gini coefficient, global supply chain, Google Earth, illegal immigration, income inequality, knowledge economy, late capitalism, loose coupling, market fundamentalism, mass incarceration, McMansion, megacity, moral panic, mutually assured destruction, Naomi Klein, New Urbanism, offshore financial centre, one-state solution, pattern recognition, peak oil, planetary scale, private military company, Project for a New American Century, RAND corporation, RFID, Richard Florida, Scramble for Africa, Silicon Valley, smart transportation, surplus humans, The Bell Curve by Richard Herrnstein and Charles Murray, urban decay, urban planning, urban renewal, urban sprawl, Washington Consensus, white flight, white picket fence

London: Ashgate, 2005, 40. 155 Laurent Gutierrez and Valérie Portefaix, Mapping HK, Hong Kong: Map Books, 156 Cowen, ‘Securing systems’, 2. 157 Antulio Echevarria and Bert Tussing, From ‘Defending Forward’ to a ‘Global Defense-In-Depth’: Globalization and Homeland Security, Strategic Studies Institute, 2003, available at 158 Deborah Cowen and Neil Smith, ‘After Geopolitics? ‘From the Geopolitical Social to Geoeconomics’, Antipode, 41: 1, 2009, 22–48. 159 Donna Miles, ‘With Ongoing Terror Fight Overseas, NORTHCOM Focuses on Homeland’,, 17 November 2006. 160 Ibid. 161 Deborah Cowen and Neil Smith, After Geopolitics?’. 162 Stephen Flynn, ‘The False Conundrum: Continental Integration versus Homeland Security’, in The Rebordering of North America, Peter Andreas and Thomas Biersteker, eds, New York: Routledge, 2003, 11. 163 Echevarria and Tussing, From ‘Defending Forward’ to a ‘Global Defense-In-Depth’. 164 This term draws on Deborah Cowen’s idea of containing insecurity’ published in her contribution to a book I edited, Disrupted Cities: When Infrastructures Fail, New York: Routledge, 2009. 165 See Keller Easterling, Enduring Innocence, Cambridge MA: MIT Press, 2006. 166 This system organizes 90 per cent of global trade through global supply chains and advanced logistics and delivers 95 per cent of the overseas trade entering the US. 167 ‘When trade and security clash’, The Economist, 4 April 2002. 168 Jon Haveman and Howard Shatz, Protecting the Nation’s Seaports: Balancing Security and Cost, San Francisco: Public Policy Institute of California, 2006. 169 IBM, Expanded Borders, Integrated Controls, marketing brochure. 170 Cowen and Smith After Geopolitics?’.

By trying to establish anticipatory surveillance systems which parallel the key architectures of circulation – electronic finance, Internet communications, airline travel, seaports and trade – they oscillate continually between the scale of the human body, the city, the nation, and transnational capitalism. Of great importance here are new ideas of US national security, expressed in the notions of ‘defending forward’ and ‘global defense in depth’.157 The new security doctrine is based on the argument that no matter how much money, technology or militarized fencing is thrown at the problem of filtering the boundaries which separate the US nation from the rest of the world, such geopolitical ideas of security are rendered less and less useful in a world where the flows continually work through US cities and regions via a myriad of infrastructural connections and systems.158 Homeland security is thus increasingly seen as an ‘away game’.

pages: 570 words: 115,722

The Tangled Web: A Guide to Securing Modern Web Applications by Michal Zalewski


barriers to entry, business process, defense in depth, easy for humans, difficult for computers, fault tolerance, finite state, Firefox, Google Chrome, information retrieval, RFC: Request For Comment, semantic web, Steve Jobs, telemarketer, Turing test, Vannevar Bush, web application, WebRTC, WebSocket

As with XMLHttpRequest, restricting access to HTTP APIs from HTTPS origins may be a good way to stamp out mixed-content bugs. Content Security Policy: This is safe to use as defense in depth. Review the caveats related to the interactions among script-src, object-src, and so on, and the dangers of permitting data: origins. Do not accidentally allow mixed content: Always specify protocols in the rulesets and make sure they match the protocol the requesting page is served over. Sandboxed frames: This is safe to use as a way to embed gadgets from other origins, but the mechanism will fail dramatically in noncompliant browsers. You should not sandbox same-origin documents. Strict Transport Security: This is safe to use as defense in depth. Be sure to mark all relevant cookies as secure and be prepared for the possibility of cookie injection via spoofed, non-STS locations in your domain.

pages: 274 words: 58,675

Puppet 3 Cookbook by John Arundel


Amazon Web Services, cloud computing, continuous integration, Debian, defense in depth, don't repeat yourself, GnuPG, Larry Wall, place-making, Ruby on Rails, web application

HAProxy has a vast range of configuration parameters which you can explore; see the HAProxy website: If you need SSL capabilities, you can put Nginx in front of HAProxy to handle this. Although it's most often used as a web server, HAProxy can proxy a lot more than just HTTP. It can handle any amount of TCP traffic, so you can use it to balance the load of MySQL servers, SMTP, video servers, or anything you like. Managing firewalls with iptables As experienced system administrators know, security comes from defense in depth. It's not enough to stick a single firewall in front of your network and hope for the best. Every machine needs to be securely configured so that only the required network ports are accessible, and this means that every machine needs to have its own firewall. Linux comes with its own industrial-strength, kernel-based packet filtering firewall, iptables. However, it's not particularly user-friendly, as a typical iptables rule looks something as follows: iptables -A INPUT -d -p tcp -m tcp --dport 80 -j ACCEPT It would be nice to be able to express firewall rules in a more symbolic and readable way.

