Security Breaches!

So many columnists have written about security breaches this year and last; the cat and mouse game seems to have favored the cat more than the mouse recently.

With major attacks against Google and the distributed denial of service (DDoS) attacks against Amazon and PayPal last year, plus major attacks against security vendors and now the most prominent organizations in the open source community - kernel.org, linux.com, and linuxfoundation.org. These most recent attacks were apparently not as targeted at stealing certain information. Because of this, and the sloppiness of the attackers, the breaches were discovered and fixed.

This is indicative to us general users that we need to understand how many layers of components are involved in our daily computing tasks. Every layer is susceptible to various kinds of attacks, and we need to understand how each layer is related to the others in order to knowledgeably protect ourselves. It often comes down to the password being irrelevant, due to weaknesses present in various system software that can gain access without it, so we need to keep a close watch on the vendors of the various software we run, securely obtain updates to the software, and ensure that they are always working as expected. We can also be easily misled by carefully-constructed social engineering attacks that, while not targeted at individual persons, do expose individual persons' information, in various forms, to parties with eventual malicious intent.

Social engineering is a method of using existing social relationships and perceptions to glean information that would not simply be given out otherwise. An email claiming to be from your bank or other service provider asking for your credentials in order to repair your account is an obvious breach of your trust; you should instead use your own means to contact your bank and verify the integrity of your account. Links provided in emails that allegedly take you directly to certain information within your account (but which will require you to log in) should immediately be suspect. Instead, visit the homepage of the site, access your account (preferably logging in via https), and then locate the information mentioned in the email notification. The US-CERT (US Computer Emergency Readiness Team) publishes frequently on safe behavior in cyberspace, and it is important that not only IT professionals and those responsible for big businesses or critical infrastructure, but also individual consumers observe these safe practices.

Be safe!

Registered Linux User #370740 (http://linuxcounter.net)

Google, Operating Systems, and Clouds

I have blogged recently about IPv6, actually twice in a row! Time for a little change in that department.

I have said a few times that in the computing industry, we often see a proliferation of multiple tools responding to the same need, which starts to confuse consumers (beginning with those in software development and trickling down to the average user). A few years into the proliferation cycle, the winners start buying up the competition or incorporating their feature sets into their own product. This consolidation phase builds a platform for future growth and provides an implicit standardization mechanism for the industry as a whole.

It is interesting, however, to notice how much Google has done in recent years to insert itself into markets previously untouched by Google. They moved from just web search at the beginning into various web-based software segments with rich applications like Gmail and Google Docs; Analytics and Web History were organic developments along the web search line, but nevertheless revolutionary for us consumers of the web. Google internally develops all kinds of solutions catalyzing its use of hardware and software with its BigTable distributed storage system and MapReduce distributed computation engines. It supports open source development with Google Code resources and dynamic web applications testing and deployment with the AppEngine. It has developed a few programming languages from scratch and made countless improvements to other languages. And it has provided a huge percentage of the development team at Facebook, in the way of former Google employees.

Google is also leading the way in terms of clean and effective user interfaces! I logged into my Blogger account today to find that it, too, has been refreshed to the new Google interface, which is more compatible with touch-screen devices and includes lots of HTML5/CSS3 glory. Compared to the new Analytics interface, I am loving the new Blogger interface. Calendar has taken some getting used to, but I'm comfortable with it now. I am glad they haven't gone the way of the Ribbon, however. Speculations about key features in Windows 8 sound like there are plenty of improvements and the Ribbon may actually become more practical. Microsoft is catering to a different audience than Apple, and I think the divergent paths here settle the age-old niche argument. My feeling about OS X Lion (10.7) is that it is becoming more of "grandma's OS" and even less useful for the creative community than before. FinalCut Pro is a glaring example of feature-set reductions that have raised all kinds of commotion in the community. Check out Ars Technica's extensive review. There are so many ground-breaking innovations in operating system design, I don't know what do think of it all. Windows 8, on the other hand, sounds to be more useful and productive for every segment of users from mobile devices, touchscreen devices, and the ordinary desktop, in the way of organic developments of core and familiar features. An official blog post echoes these observations.

Cloud computing, on the other hand, is soaring like crazy with so many providers out there that it is extremely difficult to keep track of them all. Amazon alone is a best with an elastic-everything offering from traditional computing units and storage units to MapReduce units and statistics and monitoring. I am glad I stuck with Rackspace Cloud, however. A quick test of deployment speed and simplicity between Amazon's EC2 and Rackspace CloudServers for Windows Server 2008 R2 64-bit proved Rackspace as the clear leader in both categories. It was both up and running sooner and easier to access. No configuring EC2 security groups or downloading cryptographic keys and a far simpler web-based management interface than EC2. So if I need a Windows machine elsewhere in a snap, Rackspace is my 15-minute solution. I can also set up an automated deployment process for myself using my existing linux CloudServer to host necessary files on the Rackspace Cloud and take advantage of free internal transfers; I would essentially become my own mirror and therefore only leave my expensive Windows server ($.08/hr) up when needed, configuring only what is necessary on the fly.

Well, this is a long article for a Saturday morning, so we'll just leave it all at that. Happy computing!


Registered Linux User #370740 (http://linuxcounter.net)

Facebook

Paul Nguyen's Facebook profile

Nerd Test

v1.0:
I am nerdier than 94% of all people. Are you a nerd? Click here to take the Nerd Test, get nerdy images and jokes, and talk on the nerd forum!
v2.0:
NerdTests.com says I'm an Uber Cool High Nerd.  Click here to take the Nerd Test, get nerdy images and jokes, and write on the nerd forum!

Bloggers' Rights

Bloggers' Rights at EFF