The complete list:
# 0 No error
# 1 Usage error
# 2 Attempt to apply a patch that's already been applied
# 3 Effective UID is not root
# 4 Attempt to save original files failed
# 5 pkgadd failed
# 6 Patch is obsoleted
# 7 Invalid package directory
# 8 Attempting to patch a package that is not installed
# 9 Cannot access /usr/sbin/pkgadd (client problem)
# 10 Package validation errors
# 11 Error adding patch to root template
# 12 Patch script terminated due to signal
# 13 Symbolic link included in patch
# 14 NOT USED
# 15 The prepatch script had a return code other than 0.
# 16 The postpatch script had a return code other than 0.
# 17 Mismatch of the -d option between a previous patch
# install and the current one.
# 18 Not enough space in the file systems that are targets
# of the patch.
# 19 $SOFTINFO/INST_RELEASE file not found
# 20 A direct instance patch was required but not found
# 21 The required patches have not been installed on the manager
# 22 A progressive instance patch was required but not found
# 23 A restricted patch is already applied to the package
# 24 An incompatible patch is applied
# 25 A required patch is not applied
# 26 The user specified backout data can't be found
Monday, April 27, 2009
Wednesday, March 25, 2009
vi (aka vim) tutorial, tips, tricks and useful commands
vi (aka vim) tutorial, tips, tricks and useful commands
Where grep came from (RE being Regular Expression):
:g/RE/p
Delete lines 10 to 20 inclusive:
:10,20d
or with marks a and b:
:'a,'bd
Delete lines that contain pattern:
:g/pattern/d
Delete all empty lines:
:g/^$/d
Delete lines in range that contain pattern:
:20,30/pattern/d
or with marks a and b:
:'a,'b/pattern/d
Substitute all lines for first occurance of pattern:
:%s/pattern/new/
:1,$s/pattern/new/
Substitute all lines for pattern globally (more than once on the line):
:%s/pattern/new/g
:1,$s/pattern/new/g
Find all lines containing pattern and then append -new to the end of each line:
:%s/\(.*pattern.*\)/\1-new/g
Substitute range:
:20,30s/pattern/new/g
with marks a and b:
:'a,'bs/pattern/new/g
Swap two patterns on a line:
:s/\(pattern1\)\(pattern2\)/\2\1/
Capitalize the first lowercase character on a line:
:s/\([a-z]\)/\u\1/
more concisely:
:s/[a-z]/\u&/
Capitalize all lowercase characters on a line:
:s/\([a-z]\)/\u\1/g
more concisely:
:s/[a-z]/\u&/g
Capitalize all characters on a line:
:s/\(.*\)/\U\1\E/
Capitalize the first character of all words on a line:
:s/\<[a-z]/\u&/g
Uncapitalize the first character of all words on a line:
:s/\<[A-Z]/\l&/g
Change case of character under cursor:
~
Change case of all characters on line:
g~~
Change case of remaining word from cursor:
g~w
Increment the number under the cursor:
Decrement the number under the cursor:
redraw:
Turn on line numbering:
:set nu
Turn it off:
:set nonu
Number lines (filter the file through a unix command and replace with output):
:%!cat -n
Sort lines:
:%!sort
Sort and uniq:
:%!sort -u
Read output of command into buffer:
:r !ls -l
Refresh file from version on disk:
:e!
Open a new window:
n
Open a new window with the same file (split):
s
Split window vertically:
v
Close current window:
c
:q
Make current window the only window:
o
Cycle to next window:
w
Move to window below current window:
j
Move to window above current window:
k
Move to window left of current window:
h
Move to window right of current window:
l
Set textwidth for automatic line-wrapping as you type:
:set textwidth=80
Turn on syntax highlighting
:syn on
Turn it off:
:syn off
Force the filetype for syntax highlighting:
:set filetype=python
:set filetype=c
:set filetype=php
Use lighter coloring scheme for a dark background:
:set background=dark
Htmlize a file using the current syntax highlighting:
:so $VIMRUNTIME/syntax/2html.vim
Or, htmlize from a command prompt:
in 2html.sh put:
#!/bin/sh
vim -n -c ':so $VIMRUNTIME/syntax/2html.vim' -c ':wqa' $1 > /dev/null 2> /dev/null
Now just run: shell> 2html.sh foo.py
Document originally from http://www.cs.ualberta.ca/~luca/tricks.vim.html
updated and maintained by Greg Lawler
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
var pageTracker = _gat._getTracker("UA-256828-4");
pageTracker._trackPageview();
Where grep came from (RE being Regular Expression):
:g/RE/p
Delete lines 10 to 20 inclusive:
:10,20d
or with marks a and b:
:'a,'bd
Delete lines that contain pattern:
:g/pattern/d
Delete all empty lines:
:g/^$/d
Delete lines in range that contain pattern:
:20,30/pattern/d
or with marks a and b:
:'a,'b/pattern/d
Substitute all lines for first occurance of pattern:
:%s/pattern/new/
:1,$s/pattern/new/
Substitute all lines for pattern globally (more than once on the line):
:%s/pattern/new/g
:1,$s/pattern/new/g
Find all lines containing pattern and then append -new to the end of each line:
:%s/\(.*pattern.*\)/\1-new/g
Substitute range:
:20,30s/pattern/new/g
with marks a and b:
:'a,'bs/pattern/new/g
Swap two patterns on a line:
:s/\(pattern1\)\(pattern2\)/\2\1/
Capitalize the first lowercase character on a line:
:s/\([a-z]\)/\u\1/
more concisely:
:s/[a-z]/\u&/
Capitalize all lowercase characters on a line:
:s/\([a-z]\)/\u\1/g
more concisely:
:s/[a-z]/\u&/g
Capitalize all characters on a line:
:s/\(.*\)/\U\1\E/
Capitalize the first character of all words on a line:
:s/\<[a-z]/\u&/g
Uncapitalize the first character of all words on a line:
:s/\<[A-Z]/\l&/g
Change case of character under cursor:
~
Change case of all characters on line:
g~~
Change case of remaining word from cursor:
g~w
Increment the number under the cursor:
Decrement the number under the cursor:
redraw:
Turn on line numbering:
:set nu
Turn it off:
:set nonu
Number lines (filter the file through a unix command and replace with output):
:%!cat -n
Sort lines:
:%!sort
Sort and uniq:
:%!sort -u
Read output of command into buffer:
:r !ls -l
Refresh file from version on disk:
:e!
Open a new window:
Open a new window with the same file (split):
Split window vertically:
Close current window:
:q
Make current window the only window:
Cycle to next window:
Move to window below current window:
Move to window above current window:
Move to window left of current window:
Move to window right of current window:
Set textwidth for automatic line-wrapping as you type:
:set textwidth=80
Turn on syntax highlighting
:syn on
Turn it off:
:syn off
Force the filetype for syntax highlighting:
:set filetype=python
:set filetype=c
:set filetype=php
Use lighter coloring scheme for a dark background:
:set background=dark
Htmlize a file using the current syntax highlighting:
:so $VIMRUNTIME/syntax/2html.vim
Or, htmlize from a command prompt:
in 2html.sh put:
#!/bin/sh
vim -n -c ':so $VIMRUNTIME/syntax/2html.vim' -c ':wqa' $1 > /dev/null 2> /dev/null
Now just run: shell> 2html.sh foo.py
Document originally from http://www.cs.ualberta.ca/~luca/tricks.vim.html
updated and maintained by Greg Lawler
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
var pageTracker = _gat._getTracker("UA-256828-4");
pageTracker._trackPageview();
Friday, March 20, 2009
Configuring sendmail with STARTTLS and SASL on RedHat Enterprise Linux Server release 5 (Tikanga)
The Required RPMs
If missing any of the above rpms, please use yum or other methods to install.
· sendmail-cf-8.13.8-2.el5
· sendmail-8.13.8-2.el5
· cyrus-sasl-2.1.22-4
· cyrus-sasl-plain-2.1.22-4
· openssl-0.9.8b-8.3.el5
· m4-1.4.5-3.el5.1
The Procedure
1. Back up your configuration files:
#mkdir /etc/mail/SAVE
#cp –p /etc/mail/sendmail.cf /etc/mail/SAVE
#cp –p /etc/mail/sendmail.mc /etc/mail/SAVE
2. Edit sendmail.mc
Please note that m4 doesn't use the # symbol for comments, instead, it starts a line with dnl, which stands for "delete until new line".
The confAUTH_OPTIONS macro allows you to instruct sendmail not to offer plain text authentication until after a secure mechanism such as TLS is active (the p option). We are also prohibiting anonymous logins (the y option). The A option is a workaround for broken MTAs:
define(`confAUTH_OPTIONS', `A y')dnl
Now we define which authentication mechanisms we will trust and use:
TRUST_AUTH_MECH(`LOGIN PLAIN')dnldefine(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
3. Make a pki certificate
#cd /etc/pki/tls/certs#make sendmail.pem
The current certificate is listed below for future reference:
[root@backup1]# ls -l /etc/pki/tls/certs/sendmail.pem
-rw------- 1 root root 2186 Mar 13 16:18 /etc/pki/tls/certs/sendmail.pem
[root@backup1 etc]# keytool -printcert -file /etc/pki/tls/certs/sendmail.pem
Owner: C=US,ST=FL,L=Tempa,O=markproductions.com,OU=backup1,CN=backup1,1.2.840.113549.1.9.1=markbao123@yahoo.com
Issuer: C=US,ST=FL,L=Tempa,O=markproductions.com,OU=backup1,CN=backup1,1.2.840.113549.1.9.1=markbao123@yahoo.com
Serial number: 0
Valid from: Friday March 13, 2009 AD - 9:18:05;367 o'clock PM GMT-04:00
until: Saturday March 13, 2010 AD - 8:18:05;367 o'clock PM GMT-05:00
Certificate fingerprints
MD5: 39:D7:82:93:03:40:98:FF:89:0C:C7:47:CA:45:62:9E
SHA-160: 8B:3B:F6:D4:0D:69:C2:C2:B7:00:87:65:FD:AD:71:A6:93:79:49:E7
[root@backup1 etc]#
4. Start the saslauthd and the sendmail processes
Start saslauthd
[root@backup1]# chkconfig --level 2345 saslauthd on
[root@backup1]# chkconfig --list saslauthd
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@backup1]# service saslauthd start
[root@backup1]# service saslauthd status
saslauthd (pid 6026 6025 6024 6023 6022) is running...
Start sendmail
[root@backup1]# chkconfig --level 345 sendmail on
[root@backup1]# chkconfig --list sendmail
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@backup1]# service sendmail stop
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
[root@backup1# service sendmail start
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@backup1]# service sendmail status
sendmail (pid 11291 11283) is running...
[root@backup1 mail]#
5. Verify the configuration parameters
NOTE: the compilation options must have “SASLv2” and “STARTTLS”
Also notice that AUTH is offered with the allowed mechanisms (but not STARTTLS, which isn't needed here, as the channel is already encrypted). Authentication takes place, and the message is relayed to its destination.
[root@backup1]# sendmail -d0.10 -bv
Version 8.13.8
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT
OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD
HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE HASRANDOM
HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT HASSETSID
HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME HASUNSETENV
HASWAITPID IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC
USE_DOUBLE_FORK USE_SIGLONGJMP
Kernel symbols: /boot/vmlinux
Conf file: /etc/mail/submit.cf (default for MSP)
Conf file: /etc/mail/sendmail.cf (default for MTA)
Pid file: /var/run/sendmail.pid (default)
Canonical name: backup1.markproductions.com
UUCP nodename: backup1.markproductions.com
Conf file: /etc/mail/sendmail.cf (selected)
Pid file: /var/run/sendmail.pid (selected)
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = backup1
(canonical domain name) $j = backup1.markproductions.com
(subdomain name) $m = markproductions.com
(node name) $k = backup1.markproductions.com
========================================================
Recipient names must be specified
[root@backup1 ~]#
[root@backup1]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 backup1.markproductions.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 20 Mar 2009 17:37:25 -0400
EHLO localhost
250-backup1.markproductions.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
^]
telnet> q
Connection closed.
[root@backup1 ~]
6. Update Linux host based firewall
# /sbin/ iptables -A INPUT -p tcp --dport 25 --syn -j ACCEPT
#service iptables save
# grep 'dport 25' /etc/sysconfig/iptables
-A INPUT -p tcp --dport 25 --syn -j ACCEPT
[root@backup1 sysconfig]# service iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
[root@backup1 sysconfig]# service iptables start
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: [ OK ]
[root@backup1 etc]# service iptables status grep "tcp dpt:25"
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 flags:0x17/0x02
7. Test with sending an email
[markbao@backup1]# Mail -v markbaoxxx@gmail.com
Subject: test from sendmail smtp gateway to gmail mail
.
Cc:
Null message body; hope that's ok
markbao123@gmail.com... Connecting to [127.0.0.1] via relay...
220 backup1.markproductions.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 20 Mar 2009 18:15:02 -0400
>>> EHLO backup1.markproductions.com
250-backup1.markproductions.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
>>> MAIL From: SIZE=78 AUTH=markbao@backup1.markproductions.com
250 2.1.0... Sender ok
>>> RCPT To:
>>> DATA
250 2.1.5... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 n2KMF2Xa013041 Message accepted for delivery
markbaoxxx@gmail.com... Sent (n2KMF2Xa013041 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 backup1.markproductions.com closing connection
[markbao@backup1 ~]
-----Original Message-----From: markbao@localhost.localdomain [mailto:markbao@localhost.localdomain] Sent: Friday, March 20, 2009 6:18 PMTo: markbaoxxx@gmail.comSubject: test from sendmail smtp gateway to gmail mail
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.238 / Virus Database: 270.11.20/2013 - Release Date: 03/20/09 06:59:00
8. References:
http://sendmail.org/
http://www.whoopis.com/howtos/sendmail-auth-howto.html
http://www.joreybump.com/code/howto/smtpauth.html
http://www.redhat.com/magazine/025nov06/features/email/index.html
http://www.screaming-penguin.com/node/4214
If missing any of the above rpms, please use yum or other methods to install.
· sendmail-cf-8.13.8-2.el5
· sendmail-8.13.8-2.el5
· cyrus-sasl-2.1.22-4
· cyrus-sasl-plain-2.1.22-4
· openssl-0.9.8b-8.3.el5
· m4-1.4.5-3.el5.1
The Procedure
1. Back up your configuration files:
#mkdir /etc/mail/SAVE
#cp –p /etc/mail/sendmail.cf /etc/mail/SAVE
#cp –p /etc/mail/sendmail.mc /etc/mail/SAVE
2. Edit sendmail.mc
Please note that m4 doesn't use the # symbol for comments, instead, it starts a line with dnl, which stands for "delete until new line".
The confAUTH_OPTIONS macro allows you to instruct sendmail not to offer plain text authentication until after a secure mechanism such as TLS is active (the p option). We are also prohibiting anonymous logins (the y option). The A option is a workaround for broken MTAs:
define(`confAUTH_OPTIONS', `A y')dnl
Now we define which authentication mechanisms we will trust and use:
TRUST_AUTH_MECH(`LOGIN PLAIN')dnldefine(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
3. Make a pki certificate
#cd /etc/pki/tls/certs#make sendmail.pem
The current certificate is listed below for future reference:
[root@backup1]# ls -l /etc/pki/tls/certs/sendmail.pem
-rw------- 1 root root 2186 Mar 13 16:18 /etc/pki/tls/certs/sendmail.pem
[root@backup1 etc]# keytool -printcert -file /etc/pki/tls/certs/sendmail.pem
Owner: C=US,ST=FL,L=Tempa,O=markproductions.com,OU=backup1,CN=backup1,1.2.840.113549.1.9.1=markbao123@yahoo.com
Issuer: C=US,ST=FL,L=Tempa,O=markproductions.com,OU=backup1,CN=backup1,1.2.840.113549.1.9.1=markbao123@yahoo.com
Serial number: 0
Valid from: Friday March 13, 2009 AD - 9:18:05;367 o'clock PM GMT-04:00
until: Saturday March 13, 2010 AD - 8:18:05;367 o'clock PM GMT-05:00
Certificate fingerprints
MD5: 39:D7:82:93:03:40:98:FF:89:0C:C7:47:CA:45:62:9E
SHA-160: 8B:3B:F6:D4:0D:69:C2:C2:B7:00:87:65:FD:AD:71:A6:93:79:49:E7
[root@backup1 etc]#
4. Start the saslauthd and the sendmail processes
Start saslauthd
[root@backup1]# chkconfig --level 2345 saslauthd on
[root@backup1]# chkconfig --list saslauthd
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@backup1]# service saslauthd start
[root@backup1]# service saslauthd status
saslauthd (pid 6026 6025 6024 6023 6022) is running...
Start sendmail
[root@backup1]# chkconfig --level 345 sendmail on
[root@backup1]# chkconfig --list sendmail
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@backup1]# service sendmail stop
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
[root@backup1# service sendmail start
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@backup1]# service sendmail status
sendmail (pid 11291 11283) is running...
[root@backup1 mail]#
5. Verify the configuration parameters
NOTE: the compilation options must have “SASLv2” and “STARTTLS”
Also notice that AUTH is offered with the allowed mechanisms (but not STARTTLS, which isn't needed here, as the channel is already encrypted). Authentication takes place, and the message is relayed to its destination.