pages: 357 words: 63,071

Essential SQLAlchemy by Rick Copeland


database schema, defense in depth, domain-specific language, web application

(PyCrypto is available from the Python Package Index via “easy_install pycrypto”.) The encrypted extension provides the DSL statement acts_as_encrypted⁠(⁠ ⁠), which takes the following parameters: for_fields=[] List of field names for which encryption will be enabled with_secret='abcdef' A secret key used to perform encryption on the listed fields The encrypted extension is particularly useful when data must be stored on an untrusted database or as part of a defense-in-depth approach to security. For instance, you might encrypt passwords that are stored in the database. Keep in mind, however, that the source code of your application must be kept in a trusted location because it specifies the encryption key used to store the encrypted columns. Versioned Extension The elixir.ext.versioned extension provides a history and versioning for the fields in an entity.

pages: 252 words: 75,349

Spam Nation: The Inside Story of Organized Cybercrime-From Global Epidemic to Your Front Door by Brian Krebs


barriers to entry, bitcoin, Brian Krebs, cashless society, defense in depth, Donald Trump, employer provided health coverage, John Markoff, mutually assured destruction, offshore financial centre, payday loans, pirate software, placebo effect, ransomware, Silicon Valley, Stuxnet, the payments system, transaction costs, web application

While having antivirus software and a firewall on your system can help ward off threats, these are far from panaceas, and today’s cyberthreats are being built to evade detection by these, especially in that critical first twelve-to twenty-four-hour period after which the malware is blasted out via spam and social networking site links. It’s important to understand that a key tenet of securing any system is the concept of “defense in depth,” or having multiple layers of security and not depending too much on any one approach or technology to block all attacks. And guess which layer is the most important one of all? You! Memorize and practice Krebs’s “Three Rules for Online Safety,” and you will drastically reduce the chances of handing over your computer or mobile device to the bad guys. In short: •Rule 1: “If you didn’t go looking for it, don’t install it.”

pages: 313 words: 75,583

Ansible for DevOps: Server and Configuration Management for Humans by Jeff Geerling


Amazon Web Services, Any sufficiently advanced technology is indistinguishable from magic, cloud computing, continuous integration, database schema, Debian, defense in depth, DevOps, fault tolerance, Firefox, full text search, Google Chrome, inventory management, loose coupling, Minecraft, Ruby on Rails, web application

It’s a little like user and group file permissions, but allowing far finer detail—with far more complexity. You’d be forgiven if you disabled SELinux or AppArmor in the past; both require extra work to set up and configure for your particular servers, especially if you’re using less popular distribution packages (extremely popular packages like Apache and MySQL are extremely well supported out-of-the-box on most distributions). However, both of these tools are excellent ways to add defense in depth to your infrastructure. You should already have decent configurations for firewalls, file permissions, users and groups, OS updates, etc. But if you’re running a web-facing application—especially one that runs on a server with any other applications—it’s great to have the extra protection SELinux or AppArmor provides from applications accessing things they shouldn’t. SELinux is usually installed and enabled by default on Fedora, RedHat and CentOS systems, is available and supported on most other Linux platforms, and is widely supported through Ansible modules, so we’ll cover SELinux in a bit more depth.

pages: 611 words: 186,716

The Diamond Age by Neal Stephenson


British Empire, clean water, dark matter, defense in depth, digital map, edge city, Just-in-time delivery, Mason jar, pattern recognition, sensible shoes, Silicon Valley, Socratic dialogue, South China Sea, the scientific method, Turing machine, wage slave

The Throneless King was Confucius, and Lau Ge was now the highest-ranking of all the mandarins. The Encyclopædia did not say much more about Colonel Arthur Hornsby Moore, except that he'd resurfaced as an adviser a few years later during some outbreaks of nanotech terrorism in Germany, and later retired and became a security consultant. In this latter capacity he had helped to promulgate the concept of defense in depth, around which all modern cities, including Atlantis/Shanghai, were built. Nell cooked the Constable an especially nice dinner one Saturday, and when they were finished with dessert, she began to tell him about Harv and Tequila, and Harv's tales of the incomparable Bud, their dear departed father. Suddenly it was about three hours later, and Nell was still telling the Constable stories about Mom's boyfriends, and the Constable was continuing to listen, reaching up occasionally to fiddle with his white beard but otherwise displaying an extremely grave and thoughtful countenance.

