Interested in risk metrics in IT security? Matthew Rosenquist on the sad story.
Having looked into this (in a cursory manner) for Job Stuff, I can relate to the multiple bodies with different, competing metrics.
Gina Trapani has a lifehacker post on how to revive bloaty Macs.
My wife’s iBook has been misbehaving the last several months, so I should give this a go before I reinstall, see if it actually helps.
This is as much for my own edification and future self as anything else. Three system / health monitoring tools of which I’m aware are:
Nagios and the unfortunately-named but always excellent companion nagiosexchange.
Lighter-weight tools are monit and mon. A friend of mine tried the latter and proclaimed it Good, although the names for both of those are pretty crap, especially mon. At least give it a cute tagline or something. Software authors should always google the names they’re considering; think of somebody who sort of remembers the name but maybe not quite, but wants to find it again. If the mighty GOOG returns 10,000 hits, maybe your name isn’t so good after all.
Standalone Sysadmin has links to a bunch of neat tricks you can play with SSH keys.
Andrew Hay started a good discussion of how to get started with an incident handling / incident response program over at the Security Catalyst forums.
There’s lots of good information in there. As poster Dave Hull notes, academia is good for practising your IR stuff. There are both lots of intrusions, and lots of weird things that look like intrusions, but aren’t.
Like some of the posters there, I’ve taken the SANS 504 course, although I’m not sure that I would characterize it as an in-depth introduction to incident handling. It is as much about how to avoid doing the handling in the first place as anything else, although there is definitely some good stuff in there on IR/IH.
I haven’t checked out the NIST publications yet, although that’s not the first place I’ve seen reference to them.