[root@backup1]# sendmail -d0.10 -bv
Version 8.13.8
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT
OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD
HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE HASRANDOM
HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT HASSETSID
HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME HASUNSETENV
HASWAITPID IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC
USE_DOUBLE_FORK USE_SIGLONGJMP
Kernel symbols: /boot/vmlinux
Conf file: /etc/mail/submit.cf (default for MSP)
Conf file: /etc/mail/sendmail.cf (default for MTA)
Pid file: /var/run/sendmail.pid (default)
Canonical name: backup1.markproductions.com
UUCP nodename: backup1.markproductions.com
Conf file: /etc/mail/sendmail.cf (selected)
Pid file: /var/run/sendmail.pid (selected)
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = backup1
(canonical domain name) $j = backup1.markproductions.com
(subdomain name) $m = markproductions.com
(node name) $k = backup1.markproductions.com
========================================================
Recipient names must be specified
[root@backup1 ~]#
[root@backup1]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 backup1.markproductions.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 20 Mar 2009 17:37:25 -0400
EHLO localhost
250-backup1.markproductions.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
^]
telnet> q
Connection closed.
[root@backup1 ~]
6. Update Linux host based firewall
# /sbin/ iptables -A INPUT -p tcp --dport 25 --syn -j ACCEPT
#service iptables save
# grep 'dport 25' /etc/sysconfig/iptables
-A INPUT -p tcp --dport 25 --syn -j ACCEPT
[root@backup1 sysconfig]# service iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
[root@backup1 sysconfig]# service iptables start
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: [ OK ]
[root@backup1 etc]# service iptables status grep "tcp dpt:25"
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 flags:0x17/0x02
7. Test with sending an email
[markbao@backup1]# Mail -v markbaoxxx@gmail.com
Subject: test from sendmail smtp gateway to gmail mail
.
Cc:
Null message body; hope that's ok
markbao123@gmail.com... Connecting to [127.0.0.1] via relay...
220 backup1.markproductions.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 20 Mar 2009 18:15:02 -0400
>>> EHLO backup1.markproductions.com
250-backup1.markproductions.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
>>> MAIL From:
250 2.1.0
>>> RCPT To:
>>> DATA
250 2.1.5
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 n2KMF2Xa013041 Message accepted for delivery
markbaoxxx@gmail.com... Sent (n2KMF2Xa013041 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 backup1.markproductions.com closing connection
[markbao@backup1 ~]
-----Original Message-----From: markbao@localhost.localdomain [mailto:markbao@localhost.localdomain] Sent: Friday, March 20, 2009 6:18 PMTo: markbaoxxx@gmail.comSubject: test from sendmail smtp gateway to gmail mail
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.238 / Virus Database: 270.11.20/2013 - Release Date: 03/20/09 06:59:00
8. References:
http://sendmail.org/
http://www.whoopis.com/howtos/sendmail-auth-howto.html
http://www.joreybump.com/code/howto/smtpauth.html
http://www.redhat.com/magazine/025nov06/features/email/index.html
http://www.screaming-penguin.com/node/4214
Thursday, March 19, 2009
Solstice Disksuite: Recovering the quorum after a disk failure on the system start-up
In a scenario where we lost one disk during the boot, the system start-up couldn't be finalised due to loss of the quorum. So the system will prompt to enter in single user Enter in single user and type the following.
# metadb -i
This will list all meta databases. The replicas that have problems would be flagged with “M”.
So, would be necessary to remove all the replicas from the meta database in order to get the correct
quorum for the mirror to work.
Example
flags first blk block count
M 16 1034 /dev/dsk/c1t0d0s7 <-- failed disk0 M 1050 1034 /dev/dsk/c1t0d0s7 <-- failed disk0 a m p luo 16 16 /dev/dsk/c1t1d0s7 a p luo 1050 1034 /dev/dsk/c1t1d0s7 # metadb -d /dev/dsk/c1t0d0s7 Ignore the messages saying cannot change the file “read-only file-system” # reboot The system will boot from the mirrored disk and this time without quorum issues. Reconnecting the disk0 after bootable mirror test Assuming that you are doing a full test, and the previous Troubleshooting procedure was followed, then issue the following commands: # metadb -a -f -c2 /dev/dsk/c1t0d0s7 The above command will recreate the meta database on the disk0 and once that done, and since it was not a disk failure/corruption. So, the meta structure remains in the disk, the SDS immediately starts the synchronization in all file-systems. # metastat or # metastat grep “%” Disabling the Quorum Rule # echo “set md:mirrored_root_flag=1” >> /etc/system
# metadb -i
This will list all meta databases. The replicas that have problems would be flagged with “M”.
So, would be necessary to remove all the replicas from the meta database in order to get the correct
quorum for the mirror to work.
Example
flags first blk block count
M 16 1034 /dev/dsk/c1t0d0s7 <-- failed disk0 M 1050 1034 /dev/dsk/c1t0d0s7 <-- failed disk0 a m p luo 16 16 /dev/dsk/c1t1d0s7 a p luo 1050 1034 /dev/dsk/c1t1d0s7 # metadb -d /dev/dsk/c1t0d0s7 Ignore the messages saying cannot change the file “read-only file-system” # reboot The system will boot from the mirrored disk and this time without quorum issues. Reconnecting the disk0 after bootable mirror test Assuming that you are doing a full test, and the previous Troubleshooting procedure was followed, then issue the following commands: # metadb -a -f -c2 /dev/dsk/c1t0d0s7 The above command will recreate the meta database on the disk0 and once that done, and since it was not a disk failure/corruption. So, the meta structure remains in the disk, the SDS immediately starts the synchronization in all file-systems. # metastat or # metastat grep “%” Disabling the Quorum Rule # echo “set md:mirrored_root_flag=1” >> /etc/system
Wednesday, March 18, 2009
A Legal Distortion
=============================================
ISR News: Heartland Class Action Lawsuit
Posted: 18 Mar 2009 10:05 AM PDT
Excerpts From ComputerWeekly.com An investor has filed a proposed class action in the US district court of New Jersey on behalf of all other investors in Heartland between August 2008 and February 2009. The complaint alleges that Heartland issued false or misleading statements and failed to disclose material adverse facts about its business, operations and prospects during that period. Heartland's shares during that period also declined from $21.84 per share, or approximately 80%, from its high of $27.19 per share in September 2008.
=============================================
Sure, the security breach of Heartland is shameful. After reading many news and blogger articles, I still have no clue of what kind of spyware could have caused 100 million credit card information to be exposed. I have just taken a security training class. It would have taken a huge amount negligence on the IT management to have allowed a disaster of this magnitude. But business is governed by rule of laws. If having violated any, Heartland will receive its due penalties. Last Friday, for example, PCI council put Hearland's PCI DSS certification on probation. For those lawyers who proposed this class action, I can imagine a motion picture as follows: in the wild safari of Africa, when an elephant is wounded and fell on the ground, a group vultures begin hanging low.
ISR News: Heartland Class Action Lawsuit
Posted: 18 Mar 2009 10:05 AM PDT
Excerpts From ComputerWeekly.com An investor has filed a proposed class action in the US district court of New Jersey on behalf of all other investors in Heartland between August 2008 and February 2009. The complaint alleges that Heartland issued false or misleading statements and failed to disclose material adverse facts about its business, operations and prospects during that period. Heartland's shares during that period also declined from $21.84 per share, or approximately 80%, from its high of $27.19 per share in September 2008.
=============================================
Sure, the security breach of Heartland is shameful. After reading many news and blogger articles, I still have no clue of what kind of spyware could have caused 100 million credit card information to be exposed. I have just taken a security training class. It would have taken a huge amount negligence on the IT management to have allowed a disaster of this magnitude. But business is governed by rule of laws. If having violated any, Heartland will receive its due penalties. Last Friday, for example, PCI council put Hearland's PCI DSS certification on probation. For those lawyers who proposed this class action, I can imagine a motion picture as follows: in the wild safari of Africa, when an elephant is wounded and fell on the ground, a group vultures begin hanging low.
Friday, February 27, 2009
Linux SAN disk migration plan using disk Raid mirroring method
I. General Purpose: SAN Data migration between Linux hosts
1. Operational risks: during the migration, the current production server will experience single point of failure on the SAN disks.
2. Other risks involve failure in cooperation among UNIX system adiministrators , DBAs, Fibre cable technicians and Storage Operators.
3. Roll back, if following this document step by step, we should be able to roll back at any point of this operation
4. The scope of this exercise is limited to using Linux native raidtool as the data migration method. Other possible methods are not explored. They may include, EMC SRDF/BCV/Snapshot, Veritas Volume Manager Mirroring, Veritas Datamovers, LINUX LVM and copying data via network or optical media etc.
II. Target Server Preparation
*Note, outputs in this document are for illustration only. They are not actual screen shots.
1. Identify, build and test the target server according to current company standards.
2. Make sure raidtool is installed:
targethost# rpm –qa|grep raid
If rpm has not been installed, download from vendor site and install.
Redhat example: http://people.redhat.com/mingo/raidtools/
Please follow vendor instruction on to build and install a kernel. In the end, you should make sure you have the following options set in your kernel configuration:
CONFIG_MD=y
CONFIG_BLK_DEV_MD=y
CONFIG_MD_RAID1=y
CONFIG_BLK_DEV_LVM=y
You'll also need initial ramdisk (initrd) support, and it's recommended to compile in the loop block device:
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_SIZE=4096
CONFIG_BLK_DEV_INITRD=y
CONFIG_BLK_DEV_LOOP=y
Additionally, you should build in support for the filesystems you intend to use.
CONFIG_EXT3_FS=y
3. Host Bus Adapter Configurations (HBAs)
Verify /etc/modules.conf contains qla2300 alias:
alias scsi_hostadapter2_qla2300
Verify /etc/modules.conf contains qla2300 options (assuming using qla drivers. If not, please check for other corresponding HBA entries. )
options qla2300 ql2xfailover=0 MaxRetriesPerPath=0 MaxRetriesPerIo=0 ql2xmaxqdepth=16
Load HBA driver if necessary
targethost# modprobe –a qla2300
Collect the HBA WWN on the target server and save for the next SAN disk provision section.
targethost# cat /proc/scsi/qla2300/[1234] | grep port
II. SAN Disk Provisioning
1. Using the EMC SAN control center, do the disk provisioning. During the migration, the target Linux host will have visibility to both the new and old Claiion Disks.
2. The SAN typer disks on the source and target storage devices should be identical.
III. Source Server operations
1. On the source host, verify SAN disks are mirrored:
sourcehost# cat /proc/mdstat
Personalities : [raid1]
read_ahead 1024 sectors
md1 : active raid1 hda1[0] hdc1[1]
125376 blocks [2/2] [UU]
2. Let’s say “/dev/hdc” is the disk we want to use as the swing disk,
sourcehost# raidsetfaulty /dev/md1 /dev/hdc1
3. Verify “/dev/hdc” is no longer engaged,
sourcehost# cat /proc/mdstat
md2 : active raid1 hda2[0] hdc2[1](F)
9644928 blocks [2/1] [U_]
4. Move the fibre cable from sourchost’s second HBA port and attach it to the targethost’s second HBA port
IV. Target Server operations
1. Discover the new disk by doing a system reboot.
If rebooting is not possible, you may alternately use the following
For logic:
Do one at a time
targethost#echo scsi-qlascan > /proc/scsi/qla2xxx/
targethost#cat to see new device at the end
For Emulex:
targethost#echo 1 > /sys/class/scsi_host/host/issue_lip
targethost#rescan-scsi-bus.sh -l -w -c
Do one path at a time
targethost#echo - - - > /sys/class/scsi_host/host/scan
Check for new sd devices:
targethost#fdisk -l | grep Disk
Verifying Storage and Paths
1. After new provisioning reload qla2300 driver.
targethost# rmmod qla2300
targethost# modprobe –a qla2300
2. Verify storage and paths:
Example output: (not real output)
targethost# inq.linux
------------------------------------------------------------------
DEVICE :VEND :PROD :REV :SER NUM :CAP(kb)
------------------------------------------------------------------
…
/dev/sdc :EMC :Claiion_New :5670 :74302000 :17677440
/dev/sdd :EMC :Claiion_New :5670 :74302000 :17677440
/dev/sde :EMC :Claiion_Old :5670 :74302000 :17677440
…
3. Partitioning the New Disk
Run fdisk on the new unused disk to give the same partition as the original source disk on the source server
:
targethost# sfdisk -d /dev/hde | sfdisk /dev/hdc
targethost# sfdisk -d /dev/hde | sfdisk /dev/hdd
4. Update /etc/raidtab
The first step is to set up /etc/raidtab. This file serves as the configuration file for the mkraid command. We need to set up a stanza for both partitions, and declare any partitions on hdd as a "failed-disk" for now. This will keep the md driver from trying to use them at this time.
raiddev /dev/md1
raid-level 1
nr-raid-disks 2
nr-spare-disks 0
persistent-superblock 1
device /dev/hdc1
raid-disk 0
# this is our old disk, mark as failed for now
device /dev/hdd1
failed-disk 1
5. Converting the Partitions into RAID Devices
# mkraid /dev/md1
handling MD device /dev/md1
analyzing super-block
disk 0: /dev/hdd1, failed
disk 1: /dev/hdc1, 125464kB, raid superblock at 125376kB
6. Update fstab
Once this step is done, edit /newdisk/etc/fstab and set it up to mount the new LVM volumes in place of the old partitions, and to mount the /boot partition. We would change it to the following on the example machine:
#
…
/dev/md1 /NewSanDisk ext3 defaults 1 1
…
7. Reboot and Start Mirroring
targethost# reboot
Alternatively, you may start raid without rebooting:
targethost# raidstop /dev/md1; raidstart /dev/md1
Once the server is online, attach the SAN disk from the sourcehost to the mirror:
targethost# raidhotadd /dev/md1 /dev/hde1
Verify the mirroring is in progress:
targethost# cat /proc/mdstat
md1 : active raid1 hde1[2] hdc1[1]
9644928 blocks [2/1] [_U]
[>....................] recovery = 0.1% (11696/9644928) \
finish=13.7min speed=11696K/sec
unused devices:
Verify the mirroring has been completed:
targethost# cat /proc/mdstat
Personalities : [raid1]
read_ahead 1024 sectors
md1 : active raid1 hdc1[0] hdd1[1]
125376 blocks [2/2] [UU]
You may perform additional data integrity testing by mounting the filesystem, by starting database servers etc.
8. Reboot and Start Mirroring
Once all tests are completed successfully, you now may remove the disk from sourcehost from the Raid:
targethost# raidhotremove /dev/md1 /dev/sde2
Verify that sde is no longer engaged:
targethost# cat /proc/mdstat,
Then add a second mirror pair from the target server:
targethost# raidhotadd /dev/md1 /dev/hde1
The verification process will be the same as the immediate preceding section.
V. Cleaning Up
1. Make the targethost take on the personality of the sourcehost by changing its hostname, IP address etc.
2. Shutdown and decommission and old sourcehost.
3. On EMC control center, decommission un-used disks Hyper devices.
1. Operational risks: during the migration, the current production server will experience single point of failure on the SAN disks.
2. Other risks involve failure in cooperation among UNIX system adiministrators , DBAs, Fibre cable technicians and Storage Operators.
3. Roll back, if following this document step by step, we should be able to roll back at any point of this operation
4. The scope of this exercise is limited to using Linux native raidtool as the data migration method. Other possible methods are not explored. They may include, EMC SRDF/BCV/Snapshot, Veritas Volume Manager Mirroring, Veritas Datamovers, LINUX LVM and copying data via network or optical media etc.
II. Target Server Preparation
*Note, outputs in this document are for illustration only. They are not actual screen shots.
1. Identify, build and test the target server according to current company standards.
2. Make sure raidtool is installed:
targethost# rpm –qa|grep raid
If rpm has not been installed, download from vendor site and install.
Redhat example: http://people.redhat.com/mingo/raidtools/
Please follow vendor instruction on to build and install a kernel. In the end, you should make sure you have the following options set in your kernel configuration:
CONFIG_MD=y
CONFIG_BLK_DEV_MD=y
CONFIG_MD_RAID1=y
CONFIG_BLK_DEV_LVM=y
You'll also need initial ramdisk (initrd) support, and it's recommended to compile in the loop block device:
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_SIZE=4096
CONFIG_BLK_DEV_INITRD=y
CONFIG_BLK_DEV_LOOP=y
Additionally, you should build in support for the filesystems you intend to use.
CONFIG_EXT3_FS=y
3. Host Bus Adapter Configurations (HBAs)
Verify /etc/modules.conf contains qla2300 alias:
alias scsi_hostadapter2_qla2300
Verify /etc/modules.conf contains qla2300 options (assuming using qla drivers. If not, please check for other corresponding HBA entries. )
options qla2300 ql2xfailover=0 MaxRetriesPerPath=0 MaxRetriesPerIo=0 ql2xmaxqdepth=16
Load HBA driver if necessary
targethost# modprobe –a qla2300
Collect the HBA WWN on the target server and save for the next SAN disk provision section.
targethost# cat /proc/scsi/qla2300/[1234] | grep port
II. SAN Disk Provisioning
1. Using the EMC SAN control center, do the disk provisioning. During the migration, the target Linux host will have visibility to both the new and old Claiion Disks.