The Coastal Republic checkpoints at the intersections of the roads were gray and fuzzy, like house-size clots of bread mold, so dense was the fractal defense grid, and staring through the cloud of macro- and microscopic aerostats, Hackworth could barely make out the hoplites in the center, heat waves rising from the radiators on their backs and stirring the airborne soup. They let him pass through without incident. Hackworth expected to see more checkpoints as he continued toward Fist territory, but the first one was the last; the Coastal Republic did not have the strength for defense in depth and could muster only a one-dimensional picket line. A mile past the checkpoint, at another small intersection, Hackworth found a pair of very makeshift crucifixes fashioned from freshly cut mulberry trees, green leaves still fluttering from their twigs. Two young white men had been bound to the crucifixes with gray plastic ties, burned in many places and incrementally disemboweled. From the looks of their haircuts and the somber black neckties that had been ironically left around their necks, Hackworth guessed they were Mormons.

pages: 757 words: 193,541

The Practice of Cloud System Administration: DevOps and SRE Practices for Web Services, Volume 2 by Thomas A. Limoncelli, Strata R. Chalup, Christina J. Hogan

active measures, Amazon Web Services, anti-pattern, barriers to entry, business process, cloud computing, commoditize, continuous integration, correlation coefficient, database schema, Debian, defense in depth, delayed gratification, DevOps, domain-specific language,, fault tolerance, finite state, Firefox, Google Glasses, information asymmetry, Infrastructure as a Service, intermodal, Internet of things, job automation, job satisfaction, load shedding, loose coupling, Malcom McLean invented shipping containers, Marc Andreessen, place-making, platform as a service, premature optimization, recommendation engine, revision control, risk tolerance, side project, Silicon Valley, software as a service, sorting algorithm, statistical model, Steven Levy, supply-chain management, Toyota Production System, web application, Yogi Berra

At the same time 1 to 5 percent of all disks will die and each machine will crash at least twice (2 to 4 percent failure rate) (Dean 2009). Graceful degradation, discussed previously, means software is designed to survive failures or periods of high load by providing reduced functionality. For example, a movie streaming service might automatically reduce video resolution to conserve bandwidth when some of its internet connections are down or otherwise overloaded. The other strategy is defense in depth, which means that all layers of design detect and respond the failures. This includes failures as small as a single process and as large as an entire datacenter. An older, more traditional strategy for achieving reliability is to reduce the chance of failure at every place it can happen. Use the best servers and the best network equipment, and put it in the most reliable datacenter: There will still be outages when this strategy is pursued, but they will be rare.

., 79 “Choose Your Own Adventure” talk, 173 Chubby system, 231, 314 Churchill, Winston, 119 Classification systems for oncall, 292 Clos networking, 137 Cloud computing era (2010-present), 469–472 Cloud-scale service, 80–81 global load balancing methods, 82, 83–85 internal backbones, 83–84 points of presence, 83–85 CM (configuration management) languages, 260–262 CMDB (Configuration Management Database), 222 CMM (Capability Maturity Model), 405–407 web site, 13–14 Code approval process, 47–48 automated reviews, 268–269 lead time, 201 live changes, 236 sufficient amount, 269–270 Code latency in DevOps, 178–179 Code pushes description, 225, 226 failed, 239–240 Code review system (CRS), 268–269 Cognitive systems engineering (CSE) approach, 248 Cold caches, 106 Cold storage factor in service platform selection, 54 Collaboration in DevOps, 183 Collection systems, 345 central vs. regional collectors, 352–353 monitoring, 349–353 protocol selection, 351 push and pull, 350–351 server component vs. agents vs. pollers, 352 Colocation CDNs, 114 service platform selection, 65–66 Command-line flags, 231 Comments in style guides, 267 Commit step in build phase, 202–203 Commodity servers, 463 Communication emergency plans, 317–318 postmortems, 302 virtual offices, 166–167 Compensation in oncall schedules, 290 Compensatory automation principle, 244, 246–247 Compiled languages, 260 Complementarity principle, 244, 247–248 Compliance in platform selection, 63 Comprehensiveness in continuous deployment, 237 Computation, monitoring, 353–354 Confidence in service delivery, 200 Configuration automating, 254 deployment phase, 213–214 in designing for operations, 33–34 DevOps, 185 four-tier web service, 80 monitoring, 345–346, 362–363 Configuration management (CM) languages, 260–262 Configuration Management Database (CMDB), 222 Configuration management strategy in OS installation, 219 Configuration packages, 220 Conflicting goals, 396–397 Congestion problems, 15 Consistency ACID term, 24 CAP Principle, 21 Consistency and partition tolerance (CP), 24 Constant scaling, 475–476 Containers, 60–62 Content delivery networks (CDNs), 114–116 Content distribution servers, 83 Continuous builds in DevOps, 186 Continuous Delivery, 223 Continuous delivery (CD) deployment phase, 221 DevOps, 189–192 practices, 191 principles, 190–191 Continuous deployment DevOps, 186 upgrading live services, 236–239 Continuous improvement technique DevOps, 153, 183 service delivery, 201 Continuous integration (CI) in build phase, 205–207 Continuous tests, 186 Contract questions for hosting providers, 64–65 Contributing conditions analysis (CCA), 301 Control in platform selection, 64 Convergent orchestration, 213–214 Cookies, 76–78 Coordination for oncall schedules, 290 Core drivers capacity planning, 373–374 defined, 366 Coredumps, 129 Corporate emergency communications plans, 317–318 Corpus, 16–17 Correlation coefficient, 367 Correlation in capacity planning, 375–378 Costs caches, 105 cloud computing era, 469–470 dot-bomb era, 464–465 first web era, 459 platform selection, 63–64 pre-web era, 454 second web era, 468–469 service platform selection, 66–67 TCO, 172 Counters in monitoring, 348–350, 358 CPU core sharing, 59 Crash-only software, 35 Crashes automated data collection and analysis, 129 software, 128–129 Craver, Nick, 430 CRS (code review system), 268–269 CSE (cognitive systems engineering) approach, 248 Current usage in capacity planning, 368–369 Customer functionality, segmentation by, 103 Customers in DevOps, 177 Cycle time, 196 Daemons for containers, 61 Daily oncall schedules, 289 Dark launches, 233, 383–384 Dashboards for alerts, 293 Data analysis in capacity planning, 375–380 Data import controls, 41–42 Data scaling in dot-bomb era, 463 Data sharding, 110–112 Database-driven dynamic content, 70 Database views in live schema changes, 234 Datacenter failures, 137–138 Dates in design documents, 277, 282 Dawkins, Richard, 475 DDoS (distributed denial-of-service) attacks, 140 Deallocation of resources, 160 Dean, Jeff canary requests, 131 scaling information, 27 Debois, Patrick, 180 Debug instrumentation, 43 Decommissioning services, 404 assessments, 437–438 description, 156 overview, 160 Dedicated wide area network connections, 83 Default policies, 40 Defense in depth, 119 Defined level in CMM, 406–407 Degradation, graceful, 39–40, 119 Delays in continuous deployment, 238 Delegating capacity planning, 381 Delegations of authority in Incident Command System, 324 Deming, W. Edwards, 172 Denial-of-service (DoS) attacks, 140 Dependencies containers, 60–61 service launches, 158 Deployment and deployment phase, 195, 197, 211 approvals, 216–217 assessments, 444–445 configuration step, 213–214 continuous delivery, 221 defined, 196 DevOps, 185 exercises, 223 frequency in service delivery, 201 infrastructure as code, 221–222 infrastructure automation strategies, 217–220 installation step, 212–213 installing OS and services, 219–220 KPIs, 392–393 operations console, 217 physical machines, 217–218 platform services, 222 promotion step, 212 summary, 222–223 testing, 215–216 virtual machines, 218 Descriptions of outages, 301 Descriptive failure domains, 127 Design documents, 275 adopting, 282–283 anatomy, 277–278 archive, 279–280 changes and rationale, 276 exercises, 284 overview, 275–276 past decisions, 276–277 review workflows, 280–282 summary, 283 templates, 279, 282, 481–484 Design for operations, 31 access controls and rate limits, 40–41 auditing, 42–43 backups and restores, 36 configuration, 33–34 data import controls, 41–42 debug instrumentation, 43 documentation, 43–44 exception collection, 43–44 exercises, 50 features, 45–48 graceful degradation, 39–40 hot swaps, 38–39 implementing, 45–48 improving models, 48–49 monitoring, 42 operational requirements, 31–32 queue draining, 35–36 redundancy, 37 replicated databases, 37–38 software upgrades, 36 startup and shutdown, 34–35 summary, 49–50 third-party vendors, 48 toggles for features, 39 Design patterns for resiliency.

Scratch Monkey by Stross, Charles


carbon-based life, defense in depth, fault tolerance, gravity well, Kuiper Belt, packet switching, phenotype, telepresence

Somehow she got her hand around the slippery-slick head of the halberd, just behind the hook-and-blade; using it as a staff made it easier to shuffle along. For a moment she hesitated: willing to do anything to get out of this madhouse, even to the extent of ditching a fellow-inmate. But that would be -- no. If he's part of some kind of resistance I need him. Got to get his friends behind me and set the tide turning. Organize a defense in depth fuckwads won't work for me so I'll get a new bunch in charge and let them do it. Ow! My back is never going to be the same again. Which way is home? Laboriously, painfully, Oshi crept out into the corridor. Ignoring the corpse of the Goon, she trudged towards the darkened stretch of passage. Something rang a bell within her, rewinding her sense of direction: sometime soon -- Disorientated though she was, her backbrain navigator kept her on course for the vestibule.

pages: 325 words: 92,272

House to House: An Epic Memoir of War by David Bellavia


call centre, defense in depth

Fallujah is shaping up to be the Verdun of the War on Terror. We face a battle of attrition fought within a maze of interlocking fortresses. Attrition is such a sterile word. We’ll be trading our lives for theirs. Sims makes it clear that our initial objectives will be heavily defended. The insurgents have deployed foreign fighters on the city’s approaches. They form the outer crust of their defense-in-depth, so we will face them first. Intelligence reports tell us we’ll face Syrians, Iranians, Saudis, Filipinos, even Italians and Chechnyans. They’re well trained, ideologically motivated, and armed with ample ammunition and equipment. They’ve trained for years to kill us infidels. Some have cut their teeth in Chechnya, Afghanistan, and Somalia. They are veterans just like us—a regular Islamist all-star team.

pages: 439 words: 105,137

The Longest Day by Cornelius Ryan


defense in depth

As Otway marched quickly through the night, small groups of his men appeared everywhere, confirming his worst suspicions. He wondered just how bad the drop had been. Had his special glider train been scattered, too? Otway badly needed the glider-borne guns and other equipment if his plan of assault was to succeed, for Merville was no ordinary battery. Around it ranged a formidable series of defenses in depth. To get to the heart of the battery—four heavy guns in massive concrete emplacements—the 9th would have to pass through mine fields and over antitank ditches, penetrate a fifteen-foot-thick hedge of barbed wire, cross more mine fields and then fight through a maze of machine-gun-filled trenches. The Germans considered this deadly fortification with its garrison of two hundred men almost impregnable.