2. The SAN typer disks on the source and target storage devices should be identical.
III. Source Server operations
1. On the source host, verify SAN disks are mirrored:
sourcehost# cat /proc/mdstat
Personalities : [raid1]
read_ahead 1024 sectors
md1 : active raid1 hda1[0] hdc1[1]
125376 blocks [2/2] [UU]
2. Let’s say “/dev/hdc” is the disk we want to use as the swing disk,
sourcehost# raidsetfaulty /dev/md1 /dev/hdc1
3. Verify “/dev/hdc” is no longer engaged,
sourcehost# cat /proc/mdstat
md2 : active raid1 hda2[0] hdc2[1](F)
9644928 blocks [2/1] [U_]
4. Move the fibre cable from sourchost’s second HBA port and attach it to the targethost’s second HBA port
IV. Target Server operations
1. Discover the new disk by doing a system reboot.
If rebooting is not possible, you may alternately use the following
For logic:
Do one at a time
targethost#echo scsi-qlascan > /proc/scsi/qla2xxx/
targethost#cat
For Emulex:
targethost#echo 1 > /sys/class/scsi_host/host
targethost#rescan-scsi-bus.sh -l -w -c
Do one path at a time
targethost#echo - - - > /sys/class/scsi_host/host
Check for new sd devices:
targethost#fdisk -l | grep Disk
Verifying Storage and Paths
1. After new provisioning reload qla2300 driver.
targethost# rmmod qla2300
targethost# modprobe –a qla2300
2. Verify storage and paths:
Example output: (not real output)
targethost# inq.linux
------------------------------------------------------------------
DEVICE :VEND :PROD :REV :SER NUM :CAP(kb)
------------------------------------------------------------------
…
/dev/sdc :EMC :Claiion_New :5670 :74302000 :17677440
/dev/sdd :EMC :Claiion_New :5670 :74302000 :17677440
/dev/sde :EMC :Claiion_Old :5670 :74302000 :17677440
…
3. Partitioning the New Disk
Run fdisk on the new unused disk to give the same partition as the original source disk on the source server
:
targethost# sfdisk -d /dev/hde | sfdisk /dev/hdc
targethost# sfdisk -d /dev/hde | sfdisk /dev/hdd
4. Update /etc/raidtab
The first step is to set up /etc/raidtab. This file serves as the configuration file for the mkraid command. We need to set up a stanza for both partitions, and declare any partitions on hdd as a "failed-disk" for now. This will keep the md driver from trying to use them at this time.
raiddev /dev/md1
raid-level 1
nr-raid-disks 2
nr-spare-disks 0
persistent-superblock 1
device /dev/hdc1
raid-disk 0
# this is our old disk, mark as failed for now
device /dev/hdd1
failed-disk 1
5. Converting the Partitions into RAID Devices
# mkraid /dev/md1
handling MD device /dev/md1
analyzing super-block
disk 0: /dev/hdd1, failed
disk 1: /dev/hdc1, 125464kB, raid superblock at 125376kB
6. Update fstab
Once this step is done, edit /newdisk/etc/fstab and set it up to mount the new LVM volumes in place of the old partitions, and to mount the /boot partition. We would change it to the following on the example machine:
#
…
/dev/md1 /NewSanDisk ext3 defaults 1 1
…
7. Reboot and Start Mirroring
targethost# reboot
Alternatively, you may start raid without rebooting:
targethost# raidstop /dev/md1; raidstart /dev/md1
Once the server is online, attach the SAN disk from the sourcehost to the mirror:
targethost# raidhotadd /dev/md1 /dev/hde1
Verify the mirroring is in progress:
targethost# cat /proc/mdstat
md1 : active raid1 hde1[2] hdc1[1]
9644928 blocks [2/1] [_U]
[>....................] recovery = 0.1% (11696/9644928) \
finish=13.7min speed=11696K/sec
unused devices:
Verify the mirroring has been completed:
targethost# cat /proc/mdstat
Personalities : [raid1]
read_ahead 1024 sectors
md1 : active raid1 hdc1[0] hdd1[1]
125376 blocks [2/2] [UU]
You may perform additional data integrity testing by mounting the filesystem, by starting database servers etc.
8. Reboot and Start Mirroring
Once all tests are completed successfully, you now may remove the disk from sourcehost from the Raid:
targethost# raidhotremove /dev/md1 /dev/sde2
Verify that sde is no longer engaged:
targethost# cat /proc/mdstat,
Then add a second mirror pair from the target server:
targethost# raidhotadd /dev/md1 /dev/hde1
The verification process will be the same as the immediate preceding section.
V. Cleaning Up
1. Make the targethost take on the personality of the sourcehost by changing its hostname, IP address etc.
2. Shutdown and decommission and old sourcehost.
3. On EMC control center, decommission un-used disks Hyper devices.
Monday, January 26, 2009
emc powerpath powermt cheatsheet
powermt in a shutshell
Usage:
powermt [class=]
powermt check [force] [hba=|all] [dev=|all]
powermt check_registration
powermt config
powermt display [ports] [dev=|all] [every=]
powermt display options
powermt display paths [every=]
powermt display unmanaged
powermt manage {dev= | class={invista | hitachi | hpxp | ess | hphsx}}
powermt unmanage {dev= | class={invista | hitachi | hpxp | ess | hphsx}}
powermt load [file=]
powermt release
powermt remove [force] hba=|all | dev=|all
powermt restore [hba=|all] [dev=|all]
powermt save [file=]
powermt set mode=active|standby [hba=|all] [dev=|all]
powermt set periodic_autorestore=on|off
powermt set policy={ad|bf|co|lb|li|nr|re|rr|so} [dev=|all]
powermt set priority= [dev=|all]
powermt update lun_names
powermt version
usage examples:
powermt display dev=all
powermt check_registration
powermt watch
An advance usage is as follows:
powermt set policy=policy [class={symm|clariion|hitachi|hpxp|ess|all}]
[dev=device|all]
powermt set policy sets the load balancing and failover
policy for PowerPath devices.
Arguments
policy=policy
Sets the load balancing and failover policy to one
of the following values:
ad Adaptive. I/O requests are assigned to paths
based on an algorithm that takes into account
path load and logical device priority. This
policy is valid only for Hitachi Lightning,
HP xp, and IBM ESS storage systems and is the
default policy for them on platforms with a
valid PowerPath license.
bf Basic failover. Load balancing is not in
effect. I/O routing on failure is limited to
one HBA and one port on each storage
processor. When a host boots, it designates
one path (through one interface) for all I/O.
If an I/O is issued to a logical device that
cannot be reached via that path (that is, the
I/O cannot reach that logical device through
the device's assigned interface), a trespass
is performed: the logical device is assigned
to the other interface.
SunOS 5.8 Last change: January, 2004 25
User Commands powermt(1)
This policy protects against SP and back-end
failures and allows non-disruptive upgrades
to work when running PowerPath without a
license key. It does not protect against HBA
or host loop failures.
This policy is valid only for CLARiiON
storage systems and is the default policy for
them on platforms without a valid PowerPath
license.
co CLARiiON optimization (listed in powermt
display output as CLAROpt). I/O requests are
assigned to paths based on an algorithm that
takes into account path load and the priority
you set with powermt set policy.
This policy is valid only for CLARiiON
storage systems and is the default policy for
them on platforms with a valid PowerPath
license.
lb Least blocks. Load balance is based on the
number of blocks in the pending I/Os. I/O
requests are assigned to the path with the
smallest burden in terms of blocks,
regardless of the number of requests
involved.
li Least I/Os. Load balance is based on the
number of pending I/Os. I/O requests are
assigned to the path with the smallest number
of requests, regardless of total block
volume.
nr No redirect. Neither load balancing nor
failover is in effect. If nr is set on a
failed path and a native device is used, I/O
errors will occur when I/O is directed to
that path. If one or more paths is failed and
nr is set, data I/O errors can occur.
This policy is valid only for Symmetrix,
Hitachi Lightning, HP xp, and IBM ESS storage
systems and is the default policy for them on
platforms without a valid PowerPath license.
re Request. For native devices, uses the path
that would have been used if PowerPath were
not installed. For pseudo devices, uses one
arbitrary path for all I/O. For all devices,
failover is in effect, but load balancing is
SunOS 5.8 Last change: January, 2004 26
User Commands powermt(1)
not.
rr Round robin. I/O requests are assigned to
each available path in rotation.
so Symmetrix optimization (listed in powermt
display output as SymmOpt). I/O requests are
assigned to paths based on an algorithm that
takes into account path load and the priority
you set with powermt set policy.
This policy is valid only for Symmetrix
storage systems and is the default policy for
them on platforms with a valid PowerPath
license.
Usage:
powermt [class=]
powermt check [force] [hba=|all] [dev=|all]
powermt check_registration
powermt config
powermt display [ports] [dev=|all] [every=]
powermt display options
powermt display paths [every=]
powermt display unmanaged
powermt manage {dev= | class={invista | hitachi | hpxp | ess | hphsx}}
powermt unmanage {dev= | class={invista | hitachi | hpxp | ess | hphsx}}
powermt load [file=]
powermt release
powermt remove [force] hba=|all | dev=|all
powermt restore [hba=|all] [dev=|all]
powermt save [file=]
powermt set mode=active|standby [hba=|all] [dev=|all]
powermt set periodic_autorestore=on|off
powermt set policy={ad|bf|co|lb|li|nr|re|rr|so} [dev=|all]
powermt set priority= [dev=|all]
powermt update lun_names
powermt version
usage examples:
powermt display dev=all
powermt check_registration
powermt watch
An advance usage is as follows:
powermt set policy=policy [class={symm|clariion|hitachi|hpxp|ess|all}]
[dev=device|all]
powermt set policy sets the load balancing and failover
policy for PowerPath devices.
Arguments
policy=policy
Sets the load balancing and failover policy to one
of the following values:
ad Adaptive. I/O requests are assigned to paths
based on an algorithm that takes into account
path load and logical device priority. This
policy is valid only for Hitachi Lightning,
HP xp, and IBM ESS storage systems and is the
default policy for them on platforms with a
valid PowerPath license.
bf Basic failover. Load balancing is not in
effect. I/O routing on failure is limited to
one HBA and one port on each storage
processor. When a host boots, it designates
one path (through one interface) for all I/O.
If an I/O is issued to a logical device that
cannot be reached via that path (that is, the
I/O cannot reach that logical device through
the device's assigned interface), a trespass
is performed: the logical device is assigned
to the other interface.
SunOS 5.8 Last change: January, 2004 25
User Commands powermt(1)
This policy protects against SP and back-end
failures and allows non-disruptive upgrades
to work when running PowerPath without a
license key. It does not protect against HBA
or host loop failures.
This policy is valid only for CLARiiON
storage systems and is the default policy for
them on platforms without a valid PowerPath
license.
co CLARiiON optimization (listed in powermt
display output as CLAROpt). I/O requests are
assigned to paths based on an algorithm that
takes into account path load and the priority
you set with powermt set policy.
This policy is valid only for CLARiiON
storage systems and is the default policy for
them on platforms with a valid PowerPath
license.
lb Least blocks. Load balance is based on the
number of blocks in the pending I/Os. I/O
requests are assigned to the path with the
smallest burden in terms of blocks,
regardless of the number of requests
involved.
li Least I/Os. Load balance is based on the
number of pending I/Os. I/O requests are
assigned to the path with the smallest number
of requests, regardless of total block
volume.
nr No redirect. Neither load balancing nor
failover is in effect. If nr is set on a
failed path and a native device is used, I/O
errors will occur when I/O is directed to
that path. If one or more paths is failed and
nr is set, data I/O errors can occur.
This policy is valid only for Symmetrix,
Hitachi Lightning, HP xp, and IBM ESS storage
systems and is the default policy for them on
platforms without a valid PowerPath license.
re Request. For native devices, uses the path
that would have been used if PowerPath were
not installed. For pseudo devices, uses one
arbitrary path for all I/O. For all devices,
failover is in effect, but load balancing is
SunOS 5.8 Last change: January, 2004 26
User Commands powermt(1)
not.
rr Round robin. I/O requests are assigned to
each available path in rotation.
so Symmetrix optimization (listed in powermt
display output as SymmOpt). I/O requests are
assigned to paths based on an algorithm that
takes into account path load and the priority
you set with powermt set policy.
This policy is valid only for Symmetrix
storage systems and is the default policy for
them on platforms with a valid PowerPath
license.
Thursday, January 1, 2009
IT Governance Resources - December 2008
Posted by: "Dan Swanson" dswanson_2008@yahoo.ca dswanson_2008
Wed Dec 31, 2008 5:25 pm (PST)
The last resource email for 2008 is focused on providing leading
Governance resources from around the world.
Enjoy -- please share with your colleagues as well.
All the best in 2009 - May it be your best year ever!
Dan Swanson
Roadmap to Being an Effective Director
This website is dedicated to speeding up learning for new directors and removing some of the mystery from the process. It's a roadmap to the basic risk management skills used by boards. It ramps-up the learning curve so new directors can be effective at the board table more quickly and participate with confidence. Sounds promising–but how do you do that – in practical terms? How can an independent Director, who attends a four-hour meeting six times a year, learn to supervise full time management? That's what this site is all about. Developed over the past five years, GovernanceTools© explains risk management, the biggest part of a director's job. It provides relevant information in timely, need-to-know chunks. And learning can occur prior to your board meeting, whenever you have available time. http://www.governan/cetools.com/home.asp
An overview of corporate governance – (by ICAEW)
What is corporate governance? - Corporate governance is commonly referred to as a system by which organizations are directed and controlled. It is the process by which company objectives are established, achieved and monitored. Corporate governance is concerned with the relationships and responsibilities between the board, management, shareholders and other relevant stakeholders within a legal and regulatory framework.
http://www.icaew.co.uk/index.cfm?route=122444
Most organizations today understand the importance of Ethics, Leadership, and Values-Based Business Practices. And those that actually turn their good intentions into action – those that “walk the talk” – are able to: Attract and retain the very best people; Deliver high-quality products and services; Build and maintain customer loyalty; and Achieve long-term, sustained results.
Editor’s note - that one extra degree of effort may be all you need; enjoy this inspirational movie.
http://www.the212mo vie.com/
What the Board Needs to Know About IT: Phase II Findings
Maximizing performance through IT strategy
http://www.deloitte.com/dtt/ article/0,1002,sid= 36692&cid=151800,00.html
Corporate Directors May Not Be Providing Sufficiently Robust Enterprise Risk Oversight The "Executive Summary" of this new Conference Board report is available at:
http://www.conference-board.org/utilities/pressDetail.cfm?press_ID=2893
CICA’s Risk Management and Governance Collection
20 Questions Directors Should Ask – (on various important topics).
Consider just obtaining their CD, i.e. with all this guidance combined into one place.
http://www.rmgb.ca/index.cfm/ciid/ 3083/laid/ 1.htm
Unplanned Work: The Silent Killer
Find out how unplanned work - those activities not mapped to any project, procedure or change request - is undermining the effectiveness of your IT efforts.
http://www.networkworld.com/whitepapers/nww/pdf/Tripwire_Unplanned_Work_Management_ Paper.pdf
20 Questions Directors Should Ask About IT (Revised April 2004)
Information technology is a critical part of an organization' s internal control and management information system. Ensuring its integrity is an important responsibility for board members. ITAC has compiled 20 key questions about IT that should be asked about: strategic planning and technology, performance and personnel issues, internal control issues, risk and security, information privacy, e-business, availability policies, and legal issue.
http://www.cica.ca/index.cfm/ci_id/ 1000/la_id/1
Managing Change
There is no management activity more misunderstood, abused and ignored than the act of implementing Change. Some have even suggested that the phrase "Change Management" is an oxymoron. The articles available below have a single purpose, to transform the act of Managing Change from something we dread, to something we approach with skill, insight, wisdom and an increased chance of success.
http://www.technobi lity.com/ docs/menu-managing-change.htm
The Favoritism Test
Learn to avoid the pitfalls of rewarding sycophants in the workplace.
http://www.strategy -business.com/press/enewsarticle/enews022707
ISO 27001 CERTIFICATION GUIDES LAUNCHED
IT Governance Ltd has launched the world’s first practical guides to help company directors and IT project managers understand and achieve certification to ISO 27001, the newly published global certification standard for information security management (replaces BS7799 and complements ISO 17799). In the modern corporate governance climate, ISO 27001 certification will increasingly become a prerequisite for winning new business, thereby accelerating the transfer of IT security issues from the data room to the boardroom.
http://www.itgovernance.co.uk/news_detail.aspx?news_id=25
Featured Internet Sites - Knowledge Management
An interesting collection of web sites focused on knowledge management that is maintained by the legislative library of the Manitoba provincial government.
http://www.gov.mb.ca/chc/ leg-lib/net1206.html
What the Board Needs to Know About IT (The board’s role in leveraging technology as a strategic resource)
In 2006, Deloitte Consulting LLP began a research initiative to explore how boards of directors are approaching information technology (IT). Phase I of this research represents the findings of more than 30 interviews with directors and senior executives. The findings from the Phase I interviews have been captured in the point of view: "What the Board Needs to Know About IT:
The Board's Role in Leveraging Technology as a Strategic Resource."
You can also download "Bringing IT Into the Boardroom," which appeared as a supplement to the Fall 2006 issue of Corporate Board Member magazine. Finally, you can learn about the upcoming Phase II research results on the topic of the board and IT by downloading a preview of the survey results, entitled: “Big Conundrum: Phase II Preliminary Findings.”
For more info on the Deloitte initiative, all the above mentioned documents, and “more”, visit: http://www.deloitte.com/dtt/article/0,1002,sid=26562,cid=132853,00.html
CERT Launches Podcast Series
The CERT® Program is pleased to announce the launch of its first podcast series, "Security for Business Leaders," available at http://www.cert.org/podcast. The series will provide both general principles and specific starting points for business leaders who want to launch enterprise-wide security efforts, or who want to ensure that their organizations' existing security program is as effective as possible. New podcasts will be available every two weeks.