pages: 404 words: 113,514

Atrocity Archives by Stross, Charles


airport security, anthropic principle, Berlin Wall, brain emulation, British Empire, Buckminster Fuller, defense in depth, disintermediation, experimental subject, glass ceiling, haute cuisine, hypertext link, Khyber Pass, mandelbrot fractal, Menlo Park, NP-complete, the medium is the message, Y2K, yield curve

Extensive safety protocols are discussed which must be implemented before this technology can be deployed nationally, in order to minimize the risk of misactivation. Projected deployment of CCTV monitoring in public places is estimated to result in over one million cameras in situ in British mainland cities by 1999. Coverage will be complete by 2004""06. Anticipated developments in internetworking and improvements in online computing bandwidth suggest for the first time the capacity of achieving a total coverage defense-in-depth against any conceivable insurgency. The implications of this project are discussed, along with its possible efficacy in mitigating the consequences of CASE NIGHTMARE GREEN in September 2007 . . . . Speaking of Mahogany Row, Angleton's picked the boardroom with the teak desk and the original bakelite desk fittings, and frosted windows onto the corridor, as the venue for my debriefing. He's sitting behind the desk tapping his bony fingers, with Andy looking anxious and Boris imperturbable when I walk in and flip the red MEETING light on.

pages: 326 words: 103,170

The Seventh Sense: Power, Fortune, and Survival in the Age of Networks by Joshua Cooper Ramo


Airbnb, Albert Einstein, algorithmic trading, barriers to entry, Berlin Wall, bitcoin, British Empire, cloud computing, crowdsourcing, Danny Hillis, defense in depth, Deng Xiaoping, drone strike, Edward Snowden, Fall of the Berlin Wall, Firefox, Google Chrome, income inequality, Isaac Newton, Jeff Bezos, job automation, market bubble, Menlo Park, Metcalfe’s law, natural language processing, Network effects, Norbert Wiener, Oculus Rift, packet switching, Paul Graham, price stability, quantitative easing, RAND corporation, recommendation engine, Republic of Letters, Richard Feynman, Richard Feynman, road to serfdom, Robert Metcalfe, Sand Hill Road, secular stagnation, self-driving car, Silicon Valley, Skype, Snapchat, social web, sovereign wealth fund, Steve Jobs, Steve Wozniak, Stewart Brand, Stuxnet, superintelligent machines, technological singularity, The Coming Technological Singularity, The Wealth of Nations by Adam Smith, too big to fail, Vernor Vinge, zero day

This sort of charmless arrogance—The Holy Land… we must have that—doesn’t much suit our age. Gatekeepers, after all, depend on the good will of the gatekept. But Lloyd George’s comprehensive view should be a model. What oil and irrigation and Suez were to the British Empire, finance and data flows and gates are to our age. 4. Hard Gatekeeping echoes the postures of some of the most enduring orders in human history—the “defense in depth” of the Roman Empire, for instance, or the protective isolation of Tokugawa Japan or the walls of Han China. The aim of these systems was to survive through defense. Strategists of those empires learned they should avoid attack except when absolutely necessary; a defensive posture was safer. Gatekeeping is similar. It resists unnecessary profligacy. Hard Gatekeeping can be summarized simply: The development and control of the physical and topological spaces that will define any nation’s future security.

pages: 1,117 words: 270,127

On Thermonuclear War by Herman Kahn


British Empire, defense in depth, John von Neumann, mutually assured destruction, New Journalism, oil shale / tar sands, Project Plowshare, RAND corporation, zero-sum game

This did have the danger that the attacker had exposed flanks which might be pinched off by the defender, but it was assumed, and correctly, that in the confusion of the attack the defender would generally not be able to exploit this weakness of the attacker; that before the defender could organize a counterattack and cut off the penetrating troops, they would have had time to fan out and attack the bypassed troops from the rear. Since the new tactic was not so dependent on a lengthy preliminary artillery barrage it allowed the Germans to use surprise attack tactics. The Germans also developed the counter to this attack, which was to organize a defense in depth, a defense that did not care if it was penetrated. The new tactic was not invented by the Germans. A French officer, a Captain Laffargue, had found out experimentally the value of the new tactic and had written a remarkably complete pamphlet on the new ideas. His ideas had no effect on the French or English, but a copy fell into the hands of the Germans, and according to Captain G. C. Wynne it was: ". . . the concise expression of a doctrine which exactly corresponded to the course they themselves had been trying to follow by cumbersome and slow degrees.

They had a treaty of mutual assistance with France, signed December 1925, pledging each party to come immediately to the support of the other in the event of unprovoked aggression on the part of Germany. They had concluded a similar treaty with Russia in May 1935, which would apparently bring the Soviets to the aid of Czechoslovakia if the Franco-Czech pact went into operation. In support of these two agreements, France had signed a pact of mutual assistance with Russia in 1935. With French cooperation they had built a miniature Maginot Line providing for a defense in depth behind which the Czech General Staff were confident that their excellently equipped army of forty divisions could hold up any German attack for at least six weeks, by which time it was supposed that France and Russia would be engaging the aggressor on the West and the East, respectively. This plan ignored the extreme defensive-mindedness of the French and the counter-deterrent of the Siegfried Line built in 1936.

pages: 399 words: 120,226

Dangerous Waters: Modern Piracy and Terror on the High Seas by John S. Burnett


British Empire, cable laying ship, Dava Sobel, defense in depth, Exxon Valdez, Filipino sailors, illegal immigration, Khyber Pass, Malacca Straits, North Sea oil, South China Sea, transcontinental railway, UNCLOS, UNCLOS

Three or four of these devices, each the size of a large teacup, connected by wire to a shore station, detect anomalies on the otherwise smooth lines of the vessel’s hull. The line of sensors would be strung on the seafloor under the channel over which all ships pass, and trigger an alarm. One complete line of sensors, he estimates, costs between $15,000 and $20,000. “I would have thought the system is cheap considering the alternative.” “At the end of the day,” he says, “it is not just about new gadgets but about the human factor. What is needed is defense in depth, but today the precautions still stop at the waterside. Risk assessment still rules the sea. It will take six to twelve months just to change the mindset. Our own government’s attitude and that of others is that we will muddle through, we always have. They have the attitude of the bobby on the beat.” There are significant international efforts to combat terrorism and piracy at sea, and while well intentioned, they are the workings of a large international bureaucracy that plods along at a dolorously slow pace.

pages: 302 words: 82,233

Beautiful security by Andy Oram, John Viega


Albert Einstein, Amazon Web Services, business intelligence, business process, call centre, cloud computing, corporate governance, credit crunch, crowdsourcing, defense in depth, Donald Davies,, fault tolerance, Firefox, loose coupling, Marc Andreessen, market design, Monroe Doctrine, new economy, Nicholas Carr, Nick Leeson, Norbert Wiener, optical character recognition, packet switching, peer-to-peer, performance metric, pirate software, Robert Bork, Search for Extraterrestrial Intelligence, security theater, SETI@home, Silicon Valley, Skype, software as a service, statistical model, Steven Levy, The Wisdom of Crowds, Upton Sinclair, web application, web of trust, x509 certificate, zero day, Zimmermann PGP

256 CHAPTER SIXTEEN Better Practices for Desktop Security What can computer users do to improve on the current, unsatisfactory security situation? First, you will need to embrace the fact that there is no silver bullet or all-powerful talisman that will make your computer invulnerable to malware infection. We suggest dual principles to guide you: • Security is about assessing and reducing risk, not making intrusions impossible. • Simpler solutions tend to be better ones. A related and well-known principle—defense in depth—suggests using a mix of solutions. This does not mean you have to resort to the “more is better” approach of resource-hungry, intrusive, and annoying HIPS products or sandboxing. Although these approaches have merit in expert hands for specific situations, we don’t find them appropriate for average users who cannot make the choices they require and don’t really need such über-paranoid configurations.

pages: 326 words: 48,727

Hot: Living Through the Next Fifty Years on Earth by Mark Hertsgaard


Berlin Wall, business continuity plan, carbon footprint, clean water, Climategate, Climatic Research Unit, corporate governance, cuban missile crisis, decarbonisation, defense in depth,, Fall of the Berlin Wall, fixed income, food miles, Intergovernmental Panel on Climate Change (IPCC), megacity, Mikhail Gorbachev, mutually assured destruction, peak oil, Port of Oakland, Ronald Reagan, Silicon Valley, smart grid, South China Sea, the built environment, transatlantic slave trade, transatlantic slave trade, transit-oriented development, University of East Anglia, urban planning

"We're Repeating the Same Mistakes" Going forward, the question is whether New Orleans can realistically be defended against the Category 4 and 5 hurricanes that will become more common during global warming's second era. The Dutch example suggests that, technologically, the answer is yes. The social context of New Orleans, however, gives much less reason for confidence. "It's very important for the rest of America to understand that we can protect Louisiana if we want to," said van Heerden, who, in his book The Storm, urged a three-layered approach to hurricane protection known as "defense in depth." "For your inner layer of defense," van Heerden told me, "you put hardened levees or flood walls in front of major population centers [such as New Orleans] or other high-value assets. You protect that inner layer with a middle layer of defense, which is comprised of as large an expanse of swamp or wetlands as possible to absorb and weaken incoming storm surges. The data suggest that every mile of wetlands reduces storm surge by 0.7 feet, and every mile of swamp reduces it by 5 to 6 feet.

One Bullet Away: The Making of a Marine Officer by Fick, Nathaniel C.(October 3, 2005) Hardcover by Nathaniel C. Fick


clean water, defense in depth, double helix, friendly fire, John Nash: game theory, Khyber Pass, Silicon Valley

Mortars continued to fall, including one that hit the pavement nearby, throwing sparks into the sky. When our turn came, each Humvee swung around to the south, and we accelerated behind War Pig, passing the rest of the battalion as it sat facing north. The night was moonless, with a low overcast threatening rain. Helicopters could not fly under the weather, and jets above it couldn’t provide accurate close air support. Facing a coordinated defense-in-depth, with little idea of what lay to the north, the colonel decided to pull back two kilometers and set up a hasty defense on the roadside. With a little distance between us and the enemy positions, we could call in jets and wait for daylight. I lined the platoon up along a berm a few hundred meters off the road. War Pig had done most of the shooting, so the Marines weren’t too amped-up. We started watch rotations, and I crawled under the Humvee to enjoy an hour’s insomnia.

pages: 795 words: 212,447

Dead or Alive by Tom Clancy, Grant (CON) Blackwood


active measures, affirmative action, air freight, airport security, Bay Area Rapid Transit, Benoit Mandelbrot, defense in depth, failed state, friendly fire, Google Earth, Panamax, post-Panamax, Skype, uranium enrichment, urban sprawl