The newest podcast features Rich Pethia, Director of the CERT Program. Other podcast topics include "Why Leaders Should Care about Security," "The ROI of Security," "Proactive Remedies for Rising Threat," and "Compliance vs.Buy-in." Podcasters can listen to entire conversations, download PDF transcripts, and investigate additional references in show notes.
"Security for Business Leaders" is the first podcast series for the SEI.
ACI/KPMG resources on Risk Management
http://www.kpmg.com/aci/risk_mgmt.asp
The Role of U.S. Corporate Boards in Enterprise Risk Management
Boards of Directors in the United States, having focused heavily on Sarbanes-Oxley requirements and more rigorous governance and compliance standards, are now beginning to assess their evolving role in providing oversight in the area of enterprise risk management (ERM). In view of the rapidly developing state of ERM in U.S. corporations, boards face a particularly challenging set of issues in responding to the need for improved oversight of risk management. The Conference Board with McKinsey & Company and KPMG's Audit Committee Institute conducted research on the role of U.S. corporate boards in Enterprise Risk Management between October 2005 and February 2006.
http://www.conference-board.org/publications/describe.cfm?id=1190
Frequently Asked Questions in Corporate Governance (FAQs)
As directors, officers, and advisors work to safeguard and build the value of corporations, they often encounter new corporate governance issues and turn to NACD for answers. Below are some of the questions that our members and others have asked us in recent times, along with some brief answers and links to our current resources.
http://www.nacdonline.org/FAQ/
Tottel’s Corporate Governance Handbook, Third Edition
Tottel’s Corporate Governance Handbook provides invaluable, practical guidance to help you ensure your company functions legally and ethically. Corporate governance is playing an increasing part not just in how companies are run but also how they appear to be run from the outside. The new edition of Tottel’s Corporate Governance Handbook has been brought right up-to-date to provide practical and readable advice on how to ensure your company meets the required standards.
The NEW, fully updated edition includes:
Checklist for implementing the 2003 Combined Code
Assessing board and director performance
The on-going review of the Turnbull Report by the Flint Committee
HM Treasury policy on audit committees and governance of pension schemes
European corporate governance developments and NYSE corporate governance rules
And much more.
http://www.itgovernance.co.uk/products/ 453
Dialogue in corporate governance
The Dialogue in corporate governance initiative aims to facilitate better understanding of pressure and opportunities that arise in increasingly international capital markets. It encourages dialogue around business, investment accountancy and policy issues relating to corporate governance through publications, roundtables and face-to-face meetings.
Dialogue in corporate governance is convened by the ICAEW and its purpose is to: 1) challenge commonly held assumptions, 2) identify fundamental questions; and 3) set challenges for future research. http://www.icaew.co.uk/index.cfm?route=144872
Tougher Boards for Tougher Times: Corporate Governance in the Post-Enron Era (John Wiley & Sons Canada, 2006).
http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470837306.html,
The IIA's position statement regarding Organizational Governance.
In my view this is one of the most important papers that the IIA has issued in the past six to seven years. This position paper (it is the first item on the list) is available at:
http://www.theiia.org/doc_d=126
NACD Blue Ribbon Commission (BRC) reports.
www.nacdonline. org
1. The NACD BRC on Board Evaluation - 2005 Edition
2. The NACD BRC on Board Leadership
3. The NACD BRC on Director Compensation
4. The NACD BRC on Audit Committees
5. The NACD BRC on Director Professionalism
6. The NACD BRC on Role of the Board in Corporate Strategy
7. The NACD BRC on Risk Oversight
The Center for Strategic communication is to serve as an advocate for an integrated-communic ation approach to investor relations and corporate communication. World-class communication is a goal of any organization, and one of the most difficult challenges to CEOs is sending a clear and consistent message to highly divergent constituents. The Center would treat world-class communication as the “end goal” and will become the primary source for leading-edge and implementable strategies for any organization to reach that goal.
http://www.niri.org/about/center.cfm
DM Extra is an electronic publication published by NACD. It is designed to provide you with immediate, up-to-date information regarding current events in the corporate governance arena. http://www.nacdonli ne.org/dm/ xtra.asp
I like this publication because it provides thoughtful, timeless, board level "perspectives" .
Three "classics" I strongly recommend you review include: (note - there are many more).
a. The Rise and Fall of Enron: Principles for Director Focus
http://www.nacdonline.org/members/ dmx/dmxtra_0202.pdf
b. Worldcom: Six Questions for Directors
http://www.nacdonline.org/dm/ NACD-Jul02- DMX-RE.pdf
c. Rise and Fall of Enron
http://www.nacdonline.org/nacd/enron.asp?user
Business Planning Guide: Practical Application for SMEs
The Professional Accountants in Business Committee identified a practical business planning guide as a very useful tool for management, principally but not exclusively, operating in the small and medium entities (SMEs) area of the market. This information paper provides practical guidance that will help SMEs to understand their own business and industry, enabling them to better evaluate the business potentials and their associated risks. It will also be useful to small and medium-sized practitioners that are providing professional accounting services to SMEs.
http://www.ifac.org/Store/Category.tmpl?Category=ProfessionalAccountantsinBusiness& Cart=11717418193 382 247
A Question of Trust
The latest issue of Tone at the Top, “Stakeholder Trust Remains a Hot Topic,” looks at seven things directors should consider in regard to rebuilding the trust of stakeholders. If your executive management and audit committee members are not already receiving Tone at the Top, please provide their mailing and e-mail information to pr@theiia.org. Many, many past issues are also accessible - go to: http://www.theiia.org/periodicals/newsletters/ tone-at-the-top/
Definition of Investor Relations
Investor relations is a strategic management responsibility that integrates finance, communication, marketing and securities law compliance to enable the most effective two-way communication between a company, the financial community, and other constituencies, which ultimately contributes to a company's securities achieving fair valuation. http://www.niri.org/about/ mission.cfm
About TheCorporateCounsel.net
Following the long-standing tradition of The Corporate Counsel and The Corporate Executive, TheCorporateCounsel .net is an educational service that provides practical guidance on legal issues involving corporate and securities regulation and corporate governance practices - as well as many other areas impacting today's corporate practitioner. The Editor is Broc Romanek and the Associate Editor is Julie Hoffman, who are assisted by Jesse Brill, Mike Gettelman, and Alan Dye, among many others at Executive Press.
http://www.thecorporatecounsel.net/home.asp
"It Takes A Lot More Than Attitude...To Lead a Stellar Organization" - By Stever Robbins.Become a better leader in a Fun, Provocative Read! Looking for new ideas you can implement immediately to be a more effective leader? Pick up 'It Takes a Lot More than Attitude ... to Lead a Stellar Organization. . ' This collection of essays explores with what it takes to be a great leader, in an engaging, no-nonsense conversation that keeps you turning the pages. It also makes a perfect gift for the person with the leadership title who just doesn't get it. Buy it at www.alotmorethanatt itude.com (The only book on leadership that starts by discussing the responsibilities of leadership, and goes on to reveal all the secrets the great leadership pundits never discuss. Like when and why you can wear a feather boa to staff
meetings...)
Purpose -- The Starting Point of Great Companies
The latest strategy & business (s&b) newsletter is out and this issue is regarding “Purpose and Innovation”. Consider checking out their web site too – (its amazing).
http://www.strategy -business.com/press/enewsarticle/enews102606
Creativity Fringes
Is your organization innovative? The Creativity Fringes newsletter is one of the best sources of thinking outside your box, and encourages creativity, innovation, etc., in everything we do in a light and educational manner. A truly great monthly read, past issues are available below.
http://www.fcg.gov/creativityfringes.shtml
Directors and Boards
http://www.directorsandboards.com/
The Language of Compliance
The Language of Compliance is the biggest (3,500+ entries) resource for acronyms, terms, and extended definitions. Authored by Dorian Cougias and Marcelo Halpern it covers the terms found in HIPAA, SOX, GLB, CobiT, ISO 17799 and 27001, BCI, BSI, ISSF, and over 100 other regulatory bodies and standards agencies.
http://glossary. unifiedcompliance.com/buy_now/the_language_of_compliance.html
Unified Compliance Project (UCP)
ITCi's Unified Compliance Project (UCP) is an independent initiative focused on supporting IT compliance management. The UCP parses and reconstructs complex corporate regulations into a holistic IT compliance view. http://www.itcinsti tute.com/ucp/
Audit Integrity
Audit Integrity research services support risk management practices that help investors, insurers and others lower risk and improve performance with objective ratings and reports. The Audit Integrity Accounting and Governance Risk (AGR®) rating is a measure of the overall risk related to corporate accounting and governance practices.
http://www.auditintegrity.com/ index.php
Audit Integrity Salutes Top 100 Firms for Excellence in Accounting and Governance http://www.auditintegrity.com/upload/iblock/9a0/Audit_Integrity_20070326_Top100List.pdf
The U.S. Government Accountability Office (the GAO)
The Government Accountability Office (GAO) is an agency that works for Congress and the American people. Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars and advises Congress and the heads of executive agencies about ways to make government more effective and responsive.
Leading best practice guidance on various management practices - http://www.gao.gov/aac.html
Leading IT and IM guidance - http://www.gao.gov/special.pubs/cit.html
Posted by: "Dan Swanson" dswanson_2008@yahoo.ca dswanson_2008
Wed Dec 31, 2008 5:25 pm (PST)
The last resource email for 2008 is focused on providing leading
Governance resources from around the world.
Enjoy -- please share with your colleagues as well.
All the best in 2009 - May it be your best year ever!
Dan Swanson
Roadmap to Being an Effective Director
This website is dedicated to speeding up learning for new directors and removing some of the mystery from the process. It's a roadmap to the basic risk management skills used by boards. It ramps-up the learning curve so new directors can be effective at the board table more quickly and participate with confidence. Sounds promising–but how do you do that – in practical terms? How can an independent Director, who attends a four-hour meeting six times a year, learn to supervise full time management? That's what this site is all about. Developed over the past five years, GovernanceTools© explains risk management, the biggest part of a director's job. It provides relevant information in timely, need-to-know chunks. And learning can occur prior to your board meeting, whenever your have available time. http://www.governan cetools.com/ home.asp
An overview of corporate governance – (by ICAEW)
What is corporate governance? - Corporate governance is commonly referred to as a system by which organizations are directed and controlled. It is the process by which company objectives are established, achieved and monitored. Corporate governance is concerned with the relationships and responsibilities between the board, management, shareholders and other relevant stakeholders within a legal and regulatory framework.
http://www.icaew. co.uk/index. cfm?route= 122444
What drives Toyota ? The presumption of imperfection— and a refusal to accept it.
It's the story of Toyota 's genius: an insatiable competitiveness that would seem un-American were it not for all the Americans making it happen. Toyota 's competitiveness is quiet, internal, self-critical. It is rooted in an institutional obsession with improvement that Toyota manages to instill in each one of its workers, a pervasive lack of complacency with whatever was accomplished yesterday.
Editor’s note – how much focus does your organization place on competitiveness?
http://www.fastcomp any.com/magazine /111/open_ no-satisfaction. html
Most organizations today understand the importance of Ethics, Leadership, and Values-Based Business Practices. And those that actually turn their good intentions into action – those that “walk the talk” – are able to: Attract and retain the very best people; Deliver high-quality products and services; Build and maintain customer loyalty; and Achieve long-term, sustained results.
Editor’s note - that one extra degree of effort may be all you need; enjoy this inspirational movie.
http://www.the212mo vie.com/
Information Technology and the Board - "An Insightful Resource".
http://www.deloitte .com/dtt/ article/0% 2C1002%2Ccid% 25253D152626% 2C00.html
What the Board Needs to Know About IT: Phase II Findings
Maximizing performance through IT strategy
http://www.deloitte .com/dtt/ article/0, 1002,sid= 36692&cid=151800, 00. html
Corporate Directors May Not Be Providing Sufficiently Robust Enterprise Risk Oversight The "Executive Summary" of this new Conference Board report is available at:
http://www.conferen ce-board. org/utilities/ pressDetail. cfm?press_ ID=2893
CICA’s Risk Management and Governance Collection
20 Questions Directors Should Ask – (on various important topics).
Consider just obtaining their CD, i.e. with all this guidance combined into one place.
http://www.rmgb. ca/index. cfm/ciid/ 3083/laid/ 1.htm
Unplanned Work: The Silent Killer
Find out how unplanned work - those activities not mapped to any project, procedure or change request - is undermining the effectiveness of your IT efforts.
http://www.networkw orld.com/ whitepapers/ nww/pdf/Tripwire _Unplanned_ Work_Management_ Paper.pdf
20 Questions Directors Should Ask About IT (Revised April 2004)
Information technology is a critical part of an organization' s internal control and management information system. Ensuring its integrity is an important responsibility for board members. ITAC has compiled 20 key questions about IT that should be asked about: strategic planning and technology, performance and personnel issues, internal control issues, risk and security, information privacy, e-business, availability policies, and legal issue.
http://www.cica. ca/index. cfm/ci_id/ 1000/la_id/ 1
Managing Change
There is no management activity more misunderstood, abused and ignored than the act of implementing Change. Some have even suggested that the phrase "Change Management" is an oxymoron. The articles available below have a single purpose, to transform the act of Managing Change from something we dread, to something we approach with skill, insight, wisdom and an increased chance of success.
http://www.technobi lity.com/ docs/menu- managing- change.htm
The Favoritism Test
Learn to avoid the pitfalls of rewarding sycophants in the workplace.
http://www.strategy -business. com/press/ enewsarticle/ enews022707
ISO 27001 CERTIFICATION GUIDES LAUNCHED
IT Governance Ltd has launched the world’s first practical guides to help company directors and IT project managers understand and achieve certification to ISO 27001, the newly published global certification standard for information security management (replaces BS7799 and complements ISO 17799). In the modern corporate governance climate, ISO 27001 certification will increasingly become a prerequisite for winning new business, thereby accelerating the transfer of IT security issues from the data room to the boardroom.
http://www.itgovern ance.co.uk/ news_detail. aspx?news_ id=25
Featured Internet Sites - Knowledge Management
An interesting collection of web sites focused on knowledge management that is maintained by the legislative library of the Manitoba provincial government.
http://www.gov. mb.ca/chc/ leg-lib/net1206. html
FMEA - Failure Mode and Effects Analysis ( Information Center )
Everything you want to know about Failure Mode and Effect Analysis.
http://www.isixsigm a.com/offsite. asp?A=Fr&Url=http://www. fmeainfocentre. com
What the Board Needs to Know About IT (The board’s role in leveraging technology as a strategic resource)
In 2006, Deloitte Consulting LLP began a research initiative to explore how boards of directors are approaching information technology (IT). Phase I of this research represents the findings of more than 30 interviews with directors and senior executives. The findings from the Phase I interviews have been captured in the point of view: "What the Board Needs to Know About IT: The Board's Role in Leveraging Technology as a Strategic Resource."
You can also download "Bringing IT Into the Boardroom," which appeared as a supplement to the Fall 2006 issue of Corporate Board Member magazine. Finally, you can learn about the upcoming Phase II research results on the topic of the board and IT by downloading a preview of the survey results, entitled: “Big Conundrum: Phase II Preliminary Findings.”
For more info on the Deloitte initiative, all the above mentioned documents, and “more”, visit: http://www.deloitte .com/dtt/ article/0, 1002,sid% 3D26562%26cid% 3D132853, 00.html
CERT Launches Podcast Series
The CERT® Program is pleased to announce the launch of its first podcast series, "Security for Business Leaders," available at http://www.cert. org/podcast. The series will provide both general principles and specific starting points for business leaders who want to launch enterprise-wide security efforts, or who want to ensure that their organizations' existing security program is as effective as possible. New podcasts will be available every two weeks.
The newest podcast features Rich Pethia, Director of the CERT Program. Other podcast topics include "Why Leaders Should Care about Security," "The ROI of Security," "Proactive Remedies for Rising Threat," and "Compliance vs.. Buy-in." Podcasters can listen to entire conversations, download PDF transcripts, and investigate additional references in show notes.
"Security for Business Leaders" is the first podcast series for the SEI.
Information Security Oversight: Essential Board Practices, from the National Association of Corporate Directors (NACD).
Learn four steps each board should adopt to avoid the hazards of leaving information inadequately protected from cyber criminals. Review the questions each board should ask to determine inherent risks. Discover the potential liabilities and other woes that might befall corporate boards and management who show too little involvement in safeguarding the security and privacy of corporate-held information. Lessons include identifying vulnerabilities, mitigating damages, establishing controls, educating officers and employees, and resolving issues. Sponsored by KPMG's Audit Committee Institute and published in collaboration with the Institute of Internal Auditors and the Critical Infrastructure Assurance Office of the U.S. Department of Commerce..
http://www.nacdonli ne.org/publicati ons/pubDetails. asp?pubID= 138&user=D0888270C5 AF46 508BEC8472906F87 C3
ACI/KPMG resources on Risk Management
http://www.kpmg. com/aci/risk_ mgmt.asp
The Role of U.S. Corporate Boards in Enterprise Risk Management
Boards of Directors in the United States , having focused heavily on Sarbanes-Oxley requirements and more rigorous governance and compliance standards, are now beginning to assess their evolving role in providing oversight in the area of enterprise risk management (ERM). In view of the rapidly developing state of ERM in U.S. corporations, boards face a particularly challenging set of issues in responding to the need for improved oversight of risk management. The Conference Board with McKinsey & Company and KPMG's Audit Committee Institute conducted research on the role of U.S. corporate boards in Enterprise Risk Management between October 2005 through February 2006.
http://www.conferen ce-board. org/publications /describe. cfm?id=1190
Frequently Asked Questions in Corporate Governance (FAQs)
As directors, officers, and advisors work to safeguard and build the value of corporations, they often encounter new corporate governance issues and turn to NACD for answers. Below are some of the questions that our members and others have asked us in recent times, along with some brief answers and links to our current resources.
http://www.nacdonli ne.org/FAQ/
Tottel’s Corporate Governance Handbook, Third Edition
Tottel’s Corporate Governance Handbook provides invaluable, practical guidance to help you ensure your company functions legally and ethically. Corporate governance is playing an increasing part not just in how companies are run but also how they appear to be run from the outside. The new edition of Tottel’s Corporate Governance Handbook has been brought right up-to-date to provide practical and readable advice on how to ensure your company meets the required standards.