Each ‘packet’ will be encased in two nested canisters, one made of almost an inch of a highly corrosion-resistant metal called Alloy 22, then a two-inch-thick second canister made of something called 316NG—essentially, nuclear-grade stainless steel. Overhanging the nested canisters will be a titanium shield designed to protect them from seepage and falling rocks.” “Is that something you’re worried about?” Steve smiled. “Engineers don’t worry. We plan. We try to model every possible scenario and plan for it. These three components—the two nested canisters and the titanium shield—form what we call a ‘defense-in-depth.’ The packets will be stored horizontally and commingled with different grades of waste, so each chamber maintains a uniform temperature.” “How big are these packets?” “About six feet in diameter and ranging in length from twelve to eighteen feet.” “What happens if the packets get . . . misplaced?” the other California candidate asked. “Couldn’t happen. The number of steps involved to move a packet and the people that have to sign off on it make that a virtual impossibility.

pages: 845 words: 197,050

The Gun by C. J. Chivers


air freight, Berlin Wall, British Empire, cuban missile crisis, defense in depth, illegal immigration, joint-stock company, Khartoum Gordon, mutually assured destruction, offshore financial centre, Ponzi scheme, RAND corporation, South China Sea, trade route, Transnistria

And Captain Meinertzhagen, who published his diaries years later and with the benefit of seeing the outcome on the Western Front, could not, even with the passing of time, understand the technical picture for what it was: Intensive machine-gun fire could hardly be beaten back by men with rifles using tactics of yore. By this time, the Western Front was taking on an air of permanence, and the war in Europe was settling into the shape for which it would be remembered. The trench systems were a complicated and carefully considered network. A set of forward trenches served as the front line, supporting trenches were dug farther back, and the reserve trenches farther still—all part of a defense in depth that could absorb an enemy thrust. Along the lines, trenches rarely ran in straight lines for any distance; soldiers dug them according to the contours of the countryside—the sides of hills, across knolls, in positions overlooking concealed routes of approach—in ways that gave the occupants a commanding view of the ground out front. This maximized their defensive potential by providing clear fields of fire into likely infiltration routes.

pages: 546 words: 176,169

The Cold War by Robert Cowley


anti-communist, Berlin Wall, British Empire, cuban missile crisis, defense in depth, Dissolution of the Soviet Union, Doomsday Clock, friendly fire, Henry Ford's grandson gave labor union leader Walter Reuther a tour of the company’s new, automated factory…, means of production, Mikhail Gorbachev, mutually assured destruction, RAND corporation, refrigerator car, Ronald Reagan, South China Sea, Stanislav Petrov, transcontinental railway

He not only wanted to contain it, he wanted to inflict maximum punishment on the enemy. He knew that for the time being, he would have to give some ground, but he wanted the price to be high. South of the Han River, he assigned Brigadier General Garrison Davidson, a talented engineer, to take charge of several thousand Korean laborers and create a “deep defensive zone” with a trench system, barbed wire, and artillery positions. Ridgway also preached defense in depth to his division and regimental commanders in the lines they were holding north of the Han. Although they lacked the manpower to halt the Chinese night attacks, he said that by buttoning up tight, unit by unit, at night and counterattacking strongly with armor and infantry teams during the day, the U.N. army could inflict severe punishment on anyone who had come through the gaps in their line.

Without Remorse by Tom Clancy


defense in depth, South China Sea

Grishanov was quite proud of it, not the least because it was the clear presentation of a highly sophisticated operational concept. Zacharias ran his fingers over it, reading the notations in English, which looked incongruous on a map whose legend was in Cyrillic. He smiled his approval. A bright guy, Kolya, a good student in his way. The way he layered his assets, the way he had his aircraft patrolling back rather than forward. He understood defense in depth now. SAM traps at the ends of the most likely mountain passes, positioned for maximum surprise. Kolya was thinking like a bomber pilot now instead of a fighter jock. That was the first step in understanding how it was done. If every Russian PVO commander understood how to do this, then SAC would have one miserable time ... Dear God. Robin's hands stopped moving. This wasn't about the ChiComs at all.

pages: 649 words: 172,080

Hunting in the Shadows: The Pursuit of Al Qa'ida Since 9/11: The Pursuit of Al Qa'ida Since 9/11 by Seth G. Jones

airport security, battle of ideas, defense in depth, drone strike, Google Earth, index card, Khyber Pass, medical residency, Murray Gell-Mann, RAND corporation, Saturday Night Live, Silicon Valley, trade route, WikiLeaks

Haqqani had been described by the Soviet government, which had a high threshold for violence itself, as “a cruel and uncompromising person” who “displays exceptional brutality toward people suspected of loyalty to the ruling regime.”12 This mixture of fighters was a good illustration of the close links the Taliban and other Afghan militant groups had with al Qa’ida. In the Shah-i-Kot, they communicated through couriers as well as on VHF and HF radios. They also used more arcane ways to send messages, such as blankets and smoke and flares. The enemy, led by Mansour and supported by al Qa’ida fighters, planned to employ a “defense in depth” strategy if they were attacked, inflicting as many casualties as possible on American and allied soldiers instead of denying access. They would permit U.S. and allied forces to enter the lower Shah-i-Kot Valley, draw them in, and engage targets of opportunity. Enemy observation posts provided early warning of approaching U.S. forces. Mansour’s Taliban forces were arrayed in two outer security belts, where they manned checkpoints and lookout positions.