The NEW, fully updated edition includes:
Checklist for implementing the 2003 Combined Code
Assessing board and director performance
The on-going review of the Turnbull Report by the Flint Committee
HM Treasury policy on audit committees and governance of pension schemes
European corporate governance developments and NYSE corporate governance rules
And much more.
http://www.itgovern ance.co.uk/ products/ 453
Dialogue in corporate governance
The Dialogue in corporate governance initiative aims to facilitate better understanding of pressure and opportunities that arise in increasingly international capital markets. It encourages dialogue around business, investment accountancy and policy issues relating to corporate governance through publications, roundtables and face-to-face meetings.
Dialogue in corporate governance is convened by the ICAEW and its purpose is to: 1) challenge commonly held assumptions, 2) identify fundamental questions; and 3) set challenges for future research. http://www.icaew. co.uk/index. cfm?route= 144872
Tougher Boards for Tougher Times: Corporate Governance in the Post-Enron Era (John Wiley & Sons Canada , 2006).
http://www.wiley. com/WileyCDA/ WileyTitle/ productCd- 0470837306. html
The IIA's position statement regarding Organizational Governance.
In my view this is one of the most important papers that the IIA has issued in the past six to seven years. This position paper (it is the first item on the list) is available at:
http://www.theiia. org/?doc_ id=126
NACD Blue Ribbon Commission (BRC) reports.
www.nacdonline. org
1. The NACD BRC on Board Evaluation - 2005 Edition
2. The NACD BRC on Board Leadership
3. The NACD BRC on Director Compensation
4. The NACD BRC on Audit Committees
5. The NACD BRC on Director Professionalism
6. The NACD BRC on Role of the Board in Corporate Strategy
7. The NACD BRC on Risk Oversight
The Center for Strategic communication is to serve as an advocate for an integrated-communic ation approach to investor relations and corporate communication. World-class communication is a goal of any organization, and one of the most difficult challenges to CEOs is sending a clear and consistent message to highly divergent constituents. The Center would treat world-class communication as the “end goal” and will become the primary source for leading-edge and implementable strategies for any organization to reach that goal.
http://www.niri. org/about/ center.cfm
DM Extra is an electronic publication published by NACD. It is designed to provide you with immediate, up-to-date information regarding current events in the corporate governance arena. http://www.nacdonli ne.org/dm/ xtra.asp
I like this publication because it provides thoughtful, timeless, board level "perspectives" .
Three "classics" I strongly recommend you review include: (note - there are many more).
a. The Rise and Fall of Enron: Principles for Director Focus
http://www.nacdonli ne.org/members/ dmx/dmxtra_ 0202.pdf
b. Worldcom: Six Questions for Directors
http://www.nacdonli ne.org/dm/ NACD-Jul02- DMX-RE.pdf
c. Rise and Fall of Enron
http://www.nacdonli ne.org/nacd/ enron.asp? user
Business Planning Guide: Practical Application for SMEs
The Professional Accountants in Business Committee identified a practical business planning guide as a very useful tool for management, principally but not exclusively, operating in the small and medium entities (SMEs) area of the market. This information paper provides practical guidance that will help SMEs to understand their own business and industry, enabling them to better evaluate the business potentials and their associated risks. It will also be useful to small and medium-sized practitioners that are providing professional accounting services to SMEs.
http://www.ifac. org/Store/ Category. tmpl?Category= Professional% 20Accountants% 20in%20Business& Cart=11717418193 382 247
A Question of Trust
The latest issue of Tone at the Top, “Stakeholder Trust Remains a Hot Topic,” looks at seven things directors should consider in regard to rebuilding the trust of stakeholders. If your executive management and audit committee members are not already receiving Tone at the Top, please provide their mailing and e-mail information to pr@theiia.org. Many, many past issues are also accessible - go to: http://www.theiia. org/periodicals/ newsletters/ tone-at-the- top/
Definition of Investor Relations
Investor relations is a strategic management responsibility that integrates finance, communication, marketing and securities law compliance to enable the most effective two-way communication between a company, the financial community, and other constituencies, which ultimately contributes to a company's securities achieving fair valuation. http://www.niri. org/about/ mission.cfm
About TheCorporateCounsel .net
Following the long-standing tradition of The Corporate Counsel and The Corporate Executive, TheCorporateCounsel .net is an educational service that provides practical guidance on legal issues involving corporate and securities regulation and corporate governance practices - as well as many other areas impacting today's corporate practitioner. The Editor is Broc Romanek and the Associate Editor is Julie Hoffman, who are assisted by Jesse Brill, Mike Gettelman, and Alan Dye, among many others at Executive Press.
http://www.thecorpo ratecounsel. net/home. asp
"It Takes A Lot More Than Attitude...To Lead a Stellar Organization" - By Stever Robbins.Become a better leader in a Fun, Provocative Read! Looking for new ideas you can implement immediately to be a more effective leader? Pick up 'It Takes a Lot More than Attitude ... to Lead a Stellar Organization. . ' This
collection of essays explores with what it takes to be a great leader, in an engaging, no-nonsense conversation that keeps you turning the pages. It also makes a perfect gift for the person with the leadership title who just doesn't get it. Buy it at www.alotmorethanatt itude.com (The only book on leadership that starts by discussing the responsibilities of leadership, and goes on to reveal all the secrets the great leadership pundits never discuss. Like when and why you can wear a feather boa to staff
meetings...)
Purpose -- The Starting Point of Great Companies
The latest strategy & business (s&b) newsletter is out and this issue is regarding “Purpose and Innovation”. Consider checking out their web site too – (its amazing).
http://www.strategy -business. com/press/ enewsarticle/ enews102606
Creativity Fringes
Is your organization innovative? The Creativity Fringes newsletter is one of the best sources of thinking outside your box, and encourages creativity, innovation, etc., in everything we do in a light and educational manner. A truly great monthly read, past issues are available below.
http://www.fcg. gov/creativity_ fringes.shtml
Directors and Boards
http://www.director sandboards. com/
The Language of Compliance
The Language of Compliance is the biggest (3,500+ entries) resource for acronyms, terms, and extended definitions. Authored by Dorian Cougias and Marcelo Halpern it covers the terms found in HIPAA, SOX, GLB, CobiT, ISO 17799 and 27001, BCI, BSI, ISSF, and over 100 other regulatory bodies and standards agencies.
http://glossary. unifiedcomplianc e.com/buy_ now/the_language _of_compliance. html
Unified Compliance Project (UCP)
ITCi's Unified Compliance Project (UCP) is an independent initiative focused on supporting IT compliance management. The UCP parses and reconstructs complex corporate regulations into a holistic IT compliance view.
http://www.itcinsti tute.com/ ucp/
Audit Integrity
Audit Integrity research services support risk management practices that help investors, insurers and others lower risk and improve performance with objective ratings and reports. The Audit Integrity Accounting and Governance Risk (AGR®) rating is a measure of the overall risk related to corporate accounting and governance practices.
http://www.auditint egrity.com/ index..php
Audit Integrity Salutes Top 100 Firms for Excellence in Accounting and Governance http://www.auditint egrity.com/ upload/iblock/ 9a0/Audit_ Integrity_ 20070326_ Top100List. pdf
The U.S. Government Accountability Office (the GAO)
The Government Accountability Office (GAO) is an agency that works for Congress and the American people. Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars and advises Congress and the heads of executive agencies about ways to make government more effective and responsive.
www.gao.gov
Leading best practice guidance on various management practices - http://www.. gao. gov/aac.html
Leading IT and IM guidance - http://www.gao. gov/special. pubs/cit. html
Global Technology Audit Guide (GTAG)
The Institute of Internal Auditors (The IIA) is producing a series of publications with guidance on information technology. Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives. Each Global Technology Audit Guide (GTAG) is written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG is a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associat ed risks and recommended practices.
http://www.theiia. org/guidance/ technology/ gtag/
Board Governance – Deloitte’s Governance Repository
https://www. corpgov.deloitte .com/site/ us/menuitem. 88e49625b72277a9 8f220ce36cdf8a0c /;jsessionid= Cy7kGJSZVYbhbSRy qVXsz1s12ykvs3v6 hSKpkxHzLbVqlNkt Ttv9!-377936133! -608783955
Corporate Governance
This CEO-led task force has identified cyber security roles and responsibilities within the corporate management structure, referencing and combining best practices and metrics that bring accountability to three key elements of a cyber security system: people, process and technology.
http://www.cyberpar tnership. org/init- governance. html
Australia has Corporate Governance Standards, the AS 8000 series at:
The AU Governance series has five main parts:
I. Good governance principles
II. Fraud and corruption control
III. Organizational codes of conduct
IV. Corporate social responsibility
V. Whistleblower protection programs for entities
http://www.saigloba l.com/
Information technology governance - From Wikipedia, (the free encyclopedia)
Information technology governance, IT governance or ICT Governance, is a subset discipline of Corporate governance focused on information technology systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives (e.g. Sarbanes-Oxley ( USA ) and Basel II ( Europe )), as well as the acknowledgement that IT projects can easily get out of control and profoundly affect the performance of an organization.
http://en.wikipedia .org/wiki/ Information_ technology_ governance
..
Global Technology Audit Guide (GTAG)
The Institute of Internal Auditors (The IIA) is producing a series of publications with guidance on information technology. Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives. Each Global Technology Audit Guide (GTAG) is written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG is a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associated risks and recommended practices.
http://www.theiia.org/guidance/ technology/gtag/
Corporate Governance
This CEO-led task force has identified cyber security roles and responsibilities within the corporate management structure, referencing and combining best practices and metrics that bring accountability to three key elements of a cyber security system: people, process and technology.
http://www.cyberpartnership.org/init-governance.html
Australia has Corporate Governance Standards, the AS 8000 series at:
The AU Governance series has five main parts:
I. Good governance principles
II. Fraud and corruption control
III. Organizational codes of conduct
IV. Corporate social responsibility
V. Whistleblower protection programs for entities
http://www.saiglobal.com/
Information technology governance - From Wikipedia, (the free encyclopedia)
Information technology governance, IT governance or ICT Governance, is a subset discipline of Corporate governance focused on information technology systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives (e.g. Sarbanes-Oxley ( USA ) and Basel II ( Europe )), as well as the acknowledgement that IT projects can easily get out of control and profoundly affect the performance of an organization.
http://en.wikipedia.org/wiki/Information_technology_governance
..
Wed Dec 31, 2008 5:25 pm (PST)
The last resource email for 2008 is focused on providing leading
Governance resources from around the world.
Enjoy -- please share with your colleagues as well.
All the best in 2009 - May it be your best year ever!
Dan Swanson
Roadmap to Being an Effective Director
This website is dedicated to speeding up learning for new directors and removing some of the mystery from the process. It's a roadmap to the basic risk management skills used by boards. It ramps-up the learning curve so new directors can be effective at the board table more quickly and participate with confidence. Sounds promising–but how do you do that – in practical terms? How can an independent Director, who attends a four-hour meeting six times a year, learn to supervise full time management? That's what this site is all about. Developed over the past five years, GovernanceTools© explains risk management, the biggest part of a director's job. It provides relevant information in timely, need-to-know chunks. And learning can occur prior to your board meeting, whenever you have available time. http://www.governan/cetools.com/home.asp
An overview of corporate governance – (by ICAEW)
What is corporate governance? - Corporate governance is commonly referred to as a system by which organizations are directed and controlled. It is the process by which company objectives are established, achieved and monitored. Corporate governance is concerned with the relationships and responsibilities between the board, management, shareholders and other relevant stakeholders within a legal and regulatory framework.
http://www.icaew.co.uk/index.cfm?route=122444
Most organizations today understand the importance of Ethics, Leadership, and Values-Based Business Practices. And those that actually turn their good intentions into action – those that “walk the talk” – are able to: Attract and retain the very best people; Deliver high-quality products and services; Build and maintain customer loyalty; and Achieve long-term, sustained results.
Editor’s note - that one extra degree of effort may be all you need; enjoy this inspirational movie.
http://www.the212mo vie.com/
What the Board Needs to Know About IT: Phase II Findings
Maximizing performance through IT strategy
http://www.deloitte.com/dtt/ article/0,1002,sid= 36692&cid=151800,00.html
Corporate Directors May Not Be Providing Sufficiently Robust Enterprise Risk Oversight The "Executive Summary" of this new Conference Board report is available at:
http://www.conference-board.org/utilities/pressDetail.cfm?press_ID=2893
CICA’s Risk Management and Governance Collection
20 Questions Directors Should Ask – (on various important topics).
Consider just obtaining their CD, i.e. with all this guidance combined into one place.
http://www.rmgb.ca/index.cfm/ciid/ 3083/laid/ 1.htm
Unplanned Work: The Silent Killer
Find out how unplanned work - those activities not mapped to any project, procedure or change request - is undermining the effectiveness of your IT efforts.
http://www.networkworld.com/whitepapers/nww/pdf/Tripwire_Unplanned_Work_Management_ Paper.pdf
20 Questions Directors Should Ask About IT (Revised April 2004)
Information technology is a critical part of an organization' s internal control and management information system. Ensuring its integrity is an important responsibility for board members. ITAC has compiled 20 key questions about IT that should be asked about: strategic planning and technology, performance and personnel issues, internal control issues, risk and security, information privacy, e-business, availability policies, and legal issue.
http://www.cica.ca/index.cfm/ci_id/ 1000/la_id/1
Managing Change
There is no management activity more misunderstood, abused and ignored than the act of implementing Change. Some have even suggested that the phrase "Change Management" is an oxymoron. The articles available below have a single purpose, to transform the act of Managing Change from something we dread, to something we approach with skill, insight, wisdom and an increased chance of success.
http://www.technobi lity.com/ docs/menu-managing-change.htm
The Favoritism Test
Learn to avoid the pitfalls of rewarding sycophants in the workplace.
http://www.strategy -business.com/press/enewsarticle/enews022707
ISO 27001 CERTIFICATION GUIDES LAUNCHED
IT Governance Ltd has launched the world’s first practical guides to help company directors and IT project managers understand and achieve certification to ISO 27001, the newly published global certification standard for information security management (replaces BS7799 and complements ISO 17799). In the modern corporate governance climate, ISO 27001 certification will increasingly become a prerequisite for winning new business, thereby accelerating the transfer of IT security issues from the data room to the boardroom.
http://www.itgovernance.co.uk/news_detail.aspx?news_id=25
Featured Internet Sites - Knowledge Management
An interesting collection of web sites focused on knowledge management that is maintained by the legislative library of the Manitoba provincial government.
http://www.gov.mb.ca/chc/ leg-lib/net1206.html
What the Board Needs to Know About IT (The board’s role in leveraging technology as a strategic resource)
In 2006, Deloitte Consulting LLP began a research initiative to explore how boards of directors are approaching information technology (IT). Phase I of this research represents the findings of more than 30 interviews with directors and senior executives. The findings from the Phase I interviews have been captured in the point of view: "What the Board Needs to Know About IT:
The Board's Role in Leveraging Technology as a Strategic Resource."
You can also download "Bringing IT Into the Boardroom," which appeared as a supplement to the Fall 2006 issue of Corporate Board Member magazine. Finally, you can learn about the upcoming Phase II research results on the topic of the board and IT by downloading a preview of the survey results, entitled: “Big Conundrum: Phase II Preliminary Findings.”
For more info on the Deloitte initiative, all the above mentioned documents, and “more”, visit: http://www.deloitte.com/dtt/article/0,1002,sid=26562,cid=132853,00.html
CERT Launches Podcast Series
The CERT® Program is pleased to announce the launch of its first podcast series, "Security for Business Leaders," available at http://www.cert.org/podcast. The series will provide both general principles and specific starting points for business leaders who want to launch enterprise-wide security efforts, or who want to ensure that their organizations' existing security program is as effective as possible. New podcasts will be available every two weeks.
The newest podcast features Rich Pethia, Director of the CERT Program. Other podcast topics include "Why Leaders Should Care about Security," "The ROI of Security," "Proactive Remedies for Rising Threat," and "Compliance vs.Buy-in." Podcasters can listen to entire conversations, download PDF transcripts, and investigate additional references in show notes.
"Security for Business Leaders" is the first podcast series for the SEI.
ACI/KPMG resources on Risk Management
http://www.kpmg.com/aci/risk_mgmt.asp
The Role of U.S. Corporate Boards in Enterprise Risk Management
Boards of Directors in the United States, having focused heavily on Sarbanes-Oxley requirements and more rigorous governance and compliance standards, are now beginning to assess their evolving role in providing oversight in the area of enterprise risk management (ERM). In view of the rapidly developing state of ERM in U.S. corporations, boards face a particularly challenging set of issues in responding to the need for improved oversight of risk management. The Conference Board with McKinsey & Company and KPMG's Audit Committee Institute conducted research on the role of U.S. corporate boards in Enterprise Risk Management between October 2005 and February 2006.
http://www.conference-board.org/publications/describe.cfm?id=1190
Frequently Asked Questions in Corporate Governance (FAQs)
As directors, officers, and advisors work to safeguard and build the value of corporations, they often encounter new corporate governance issues and turn to NACD for answers. Below are some of the questions that our members and others have asked us in recent times, along with some brief answers and links to our current resources.
http://www.nacdonline.org/FAQ/
Tottel’s Corporate Governance Handbook, Third Edition
Tottel’s Corporate Governance Handbook provides invaluable, practical guidance to help you ensure your company functions legally and ethically. Corporate governance is playing an increasing part not just in how companies are run but also how they appear to be run from the outside. The new edition of Tottel’s Corporate Governance Handbook has been brought right up-to-date to provide practical and readable advice on how to ensure your company meets the required standards.
The NEW, fully updated edition includes:
Checklist for implementing the 2003 Combined Code
Assessing board and director performance
The on-going review of the Turnbull Report by the Flint Committee
HM Treasury policy on audit committees and governance of pension schemes
European corporate governance developments and NYSE corporate governance rules
And much more.
http://www.itgovernance.co.uk/products/ 453
Dialogue in corporate governance
The Dialogue in corporate governance initiative aims to facilitate better understanding of pressure and opportunities that arise in increasingly international capital markets. It encourages dialogue around business, investment accountancy and policy issues relating to corporate governance through publications, roundtables and face-to-face meetings.
Dialogue in corporate governance is convened by the ICAEW and its purpose is to: 1) challenge commonly held assumptions, 2) identify fundamental questions; and 3) set challenges for future research. http://www.icaew.co.uk/index.cfm?route=144872
Tougher Boards for Tougher Times: Corporate Governance in the Post-Enron Era (John Wiley & Sons Canada, 2006).
http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470837306.html,
The IIA's position statement regarding Organizational Governance.
In my view this is one of the most important papers that the IIA has issued in the past six to seven years. This position paper (it is the first item on the list) is available at:
http://www.theiia.org/doc_d=126
NACD Blue Ribbon Commission (BRC) reports.
www.nacdonline. org
1. The NACD BRC on Board Evaluation - 2005 Edition
2. The NACD BRC on Board Leadership
3. The NACD BRC on Director Compensation
4. The NACD BRC on Audit Committees
5. The NACD BRC on Director Professionalism
6. The NACD BRC on Role of the Board in Corporate Strategy
7. The NACD BRC on Risk Oversight
The Center for Strategic communication is to serve as an advocate for an integrated-communic ation approach to investor relations and corporate communication. World-class communication is a goal of any organization, and one of the most difficult challenges to CEOs is sending a clear and consistent message to highly divergent constituents. The Center would treat world-class communication as the “end goal” and will become the primary source for leading-edge and implementable strategies for any organization to reach that goal.
http://www.niri.org/about/center.cfm
DM Extra is an electronic publication published by NACD. It is designed to provide you with immediate, up-to-date information regarding current events in the corporate governance arena. http://www.nacdonli ne.org/dm/ xtra.asp
I like this publication because it provides thoughtful, timeless, board level "perspectives" .
Three "classics" I strongly recommend you review include: (note - there are many more).
a. The Rise and Fall of Enron: Principles for Director Focus
http://www.nacdonline.org/members/ dmx/dmxtra_0202.pdf
b. Worldcom: Six Questions for Directors
http://www.nacdonline.org/dm/ NACD-Jul02- DMX-RE.pdf
c. Rise and Fall of Enron
http://www.nacdonline.org/nacd/enron.asp?user
Business Planning Guide: Practical Application for SMEs
The Professional Accountants in Business Committee identified a practical business planning guide as a very useful tool for management, principally but not exclusively, operating in the small and medium entities (SMEs) area of the market. This information paper provides practical guidance that will help SMEs to understand their own business and industry, enabling them to better evaluate the business potentials and their associated risks. It will also be useful to small and medium-sized practitioners that are providing professional accounting services to SMEs.
http://www.ifac.org/Store/Category.tmpl?Category=ProfessionalAccountantsinBusiness& Cart=11717418193 382 247
A Question of Trust
The latest issue of Tone at the Top, “Stakeholder Trust Remains a Hot Topic,” looks at seven things directors should consider in regard to rebuilding the trust of stakeholders. If your executive management and audit committee members are not already receiving Tone at the Top, please provide their mailing and e-mail information to pr@theiia.org. Many, many past issues are also accessible - go to: http://www.theiia.org/periodicals/newsletters/ tone-at-the-top/
Definition of Investor Relations
Investor relations is a strategic management responsibility that integrates finance, communication, marketing and securities law compliance to enable the most effective two-way communication between a company, the financial community, and other constituencies, which ultimately contributes to a company's securities achieving fair valuation. http://www.niri.org/about/ mission.cfm
About TheCorporateCounsel.net
Following the long-standing tradition of The Corporate Counsel and The Corporate Executive, TheCorporateCounsel .net is an educational service that provides practical guidance on legal issues involving corporate and securities regulation and corporate governance practices - as well as many other areas impacting today's corporate practitioner. The Editor is Broc Romanek and the Associate Editor is Julie Hoffman, who are assisted by Jesse Brill, Mike Gettelman, and Alan Dye, among many others at Executive Press.
http://www.thecorporatecounsel.net/home.asp
"It Takes A Lot More Than Attitude...To Lead a Stellar Organization" - By Stever Robbins.Become a better leader in a Fun, Provocative Read! Looking for new ideas you can implement immediately to be a more effective leader? Pick up 'It Takes a Lot More than Attitude ... to Lead a Stellar Organization. . ' This collection of essays explores with what it takes to be a great leader, in an engaging, no-nonsense conversation that keeps you turning the pages. It also makes a perfect gift for the person with the leadership title who just doesn't get it. Buy it at www.alotmorethanatt itude.com (The only book on leadership that starts by discussing the responsibilities of leadership, and goes on to reveal all the secrets the great leadership pundits never discuss. Like when and why you can wear a feather boa to staff
meetings...)
Purpose -- The Starting Point of Great Companies
The latest strategy & business (s&b) newsletter is out and this issue is regarding “Purpose and Innovation”. Consider checking out their web site too – (its amazing).
http://www.strategy -business.com/press/enewsarticle/enews102606
Creativity Fringes
Is your organization innovative? The Creativity Fringes newsletter is one of the best sources of thinking outside your box, and encourages creativity, innovation, etc., in everything we do in a light and educational manner. A truly great monthly read, past issues are available below.
http://www.fcg.gov/creativityfringes.shtml
Directors and Boards
http://www.directorsandboards.com/
The Language of Compliance
The Language of Compliance is the biggest (3,500+ entries) resource for acronyms, terms, and extended definitions. Authored by Dorian Cougias and Marcelo Halpern it covers the terms found in HIPAA, SOX, GLB, CobiT, ISO 17799 and 27001, BCI, BSI, ISSF, and over 100 other regulatory bodies and standards agencies.
http://glossary. unifiedcompliance.com/buy_now/the_language_of_compliance.html
Unified Compliance Project (UCP)
ITCi's Unified Compliance Project (UCP) is an independent initiative focused on supporting IT compliance management. The UCP parses and reconstructs complex corporate regulations into a holistic IT compliance view. http://www.itcinsti tute.com/ucp/
Audit Integrity
Audit Integrity research services support risk management practices that help investors, insurers and others lower risk and improve performance with objective ratings and reports. The Audit Integrity Accounting and Governance Risk (AGR®) rating is a measure of the overall risk related to corporate accounting and governance practices.
http://www.auditintegrity.com/ index.php
Audit Integrity Salutes Top 100 Firms for Excellence in Accounting and Governance http://www.auditintegrity.com/upload/iblock/9a0/Audit_Integrity_20070326_Top100List.pdf
The U.S. Government Accountability Office (the GAO)
The Government Accountability Office (GAO) is an agency that works for Congress and the American people. Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars and advises Congress and the heads of executive agencies about ways to make government more effective and responsive.
Leading best practice guidance on various management practices - http://www.gao.gov/aac.html
Leading IT and IM guidance - http://www.gao.gov/special.pubs/cit.html
Posted by: "Dan Swanson" dswanson_2008@yahoo.ca dswanson_2008
Wed Dec 31, 2008 5:25 pm (PST)
The last resource email for 2008 is focused on providing leading
Governance resources from around the world.
Enjoy -- please share with your colleagues as well.
All the best in 2009 - May it be your best year ever!
Dan Swanson
Roadmap to Being an Effective Director
This website is dedicated to speeding up learning for new directors and removing some of the mystery from the process. It's a roadmap to the basic risk management skills used by boards. It ramps-up the learning curve so new directors can be effective at the board table more quickly and participate with confidence. Sounds promising–but how do you do that – in practical terms? How can an independent Director, who attends a four-hour meeting six times a year, learn to supervise full time management? That's what this site is all about. Developed over the past five years, GovernanceTools© explains risk management, the biggest part of a director's job. It provides relevant information in timely, need-to-know chunks. And learning can occur prior to your board meeting, whenever your have available time. http://www.governan cetools.com/ home.asp
An overview of corporate governance – (by ICAEW)
What is corporate governance? - Corporate governance is commonly referred to as a system by which organizations are directed and controlled. It is the process by which company objectives are established, achieved and monitored. Corporate governance is concerned with the relationships and responsibilities between the board, management, shareholders and other relevant stakeholders within a legal and regulatory framework.
http://www.icaew. co.uk/index. cfm?route= 122444
What drives Toyota ? The presumption of imperfection— and a refusal to accept it.
It's the story of Toyota 's genius: an insatiable competitiveness that would seem un-American were it not for all the Americans making it happen. Toyota 's competitiveness is quiet, internal, self-critical. It is rooted in an institutional obsession with improvement that Toyota manages to instill in each one of its workers, a pervasive lack of complacency with whatever was accomplished yesterday.
Editor’s note – how much focus does your organization place on competitiveness?
http://www.fastcomp any.com/magazine /111/open_ no-satisfaction. html
Most organizations today understand the importance of Ethics, Leadership, and Values-Based Business Practices. And those that actually turn their good intentions into action – those that “walk the talk” – are able to: Attract and retain the very best people; Deliver high-quality products and services; Build and maintain customer loyalty; and Achieve long-term, sustained results.
Editor’s note - that one extra degree of effort may be all you need; enjoy this inspirational movie.
http://www.the212mo vie.com/
Information Technology and the Board - "An Insightful Resource".
http://www.deloitte .com/dtt/ article/0% 2C1002%2Ccid% 25253D152626% 2C00.html
What the Board Needs to Know About IT: Phase II Findings
Maximizing performance through IT strategy
http://www.deloitte .com/dtt/ article/0, 1002,sid= 36692&cid=151800, 00. html
Corporate Directors May Not Be Providing Sufficiently Robust Enterprise Risk Oversight The "Executive Summary" of this new Conference Board report is available at:
http://www.conferen ce-board. org/utilities/ pressDetail. cfm?press_ ID=2893
CICA’s Risk Management and Governance Collection
20 Questions Directors Should Ask – (on various important topics).
Consider just obtaining their CD, i.e. with all this guidance combined into one place.
http://www.rmgb. ca/index. cfm/ciid/ 3083/laid/ 1.htm
Unplanned Work: The Silent Killer
Find out how unplanned work - those activities not mapped to any project, procedure or change request - is undermining the effectiveness of your IT efforts.
http://www.networkw orld.com/ whitepapers/ nww/pdf/Tripwire _Unplanned_ Work_Management_ Paper.pdf
20 Questions Directors Should Ask About IT (Revised April 2004)
Information technology is a critical part of an organization' s internal control and management information system. Ensuring its integrity is an important responsibility for board members. ITAC has compiled 20 key questions about IT that should be asked about: strategic planning and technology, performance and personnel issues, internal control issues, risk and security, information privacy, e-business, availability policies, and legal issue.
http://www.cica. ca/index. cfm/ci_id/ 1000/la_id/ 1
Managing Change
There is no management activity more misunderstood, abused and ignored than the act of implementing Change. Some have even suggested that the phrase "Change Management" is an oxymoron. The articles available below have a single purpose, to transform the act of Managing Change from something we dread, to something we approach with skill, insight, wisdom and an increased chance of success.
http://www.technobi lity.com/ docs/menu- managing- change.htm
The Favoritism Test
Learn to avoid the pitfalls of rewarding sycophants in the workplace.
http://www.strategy -business. com/press/ enewsarticle/ enews022707
ISO 27001 CERTIFICATION GUIDES LAUNCHED
IT Governance Ltd has launched the world’s first practical guides to help company directors and IT project managers understand and achieve certification to ISO 27001, the newly published global certification standard for information security management (replaces BS7799 and complements ISO 17799). In the modern corporate governance climate, ISO 27001 certification will increasingly become a prerequisite for winning new business, thereby accelerating the transfer of IT security issues from the data room to the boardroom.
http://www.itgovern ance.co.uk/ news_detail. aspx?news_ id=25
Featured Internet Sites - Knowledge Management
An interesting collection of web sites focused on knowledge management that is maintained by the legislative library of the Manitoba provincial government.
http://www.gov. mb.ca/chc/ leg-lib/net1206. html
FMEA - Failure Mode and Effects Analysis ( Information Center )
Everything you want to know about Failure Mode and Effect Analysis.
http://www.isixsigm a.com/offsite. asp?A=Fr&Url=http://www. fmeainfocentre. com
What the Board Needs to Know About IT (The board’s role in leveraging technology as a strategic resource)
In 2006, Deloitte Consulting LLP began a research initiative to explore how boards of directors are approaching information technology (IT). Phase I of this research represents the findings of more than 30 interviews with directors and senior executives. The findings from the Phase I interviews have been captured in the point of view: "What the Board Needs to Know About IT: The Board's Role in Leveraging Technology as a Strategic Resource."
You can also download "Bringing IT Into the Boardroom," which appeared as a supplement to the Fall 2006 issue of Corporate Board Member magazine. Finally, you can learn about the upcoming Phase II research results on the topic of the board and IT by downloading a preview of the survey results, entitled: “Big Conundrum: Phase II Preliminary Findings.”
For more info on the Deloitte initiative, all the above mentioned documents, and “more”, visit: http://www.deloitte .com/dtt/ article/0, 1002,sid% 3D26562%26cid% 3D132853, 00.html
CERT Launches Podcast Series
The CERT® Program is pleased to announce the launch of its first podcast series, "Security for Business Leaders," available at http://www.cert. org/podcast. The series will provide both general principles and specific starting points for business leaders who want to launch enterprise-wide security efforts, or who want to ensure that their organizations' existing security program is as effective as possible. New podcasts will be available every two weeks.
The newest podcast features Rich Pethia, Director of the CERT Program. Other podcast topics include "Why Leaders Should Care about Security," "The ROI of Security," "Proactive Remedies for Rising Threat," and "Compliance vs.. Buy-in." Podcasters can listen to entire conversations, download PDF transcripts, and investigate additional references in show notes.
"Security for Business Leaders" is the first podcast series for the SEI.
Information Security Oversight: Essential Board Practices, from the National Association of Corporate Directors (NACD).
Learn four steps each board should adopt to avoid the hazards of leaving information inadequately protected from cyber criminals. Review the questions each board should ask to determine inherent risks. Discover the potential liabilities and other woes that might befall corporate boards and management who show too little involvement in safeguarding the security and privacy of corporate-held information. Lessons include identifying vulnerabilities, mitigating damages, establishing controls, educating officers and employees, and resolving issues. Sponsored by KPMG's Audit Committee Institute and published in collaboration with the Institute of Internal Auditors and the Critical Infrastructure Assurance Office of the U.S. Department of Commerce..
http://www.nacdonli ne.org/publicati ons/pubDetails. asp?pubID= 138&user=D0888270C5 AF46 508BEC8472906F87 C3
ACI/KPMG resources on Risk Management
http://www.kpmg. com/aci/risk_ mgmt.asp
The Role of U.S. Corporate Boards in Enterprise Risk Management
Boards of Directors in the United States , having focused heavily on Sarbanes-Oxley requirements and more rigorous governance and compliance standards, are now beginning to assess their evolving role in providing oversight in the area of enterprise risk management (ERM). In view of the rapidly developing state of ERM in U.S. corporations, boards face a particularly challenging set of issues in responding to the need for improved oversight of risk management. The Conference Board with McKinsey & Company and KPMG's Audit Committee Institute conducted research on the role of U.S. corporate boards in Enterprise Risk Management between October 2005 through February 2006.
http://www.conferen ce-board. org/publications /describe. cfm?id=1190
Frequently Asked Questions in Corporate Governance (FAQs)
As directors, officers, and advisors work to safeguard and build the value of corporations, they often encounter new corporate governance issues and turn to NACD for answers. Below are some of the questions that our members and others have asked us in recent times, along with some brief answers and links to our current resources.
http://www.nacdonli ne.org/FAQ/
Tottel’s Corporate Governance Handbook, Third Edition
Tottel’s Corporate Governance Handbook provides invaluable, practical guidance to help you ensure your company functions legally and ethically. Corporate governance is playing an increasing part not just in how companies are run but also how they appear to be run from the outside. The new edition of Tottel’s Corporate Governance Handbook has been brought right up-to-date to provide practical and readable advice on how to ensure your company meets the required standards.