pages: 1,152 words: 266,246

Why the West Rules--For Now: The Patterns of History, and What They Reveal About the Future by Ian Morris


Admiral Zheng, agricultural Revolution, Albert Einstein, anti-communist, Arthur Eddington, Atahualpa, Berlin Wall, British Empire, Columbian Exchange, conceptual framework, cuban missile crisis, defense in depth, demographic transition, Deng Xiaoping, discovery of the americas, Doomsday Clock,, falling living standards, Flynn Effect, Francisco Pizarro, global village, God and Mammon, hiring and firing, indoor plumbing, Intergovernmental Panel on Climate Change (IPCC), invention of agriculture, Isaac Newton, James Watt: steam engine, Kitchen Debate, knowledge economy, market bubble, mass immigration, Menlo Park, Mikhail Gorbachev, mutually assured destruction, New Journalism, out of africa, Peter Thiel, phenotype, pink-collar, place-making, purchasing power parity, RAND corporation, Ray Kurzweil, Ronald Reagan, Scientific racism, sexual politics, Silicon Valley, Sinatra Doctrine, South China Sea, special economic zone, Steve Jobs, Steve Wozniak, Steven Pinker, strong AI, The inhabitant of London could order by telephone, sipping his morning tea in bed, the various products of the whole earth, The Wealth of Nations by Adam Smith, Thomas Kuhn: the structure of scientific revolutions, Thomas L Friedman, Thomas Malthus, trade route, upwardly mobile, wage slave, washing machines reduced drudgery

In 297 Rome even got some revenge for Valerian by capturing the Persian royal harem. The emperor Diocletian (reigned 284–305) exploited this turnaround with administrative, fiscal, and defensive reforms that adapted the empire to deal with the new world. The army more or less doubled in size. The frontiers never entirely settled down, but Rome was now winning more battles than it lost, blunting Germanic raids with defense in depth and wearing the Persians down in sieges. To handle all this activity Diocletian split his job into four parts, with one ruler and a deputy handling the western provinces and another ruler and deputy the eastern. Predictably, the empire’s multiple rulers fought two-, three-, or four-way civil wars as often as they fought external enemies, but compared to the twenty-seven-way civil war in China’s Jin Empire in the 290s, this was stability indeed.

pages: 1,056 words: 275,211

Hirohito and the Making of Modern Japan by Herbert P. Bix


anti-communist, British Empire, colonial rule, defense in depth, European colonialism, land reform, Malacca Straits, Monroe Doctrine, nuremberg principles, oil shock, Ronald Reagan, South China Sea

When a huge American armada closed on Saipan in mid-June to begin the conquest of the main Japanese bases in the Marianas, the Combined Fleet threw in a restored strike force of nine carriers and more than 460 aircraft to oppose the landings.95 The ensuing naval, air, and land battles of the Marianas, fought between June and August 1944, were the decisive battles of the war for the Japanese navy and its air force. Three Japanese aircraft carriers were sunk and 395 planes shot down, without inflicting any serious damage on the American invasion force.96 After desperate fighting, in which Japanese ground commanders once again failed to prepare adequate defenses in depth, Saipan, Guam, and Tinian fell and quickly became forward U.S. bases for long-range B-29 (“Superfortress”) bombers. The capture of Saipan on July 7, 1944, was a particularly heavy blow for the high command. Resistance was bitter, and when it ended, after three weeks, Japan had lost virtually the entire garrison of 23,811 as well as ten thousand noncombatants.97 It had also lost control of the air and the seas everywhere in the Pacific.

Debt of Honor by Tom Clancy


airport security, banking crisis, Berlin Wall, buttonwood tree, complexity theory, cuban missile crisis, defense in depth, job satisfaction, margin call, New Journalism, oil shock, Silicon Valley, tulip mania

Each system-trio had battery backups sufficient to run the hardware for twelve hours. New York safety and environmental codes perversely did not allow the presence of emergency generators in the buildings, an annoyance to the systems engineers who were paid to worry about such things. And worry they did, despite the fact that the duplication, the exquisite redundancies that in a military context were called "defense in depth," would protect against anything and everything that could be imagined. Well, nearly everything. On the front service panel of each of the mainframes was an SCSI port. This was an innovation for the new models, an implicit bow to the fact that desktop computers were so powerful that they could upload important information far more easily than the old method of hanging a tape reel. In this case, the upload terminal was a permanent fixture of the system.

Executive Orders by Tom Clancy


affirmative action, Ayatollah Khomeini, card file, defense in depth, Dissolution of the Soviet Union, experimental subject, financial independence, friendly fire, Monroe Doctrine, one-China policy, out of africa, Own Your Own Home, Plutocrats, plutocrats, rolodex, South China Sea, trade route

The guards would be wary, and though they couldn't check everything-even the American Secret Service had limits on its time and resources-he couldn't afford to dawdle. His initial impressions were not at all favorable. Access was limited. So many students-picking out the right two would be difficult. The guards were many and dispersed. That was the bad part. Numbers mattered less than physical space. The most difficult defense to breach was a defense in depth, because depth meant both space and time. You could neutralize any number of people in a matter of seconds if you had the proper weapons and they were bunched up. But give them anything more than five seconds, and their training would kick in. The guards would be well-drilled. They'd have plans, some predictable, some not. That Coast Guard boat, for example, could dart into shore and take the targets clear.