The NEW, fully updated edition includes:
Checklist for implementing the 2003 Combined Code
Assessing board and director performance
The on-going review of the Turnbull Report by the Flint Committee
HM Treasury policy on audit committees and governance of pension schemes
European corporate governance developments and NYSE corporate governance rules
And much more.
http://www.itgovern ance.co.uk/ products/ 453
Dialogue in corporate governance
The Dialogue in corporate governance initiative aims to facilitate better understanding of pressure and opportunities that arise in increasingly international capital markets. It encourages dialogue around business, investment accountancy and policy issues relating to corporate governance through publications, roundtables and face-to-face meetings.
Dialogue in corporate governance is convened by the ICAEW and its purpose is to: 1) challenge commonly held assumptions, 2) identify fundamental questions; and 3) set challenges for future research. http://www.icaew. co.uk/index. cfm?route= 144872
Tougher Boards for Tougher Times: Corporate Governance in the Post-Enron Era (John Wiley & Sons Canada , 2006).
http://www.wiley. com/WileyCDA/ WileyTitle/ productCd- 0470837306. html
The IIA's position statement regarding Organizational Governance.
In my view this is one of the most important papers that the IIA has issued in the past six to seven years. This position paper (it is the first item on the list) is available at:
http://www.theiia. org/?doc_ id=126
NACD Blue Ribbon Commission (BRC) reports.
www.nacdonline. org
1. The NACD BRC on Board Evaluation - 2005 Edition
2. The NACD BRC on Board Leadership
3. The NACD BRC on Director Compensation
4. The NACD BRC on Audit Committees
5. The NACD BRC on Director Professionalism
6. The NACD BRC on Role of the Board in Corporate Strategy
7. The NACD BRC on Risk Oversight
The Center for Strategic communication is to serve as an advocate for an integrated-communic ation approach to investor relations and corporate communication. World-class communication is a goal of any organization, and one of the most difficult challenges to CEOs is sending a clear and consistent message to highly divergent constituents. The Center would treat world-class communication as the “end goal” and will become the primary source for leading-edge and implementable strategies for any organization to reach that goal.
http://www.niri. org/about/ center.cfm
DM Extra is an electronic publication published by NACD. It is designed to provide you with immediate, up-to-date information regarding current events in the corporate governance arena. http://www.nacdonli ne.org/dm/ xtra.asp
I like this publication because it provides thoughtful, timeless, board level "perspectives" .
Three "classics" I strongly recommend you review include: (note - there are many more).
a. The Rise and Fall of Enron: Principles for Director Focus
http://www.nacdonli ne.org/members/ dmx/dmxtra_ 0202.pdf
b. Worldcom: Six Questions for Directors
http://www.nacdonli ne.org/dm/ NACD-Jul02- DMX-RE.pdf
c. Rise and Fall of Enron
http://www.nacdonli ne.org/nacd/ enron.asp? user
Business Planning Guide: Practical Application for SMEs
The Professional Accountants in Business Committee identified a practical business planning guide as a very useful tool for management, principally but not exclusively, operating in the small and medium entities (SMEs) area of the market. This information paper provides practical guidance that will help SMEs to understand their own business and industry, enabling them to better evaluate the business potentials and their associated risks. It will also be useful to small and medium-sized practitioners that are providing professional accounting services to SMEs.
http://www.ifac. org/Store/ Category. tmpl?Category= Professional% 20Accountants% 20in%20Business& Cart=11717418193 382 247
A Question of Trust
The latest issue of Tone at the Top, “Stakeholder Trust Remains a Hot Topic,” looks at seven things directors should consider in regard to rebuilding the trust of stakeholders. If your executive management and audit committee members are not already receiving Tone at the Top, please provide their mailing and e-mail information to pr@theiia.org. Many, many past issues are also accessible - go to: http://www.theiia. org/periodicals/ newsletters/ tone-at-the- top/
Definition of Investor Relations
Investor relations is a strategic management responsibility that integrates finance, communication, marketing and securities law compliance to enable the most effective two-way communication between a company, the financial community, and other constituencies, which ultimately contributes to a company's securities achieving fair valuation. http://www.niri. org/about/ mission.cfm
About TheCorporateCounsel .net
Following the long-standing tradition of The Corporate Counsel and The Corporate Executive, TheCorporateCounsel .net is an educational service that provides practical guidance on legal issues involving corporate and securities regulation and corporate governance practices - as well as many other areas impacting today's corporate practitioner. The Editor is Broc Romanek and the Associate Editor is Julie Hoffman, who are assisted by Jesse Brill, Mike Gettelman, and Alan Dye, among many others at Executive Press.
http://www.thecorpo ratecounsel. net/home. asp
"It Takes A Lot More Than Attitude...To Lead a Stellar Organization" - By Stever Robbins.Become a better leader in a Fun, Provocative Read! Looking for new ideas you can implement immediately to be a more effective leader? Pick up 'It Takes a Lot More than Attitude ... to Lead a Stellar Organization. . ' This
collection of essays explores with what it takes to be a great leader, in an engaging, no-nonsense conversation that keeps you turning the pages. It also makes a perfect gift for the person with the leadership title who just doesn't get it. Buy it at www.alotmorethanatt itude.com (The only book on leadership that starts by discussing the responsibilities of leadership, and goes on to reveal all the secrets the great leadership pundits never discuss. Like when and why you can wear a feather boa to staff
meetings...)
Purpose -- The Starting Point of Great Companies
The latest strategy & business (s&b) newsletter is out and this issue is regarding “Purpose and Innovation”. Consider checking out their web site too – (its amazing).
http://www.strategy -business. com/press/ enewsarticle/ enews102606
Creativity Fringes
Is your organization innovative? The Creativity Fringes newsletter is one of the best sources of thinking outside your box, and encourages creativity, innovation, etc., in everything we do in a light and educational manner. A truly great monthly read, past issues are available below.
http://www.fcg. gov/creativity_ fringes.shtml
Directors and Boards
http://www.director sandboards. com/
The Language of Compliance
The Language of Compliance is the biggest (3,500+ entries) resource for acronyms, terms, and extended definitions. Authored by Dorian Cougias and Marcelo Halpern it covers the terms found in HIPAA, SOX, GLB, CobiT, ISO 17799 and 27001, BCI, BSI, ISSF, and over 100 other regulatory bodies and standards agencies.
http://glossary. unifiedcomplianc e.com/buy_ now/the_language _of_compliance. html
Unified Compliance Project (UCP)
ITCi's Unified Compliance Project (UCP) is an independent initiative focused on supporting IT compliance management. The UCP parses and reconstructs complex corporate regulations into a holistic IT compliance view.
http://www.itcinsti tute.com/ ucp/
Audit Integrity
Audit Integrity research services support risk management practices that help investors, insurers and others lower risk and improve performance with objective ratings and reports. The Audit Integrity Accounting and Governance Risk (AGR®) rating is a measure of the overall risk related to corporate accounting and governance practices.
http://www.auditint egrity.com/ index..php
Audit Integrity Salutes Top 100 Firms for Excellence in Accounting and Governance http://www.auditint egrity.com/ upload/iblock/ 9a0/Audit_ Integrity_ 20070326_ Top100List. pdf
The U.S. Government Accountability Office (the GAO)
The Government Accountability Office (GAO) is an agency that works for Congress and the American people. Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars and advises Congress and the heads of executive agencies about ways to make government more effective and responsive.
www.gao.gov
Leading best practice guidance on various management practices - http://www.. gao. gov/aac.html
Leading IT and IM guidance - http://www.gao. gov/special. pubs/cit. html
Global Technology Audit Guide (GTAG)
The Institute of Internal Auditors (The IIA) is producing a series of publications with guidance on information technology. Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives. Each Global Technology Audit Guide (GTAG) is written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG is a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associat ed risks and recommended practices.
http://www.theiia. org/guidance/ technology/ gtag/
Board Governance – Deloitte’s Governance Repository
https://www. corpgov.deloitte .com/site/ us/menuitem. 88e49625b72277a9 8f220ce36cdf8a0c /;jsessionid= Cy7kGJSZVYbhbSRy qVXsz1s12ykvs3v6 hSKpkxHzLbVqlNkt Ttv9!-377936133! -608783955
Corporate Governance
This CEO-led task force has identified cyber security roles and responsibilities within the corporate management structure, referencing and combining best practices and metrics that bring accountability to three key elements of a cyber security system: people, process and technology.
http://www.cyberpar tnership. org/init- governance. html
Australia has Corporate Governance Standards, the AS 8000 series at:
The AU Governance series has five main parts:
I. Good governance principles
II. Fraud and corruption control
III. Organizational codes of conduct
IV. Corporate social responsibility
V. Whistleblower protection programs for entities
http://www.saigloba l.com/
Information technology governance - From Wikipedia, (the free encyclopedia)
Information technology governance, IT governance or ICT Governance, is a subset discipline of Corporate governance focused on information technology systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives (e.g. Sarbanes-Oxley ( USA ) and Basel II ( Europe )), as well as the acknowledgement that IT projects can easily get out of control and profoundly affect the performance of an organization.
http://en.wikipedia .org/wiki/ Information_ technology_ governance
..
Global Technology Audit Guide (GTAG)
The Institute of Internal Auditors (The IIA) is producing a series of publications with guidance on information technology. Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives. Each Global Technology Audit Guide (GTAG) is written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG is a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associated risks and recommended practices.
http://www.theiia.org/guidance/ technology/gtag/
Corporate Governance
This CEO-led task force has identified cyber security roles and responsibilities within the corporate management structure, referencing and combining best practices and metrics that bring accountability to three key elements of a cyber security system: people, process and technology.
http://www.cyberpartnership.org/init-governance.html
Australia has Corporate Governance Standards, the AS 8000 series at:
The AU Governance series has five main parts:
I. Good governance principles
II. Fraud and corruption control
III. Organizational codes of conduct
IV. Corporate social responsibility
V. Whistleblower protection programs for entities
http://www.saiglobal.com/
Information technology governance - From Wikipedia, (the free encyclopedia)
Information technology governance, IT governance or ICT Governance, is a subset discipline of Corporate governance focused on information technology systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives (e.g. Sarbanes-Oxley ( USA ) and Basel II ( Europe )), as well as the acknowledgement that IT projects can easily get out of control and profoundly affect the performance of an organization.
http://en.wikipedia.org/wiki/Information_technology_governance
..
Monday, December 8, 2008
Study Notes on Recession
(1) I have been less than enthusiastic about an Obama presidency. But now, all I want to do is to pray and support Obama. President Obama is our only hope to get out of the current economic difficulties. The success of the economy and the country is far more important than the pride of one individual. A prospect of having a four year recession is daunting. Just thinking about it makes me sick.
On the opposite, I am also every hopeful. Why not? The earth has not been hit by another planet. We did not suffer a massive nuclear attack. We have not unexpectedly run out of mineral resources. All the problems are transactional which can be sorted out. On the financial markets, we need to figure out who has lost what amount and make those responsible recognize or pay for their losses. Then we may outlaw those unnatural financial deals and let the economy continue to run. The auto industry has to lower their overall cost structure. A tough job for sure. But the iron and steel industry has done it; the airline industry has done it. So will the automobile industry. All we need is a strong political consensus and will. Obama and his team have shown such guts.
=========================================
(2) After some self study, I am as confused as ever before on the cause of the current economic difficulties. All I can share is that the following folks were awarded with Nobel Prize on Economics on financial engineering related topics. I will leave the thinking to you, the readers of this page.
1997 - Robert C. Merton, Myron S. Scholes
"for a new method to determine the value of derivatives"
1994 - John C. Harsanyi, John F. Nash Jr., Reinhard Selten
"for their pioneering analysis of equilibria in the theory of non-cooperative games"
1990 - Harry M. Markowitz, Merton H. Miller, William F. Sharpe
"for their pioneering work in the theory of financial economics"
Source:http://nobelprize.org/
========================================
(3) If history provides any clues, the current recession is already longer than most postwar downturns. How much longer will it run?
8/1929 – 3/1933 : 34 months
4/1960 – 2/1961 : 10 months
12/1969 – 11/1970 : 11 months
11/1973 – 3/1975 : 16 months
1/1980 – 7/1980 : 6 months
7/1981 – 5/1982 : 16 months
7/1990 – 3/1991 : 8 months
3/2001 – 11/2001 : 8 months
12/2007 - ?/? : 12 + ? months
Source: National Bureau of Economic Research
========================================
(4) On the lighter side, let us have a small quiz.
What is the difference between a recession and a depression? Please choose the most appropriate one below.
(a) A recession is less a problem than a depression.
(b) A recession is about money and depression about headache.
(c) They are the same thing. Those two words may be used interchangeably.
(d) They are both about losing jobs, while the former is about your neighbor and the latter is about you yourself.
* Which ever you choose is the best answer because economics is a dynamic field.
On the opposite, I am also every hopeful. Why not? The earth has not been hit by another planet. We did not suffer a massive nuclear attack. We have not unexpectedly run out of mineral resources. All the problems are transactional which can be sorted out. On the financial markets, we need to figure out who has lost what amount and make those responsible recognize or pay for their losses. Then we may outlaw those unnatural financial deals and let the economy continue to run. The auto industry has to lower their overall cost structure. A tough job for sure. But the iron and steel industry has done it; the airline industry has done it. So will the automobile industry. All we need is a strong political consensus and will. Obama and his team have shown such guts.
=========================================
(2) After some self study, I am as confused as ever before on the cause of the current economic difficulties. All I can share is that the following folks were awarded with Nobel Prize on Economics on financial engineering related topics. I will leave the thinking to you, the readers of this page.
1997 - Robert C. Merton, Myron S. Scholes
"for a new method to determine the value of derivatives"
1994 - John C. Harsanyi, John F. Nash Jr., Reinhard Selten
"for their pioneering analysis of equilibria in the theory of non-cooperative games"
1990 - Harry M. Markowitz, Merton H. Miller, William F. Sharpe
"for their pioneering work in the theory of financial economics"
Source:http://nobelprize.org/
========================================
(3) If history provides any clues, the current recession is already longer than most postwar downturns. How much longer will it run?
8/1929 – 3/1933 : 34 months
4/1960 – 2/1961 : 10 months
12/1969 – 11/1970 : 11 months
11/1973 – 3/1975 : 16 months
1/1980 – 7/1980 : 6 months
7/1981 – 5/1982 : 16 months
7/1990 – 3/1991 : 8 months
3/2001 – 11/2001 : 8 months
12/2007 - ?/? : 12 + ? months
Source: National Bureau of Economic Research
========================================
(4) On the lighter side, let us have a small quiz.
What is the difference between a recession and a depression? Please choose the most appropriate one below.
(a) A recession is less a problem than a depression.
(b) A recession is about money and depression about headache.
(c) They are the same thing. Those two words may be used interchangeably.
(d) They are both about losing jobs, while the former is about your neighbor and the latter is about you yourself.
* Which ever you choose is the best answer because economics is a dynamic field.
Tuesday, November 11, 2008
60 Minutes Missed The Point
Being a Monday morning quarterback is easy, but CBS 60 Minutes could have messed it up. In a story about the inner circles of the Obama campaign, Steve Kroft summarized the reasons for Obama’s campaign as “… by largely ignoring that their candidate happed to be a black man.” Steve knows that this is only half true. The Obama campaign never failed for a second to spread the message that Obama is black. That was how Obama got 95 percent of the black votes. Not all blacks in this country are democrats. What Obama campaign really did was putting on a double face -- playing the race cards with black voters while telling the non-blacks that race is not an issue. Alas, McCain played it straight. He never played the race card even when Obama fell to a weak spot as the Jeremiah Wright video started to spread on the internet. Obama’s inner circle admitted in the 60 minutes interview that they were caught off guard. McCain just let Obama get away by making one public speech in which he criticized and defended Jeremiah at the same time. Of course, the deciding battle was the collapse of the Wall Street. When a financial crisis began to threaten the Main Street economy, many votes started to blame the Republican Party. McCain lost much of his support base.
Wednesday, November 5, 2008
The First Black President in US History
He made it.
First, Obama should be grateful for his No.1 cheer leader, President George Bush for doing such a terrible job in the past 8 years—with a war on terror mired in mud in Iraq and Afghanistan and the economy going down to the tank. Secondly, Obama should be grateful to his opponent, John McCain whose unique personality gave Obama pockets of opportunities here and there. Osama’s campaign is also a lot better organized and effective. We are at a critical historical junction. We need an experienced leader to be the commander in chief and we need a steady captain to steer this country out of a dangerous storm. Now that people have spoken. I know many who voted for Obama are desperate about their lives and are led to believe that any change is better than the status quo. There is a high chance for Obama to become a legendary President along with Roosevelt and Kennedy. I just wish that Obama will not make changes just for his personal ambition to become a national hero.
First, Obama should be grateful for his No.1 cheer leader, President George Bush for doing such a terrible job in the past 8 years—with a war on terror mired in mud in Iraq and Afghanistan and the economy going down to the tank. Secondly, Obama should be grateful to his opponent, John McCain whose unique personality gave Obama pockets of opportunities here and there. Osama’s campaign is also a lot better organized and effective. We are at a critical historical junction. We need an experienced leader to be the commander in chief and we need a steady captain to steer this country out of a dangerous storm. Now that people have spoken. I know many who voted for Obama are desperate about their lives and are led to believe that any change is better than the status quo. There is a high chance for Obama to become a legendary President along with Roosevelt and Kennedy. I just wish that Obama will not make changes just for his personal ambition to become a national hero.
Sunday, November 2, 2008
Tuesday, October 7, 2008
DTrace useful links
The following is from http://johnjmclaughlin.blogspot.com/2007_09_01_archive.html
Peerapong Kunasirirat posted a nice list of DTrace links in a recent posting:
Brendan Gregg's Blog (the creator of DTraceToolkit) : http://blogs.sun.com/brendan/
Brendan Gregg's Home page : http://www.brendangregg.com/
DTrace Tools : http://www.brendangregg.com/dtrace.html%20
DTraceToolkit : http://www.opensolaris.org/os/community/dtrace/dtracetoolkit%20
DTraceToolkit Preso file : http://prefetch.net/presentations/DTraceToolkit_Presentation.pdf%20
Brendan Gregg's Preso on DTrace Workshop : http://www.context-switch.com/performance/dtrace_workshop01_slides.pdf
OpenSolaris DTrace Student Guide : http://opensolaris.org/os/community/documentation/files/studentguide.pdf
SolarisInternal.COM DTrace Intro : http://www.solarisinternals.com/wiki/index.php/DTrace_Topics_Intro
SolarisInternal.COM DTraceToolkit : http://www.solarisinternals.com/wiki/index.php/DTraceToolkit%20
ColorTrace : http://blogs.sun.com/brendan/entry/colortrace%20
Blog O' Matty : http://prefetch.net/blog/index.php/category/solaris-dtrace/I'll addTech Talk at Google on DTrace : http://blogs.sun.com/bmc/entry/dtrace_at_google
Peerapong Kunasirirat posted a nice list of DTrace links in a recent posting:
Brendan Gregg's Blog (the creator of DTraceToolkit) : http://blogs.sun.com/brendan/
Brendan Gregg's Home page : http://www.brendangregg.com/
DTrace Tools : http://www.brendangregg.com/dtrace.html%20
DTraceToolkit : http://www.opensolaris.org/os/community/dtrace/dtracetoolkit%20
DTraceToolkit Preso file : http://prefetch.net/presentations/DTraceToolkit_Presentation.pdf%20
Brendan Gregg's Preso on DTrace Workshop : http://www.context-switch.com/performance/dtrace_workshop01_slides.pdf
OpenSolaris DTrace Student Guide : http://opensolaris.org/os/community/documentation/files/studentguide.pdf
SolarisInternal.COM DTrace Intro : http://www.solarisinternals.com/wiki/index.php/DTrace_Topics_Intro
SolarisInternal.COM DTraceToolkit : http://www.solarisinternals.com/wiki/index.php/DTraceToolkit%20
ColorTrace : http://blogs.sun.com/brendan/entry/colortrace%20
Blog O' Matty : http://prefetch.net/blog/index.php/category/solaris-dtrace/I'll addTech Talk at Google on DTrace : http://blogs.sun.com/bmc/entry/dtrace_at_google
Tuesday, September 30, 2008
Let 'mark-to-market' stay
On Monday, as Treasury Secretary Henry Paulson’s 700 billion bailout plan was rejected by the Congress, former House speaker Newt Gingrich started to preach for suspending an accounting rule as an alternate plan solve the current financial market crisis. Newt made appearances on Fox New, on CNN and published a commentary on the Forbes.com.
“Probably 70% of the real crisis that we face today is caused by mark-to-market accounting in an illiquid market," Newt said, "… If regulators on their own--or Congress, if regulators fail to use their discretion--can fix 70% of the financial crisis by changing the mark-to-market accounting rule, we should change the rule first before attempting to pass another reevaluated bailout package. “
Newt failed to conceptualize the issue and his reasoning is flawed.
Getting rid of ‘Mark-to-Market’ accounting rule will make the symptom a little less severe but will not help with the disease in the long run. We do not have to go back too far in history to find a lesson. In late 1980s, Japanese economy suffered a burst of their financial bubbles. Right before that time, the first 20 largest banks in the world were mostly Japanese. The reason was that those Japanese banks all had loaded with loans of the Japanese real estates which had their prices gone through the sky. When the real estate market crashed, the Japanese banks were on the brinks of collapsing. Fortunately, there were no “mark-to-market” equivalency in Japanese accounting rules and those Japanese banks were allowed to ‘write off’ those bad loans over time with their profits. How long? Till recent years, some the Japanese banks are still working those numbers. In fact, the Japanese economy never fully recovered from that financial crisis. Question to American people is if they want to get rid those bubble quickly and move on or to bear with this pain for the next 20 years.
The fundamental accounting principle is to protect the investors. To that end, it generally requires that the public company take financial gains conservatively and recognize loses aggressively. ‘Mark-to-market’ was created under this spirit. Before this rule was in place, there had been many frauds by company managements who cheated investors by keeping assets on books at their original purchase price. While actually, the market values of those assets had dropped to near nothing. With ‘mark-to-market’, the management will have nowhere to hide. Of course, by then, the account board could not have anticipated ‘mark-to-market’ being applied in such a volatile and yet illiquid market. By then those financial scientists were still holding real world jobs in academics or industries. They had not yet landed on Wall Street virtual economy and had not yet invented those derivatives now known to us as CDO, CDL and SWAPTIONS. Wall Street absorbed those toxic assets out of greed. For years, they booked billions upon billions of profits. Never had anyone cried foul. Today they are losing money and want to suspend the rule to cover up their mistakes. If SEC indeed suspends the 'mark-to-market' rule as Newt has insisted, investors will not know a financially healthy company from a sick one. Worse, those CEOs who made tons of money by participated in those years' near fraudulent operations, will, once again, be able to report 'profits' and take home an obscene sum of financial "rewards." It may be a good idea for the Wall Street, but will it also be a good thing for the Main Street?
http://www.forbes.com/home/2008/09/29/mark-to-market-oped-cx_ng_0929gingrich.html
“Probably 70% of the real crisis that we face today is caused by mark-to-market accounting in an illiquid market," Newt said, "… If regulators on their own--or Congress, if regulators fail to use their discretion--can fix 70% of the financial crisis by changing the mark-to-market accounting rule, we should change the rule first before attempting to pass another reevaluated bailout package. “
Newt failed to conceptualize the issue and his reasoning is flawed.
Getting rid of ‘Mark-to-Market’ accounting rule will make the symptom a little less severe but will not help with the disease in the long run. We do not have to go back too far in history to find a lesson. In late 1980s, Japanese economy suffered a burst of their financial bubbles. Right before that time, the first 20 largest banks in the world were mostly Japanese. The reason was that those Japanese banks all had loaded with loans of the Japanese real estates which had their prices gone through the sky. When the real estate market crashed, the Japanese banks were on the brinks of collapsing. Fortunately, there were no “mark-to-market” equivalency in Japanese accounting rules and those Japanese banks were allowed to ‘write off’ those bad loans over time with their profits. How long? Till recent years, some the Japanese banks are still working those numbers. In fact, the Japanese economy never fully recovered from that financial crisis. Question to American people is if they want to get rid those bubble quickly and move on or to bear with this pain for the next 20 years.
The fundamental accounting principle is to protect the investors. To that end, it generally requires that the public company take financial gains conservatively and recognize loses aggressively. ‘Mark-to-market’ was created under this spirit. Before this rule was in place, there had been many frauds by company managements who cheated investors by keeping assets on books at their original purchase price. While actually, the market values of those assets had dropped to near nothing. With ‘mark-to-market’, the management will have nowhere to hide. Of course, by then, the account board could not have anticipated ‘mark-to-market’ being applied in such a volatile and yet illiquid market. By then those financial scientists were still holding real world jobs in academics or industries. They had not yet landed on Wall Street virtual economy and had not yet invented those derivatives now known to us as CDO, CDL and SWAPTIONS. Wall Street absorbed those toxic assets out of greed. For years, they booked billions upon billions of profits. Never had anyone cried foul. Today they are losing money and want to suspend the rule to cover up their mistakes. If SEC indeed suspends the 'mark-to-market' rule as Newt has insisted, investors will not know a financially healthy company from a sick one. Worse, those CEOs who made tons of money by participated in those years' near fraudulent operations, will, once again, be able to report 'profits' and take home an obscene sum of financial "rewards." It may be a good idea for the Wall Street, but will it also be a good thing for the Main Street?
http://www.forbes.com/home/2008/09/29/mark-to-market-oped-cx_ng_0929gingrich.html
Sunday, September 28, 2008
China's First SpaceWalk
Buried among news of presidential election and a historical financial government bailout of the failing financial market is that successful space walk by 3 Chinese kaitonauts. China is now the third country capable of sending people to walk in the space. After hosting a summer Olympic game, Shenzhou 7 spaceship’s successful launching and recovery will boost the Chinese national pride to a new height. Congratulations to the Chinese people!There are no shortages of comments on the Chinese media and web chat rooms on the significance of this achievement. True, a human spacewalk helps covering up the bad publicity of an outburst of tainted baby milk powder; it has the potential of enhancing China’s military power; it helps creating thousands of new business and jobs. Out of the many possible impacts, one stands out is the people -- thousands upon thousands of young people who worked directly or indirectly on the space program. Right before launching, on Saturday (9/21/08), the official Chinese news agency – Xinhua released a picture on the 7 commander and deputy commanders. Their average age of this crew is only 45. Gone are the people in their 70th from the first 3 Shenghou launches in the past 5 years. From this news, we can further extends the majority of the Chinese space program is made of people in their 40th or younger. At this young age, the Chinese space program will have a bright future.
One may wonder what happens to those in their 50th and 60th? Giving posts directly to people 20 years younger of their average age must have by passed many age groups in between. China is a society that has a history of emphasizing the order of age. The truth in today’s China is that there are not many people in that age range to be passed by. People in those age groups are simple absent on the high tech working places. Growing up during ‘the Great Cultural Revolution, they squandered their best times in life playing Chairman Mao’s Red Guards or doing the manual labor in the countryside. Chinese universities were either engaged full time in political turmoil or simply closed during the 1960s and 1970s. Many people praise the Chinese communist party and government with China’s space program citing only with this kind of power concentration that China may get the kind of success. They missed to see that United States has had a successful space program for a long time. They also failed to notice that the flip side of unchecked power concentration is havoc. If the few individuals in top power decide to do wrong things, there will be very little the rest of the country can do to stop them. In 1950s, 1960s and 1970s, up to 3 generations of people were sacrificed for one top person’s personal ambition to become a world revolutionary leader. When Chairman Mao died in 1986, the country economy was on the verge of collapse. Millions upon millions of people did not have enough to eat.
In June 1989, there was a pro-democracy movement in Tiananman square led by college students. That movement was squashed in cold blood. Since that time, the Chinese communist regime adapted a historical compromise with the people. It stopped all ideology maneuvering and focused, instead, on developing the national economy. The ‘opening up to the world reform’ has brought about unprecedented economic prosperity and social freedom to tens of millions Chinese people. I applaud those changes while also believe the Chinese people deserve much more. Along with the economic advancement, the Chinese Communist Party should start political reforms. It is high time for the ordinary Chinese citizens to know the inner circle of government operations; it is high time for the ordinary Chinese citizens to be given back their citizen’s rights to participate in the national political process. Once knowing that the Chinese space programs have been endorsed by the Chinese tax payers, people in rest of the world will cheer for China’s spacewalk with whole hearts.
Saturday, September 27, 2008
Obama and McCain did their 1st presidential debate while I could not careless
Presidential candidates Obama and Mccain argue over war, taxes in 1st debate held last night in Oxford, Mississippi. While the US financial market is crumbling and our jobs are in danger, I found it difficult to spend time on this less important issue. This is a great country with great government institutions. Whoever is to hold the office of the president is less a problem than losing jobs. I did not even bother to turn on my TV. I studied.
Friday, September 5, 2008
Intrepid
One does not live for this world,
a little effort,
a little love,
a little idea,
a little persistence,
a little sharing,
and a little time,
together, we can make a much better world.
Friday, August 29, 2008
A Boring Friday Before the Labor Day Long Weekend
(1) The 2008 Beijing Olympic Game closed on Sunday. The host country got 100 metals. Out of this total, 51 are gold -- a gigantic achievement for China. One day after the game’s closing, the media started to worry about an after-match trauma. As cars started to swamp Beijing streets once again, how long would the Beijing residents be able to enjoy a clean air and blue sky? What people should do about the run away inflation? What the government would do with the stock markets which after hitting a 3 year low before the Olympiad dropped another 30 percent during the game? What would the business do as exports showed a first sign of slow down in a 10 year up trend? Would the government really be able to recover all the money invested in the sports facilities? Good questions.
Watching the 2008 Democratic National convention in Denver, I suddenly got an answer to the last question. In fact, Beijing had had some football size stadiums that could have hosted the Olympic opening ceremony. Why did they bother to build a new one? This architectural master piece is most suitable to host a national convention. One day, billions of Chinese will hear the voices of their own Ted Kennedy, Hillary Rodham Clinton from a podium at the Bird’s Net. Once that happens, China will recover the full cost of all Olympic infrastructures. On this subject, professionals can forget about their mathematical, financial equations.
(2) Barack Obama officially accepted a Democratic Party nomination as a presidential candidate on Thursday night. It was the first time I heard an Obama speech in its entirety. Mr. Obama looked presidential. His tones carried a quality of a persuasive priest. He rightly pointed out that we should withdraw from Iraq – from a war of no win. He also nailed it on the head that we should complete the war in Afghanistan by wiping out the theorists in the caves. Mr. Obama also gains points by making compromising suggestions on the two issues that potentially could split the country, abortion and gun controls. Some other promises he made, such as tax reduction for 95% of Americans, universal healthcare are good to the ears. But I have not been able to come up with Obama’s math. Obama said he will elaborate those plans in the future presidential debates. Let’s just wait a bit.
Last night was an Obama’s night. He put on his best show and scored nicely. He apparently convinced his believers. Will he win in November? Here let us draw parallelism from the Olympic gymnastic shows. One girl has just scored nicely. The audience has to wait for second girl to complete her exercise. If John McCain makes many ‘un-forced’ errors, Senator Obama will be the next president.
(3) I have been having ‘Network World’ magazine for many years. Never read it seriously. Last time when my free subscription was about to expire, I renewed reluctantly only after the magazine simplified the renewal process to a single mouse click. In the last issue, an article stuck a cord in my heart. “20 ways to survive a layoff” stood out from many of the articles on this topic. It was written by an author who has been there, done it and survived it himself. The author’s personal experiences are not what the academic career counselors can offer. The author throws in many personal details that gave the article an irresistible power. In bed, I picked up this magazine to make me go asleep fast but ended up reading the entire article multiple times. All the advices are genuine. Some details are extremely touching such as on applying for unemployment claims, in cutting the cost of food by storing milk bought in bulk in the freezer, buying health insurance and using job boards. Thank you, Ron Nutter, for writing such an authentic piece. Speaking of authenticity, maybe it is not a bad idea to send a copy to Senator Obama's new partner Senator Joe Biden.
Watching the 2008 Democratic National convention in Denver, I suddenly got an answer to the last question. In fact, Beijing had had some football size stadiums that could have hosted the Olympic opening ceremony. Why did they bother to build a new one? This architectural master piece is most suitable to host a national convention. One day, billions of Chinese will hear the voices of their own Ted Kennedy, Hillary Rodham Clinton from a podium at the Bird’s Net. Once that happens, China will recover the full cost of all Olympic infrastructures. On this subject, professionals can forget about their mathematical, financial equations.
(2) Barack Obama officially accepted a Democratic Party nomination as a presidential candidate on Thursday night. It was the first time I heard an Obama speech in its entirety. Mr. Obama looked presidential. His tones carried a quality of a persuasive priest. He rightly pointed out that we should withdraw from Iraq – from a war of no win. He also nailed it on the head that we should complete the war in Afghanistan by wiping out the theorists in the caves. Mr. Obama also gains points by making compromising suggestions on the two issues that potentially could split the country, abortion and gun controls. Some other promises he made, such as tax reduction for 95% of Americans, universal healthcare are good to the ears. But I have not been able to come up with Obama’s math. Obama said he will elaborate those plans in the future presidential debates. Let’s just wait a bit.
Last night was an Obama’s night. He put on his best show and scored nicely. He apparently convinced his believers. Will he win in November? Here let us draw parallelism from the Olympic gymnastic shows. One girl has just scored nicely. The audience has to wait for second girl to complete her exercise. If John McCain makes many ‘un-forced’ errors, Senator Obama will be the next president.
(3) I have been having ‘Network World’ magazine for many years. Never read it seriously. Last time when my free subscription was about to expire, I renewed reluctantly only after the magazine simplified the renewal process to a single mouse click. In the last issue, an article stuck a cord in my heart. “20 ways to survive a layoff” stood out from many of the articles on this topic. It was written by an author who has been there, done it and survived it himself. The author’s personal experiences are not what the academic career counselors can offer. The author throws in many personal details that gave the article an irresistible power. In bed, I picked up this magazine to make me go asleep fast but ended up reading the entire article multiple times. All the advices are genuine. Some details are extremely touching such as on applying for unemployment claims, in cutting the cost of food by storing milk bought in bulk in the freezer, buying health insurance and using job boards. Thank you, Ron Nutter, for writing such an authentic piece. Speaking of authenticity, maybe it is not a bad idea to send a copy to Senator Obama's new partner Senator Joe Biden.
Subscribe to:
Posts (Atom)
