Web TechnologyNo comments
02
May 09

Cloud Security

Security is one of the most often-cited objections to cloud computing; analysts and skeptical companies ask “who would trust their essential data ‘out there’ somewhere?”.

The security issues involved in protecting clouds from outside threats are similar to those already facing large datacenters, except that responsibility is divided between the cloud user and the cloud operator. The cloud user is responsible for application-level security. The cloud provider is responsible for physical security, and likely for enforcing external firewall policies. Security for intermediate layers of the software stack is a shared between the user and the operator; the lower the level of abstraction exposed to the user, the more responsibility goes with it. Amazon EC2 users have more responsibility for their security than do Azure users, who in turn have more responsibilities than AppEngine customers. This user responsibility, in turn, can be outsourced to third parties who sell specialty security services. The homogeneity and standardized interfaces of platforms like EC2 makes it possible for a company to offer, say, configuration management or firewall rule analysis as value-added services. Outsourced IT is familiar in the enterprise world; there is nothing intrinsicaly infeasible about trusting third parties with essential corporate infrastructure.

While cloud computing may make external-facing security easier, it does pose the new problem of internal-facing security. Cloud providers need to guard against theft or denial of service attacks by users. Users need to be protected against one another.

The primary security mechanism in today’s clouds is virtualization. This is a powerful defense, and protects against most attempts by users to attack one another or the underlying cloud infrastructure. However, not all resources are virtualized and not all virtualizion environments are bug-free. Virtualization software has been known to contain bugs that allow virtualized code to “break loose” to some extent. [1] Incorrect network virtualization may allow user code access to sensitive portions of the provider’s infrastructure, or to the resources of other users. These challenges, though, are similar to those involved in mangaging large non-cloud datacenters, where different applications need to be protected from one another. Any large internet service will need to ensure that one buggy service doesn’t take down the entire datacenter, or that a single security hole doesn’t compromise everything else.

One last security concern is protecting the cloud user against the provider. The provider will by definition control the “bottom layer” of the software stack, which effectively circumvents most known security techniques. Absent radical changes in security technology, we expect that users will use contracts and courts, rather than clever security engineering, to guard against provider malfeasence. The one important exception is the risk of inadvertent data loss. It’s hard to imagine Amazon spying on the contents of virtual machine memory; it’s easy to imagine a hard disk being disposed of without being wiped, or a permissions bug making data visible improperly.

There’s an obvious defense, namely user-level encryption of storage. This is already common for high-value data outside the cloud, and both tools and expertise are readily available. The catch is that key management is still challenging: users would need to be careful that the keys are never stored on permanent storage or handled improperly. Providers could make this simpler by exposing APIs for things like curtained memory or security sensive storage that should never be paged out.

[1] Indeed, even correct VM environments can allow the virtualized software to “escape” in the presence of hardware errors. See Sudhakar Govindavajhala and Andrew W. Appel, Using Memory Errors to Attack a Virtual Machine. 2003 IEEE Symposium on Security and Privacy, pp. 154-165, May 2003.

Web TechnologyNo comments
26
Apr 09

O3D: Google releases 3D API in a Browser Plugin

Google has released O3D, a browser plugin that gives developers a 3D API. It sits at a slightly higher level than other APIs (such as OpenGL / Canvas 3D type implementations) so it will be interesting to see if developers like the higher level abstraction, especially for building games. These APIs can also be implemented on top of the lower level APIs, so in theory it could sit on top of Canvas 3D.

There are plenty of demos, samples of code and shaders (they created a O3D shading language).

Interestingly, it embeds V8 as the JavaScript engine which makes for a uniform engine, but unfortunately you can’t use your browser debugger (e.g. no Firebug).

It has also been carefully positioned “This API is shared at an early stage as part of a conversation with the broader developer community about establishing an open web standard for 3D graphics.”

It is interesting to see another new plugin from Google. I always hoped that Gears would be one developer plugin to rule them all but then we have the Earth API, and this (as well as the non developer ones like the defunct Lively).

Anyway, cool to see rich experiments in bringing 3D to Web developers, and I look forward to seeing what people do with it! Leisure Suit Larry 3D anyone? :)

UncategorizedNo comments
02
Jan 09

Understanding Flow Charts

Understanding Flow Charts

A cool way for Understanding Flow Charts

Web TechnologyNo comments
14
Dec 08

ORM with PHP

Yes, in my opinion PHP is still one of the best solution to build complex web 2.0 applications.

There are a lot of great PHP Frameworks out there which makes your life easier (Symfony, CakePHP, Codeigniter, and more…).

Now you can enjoy 100% Object-relational mapping in PHP by using IgnitedRecord library under the Codeigniter framework.

Here is a snapshot of how ORM can be achieved with PHP:

$this->load->model(‘ignitedrecord/ignitedrecord’);

$this->post = IgnitedRecord::factory(‘posts’);
$this->post->belongs_to(‘user’)->fk(‘author’);

$posts = $this->post->like(‘CodeIgniter’)
->order_by(‘date’, ‘desc’)
->join_related(‘user’)
->find_all();

foreach($posts as $post){
echo $post->title;
echo $post->user_username;
}

Web TechnologyNo comments
06
Dec 08

Transforming your mobile phone into a fully functional callcenter

iPhone Apache PHPI was amazed when I saw that the iPhone provides a unix-like terminal.

I read this article: http://www.mgamble.ca/oss/iphone_asterisk/ and I realized that asterisk PBX can run on this mobile and handle calls as a typical call center with welcoming messages, ques, rules and so on…

What else could we expect? web server running on the mobile? This is possible too!
Check this out: http://idude.org/2007/11/07/an-iphone-powered-apache-web-server-with-php/

Web TechnologyComments Off
15
Nov 08

The world’s most super-designed data center

This underground data center has greenhouses, waterfalls, German submarine engines, simulated daylight and can withstand a hit from a hydrogen bomb. It looks like the secret HQ of a James Bond villain.

And it is real. It is a newly opened high-security data center run by one of Sweden’s largest ISPs, located in an old nuclear bunker deep below the bedrock of Stockholm city, sealed off from the world by entrance doors 40 cm thick (almost 16 inches).

Above left: View from the conference room (its floor is the surface of the Moon). Above right: Power equipment.

Above left: View from the conference room (its floor is the surface of the Moon). Above right: Power equipment.

Above: The NOC is set in a cozy jungle setting. That light fog almost makes us think of cloud computing. Fog computing? :)

Above: The NOC is set in a cozy jungle setting. That light fog almost makes us think of cloud computing. Fog computing? :)

Above: The space-themed conference room is suspended about the server hall.

Above: The space-themed conference room is suspended about the server hall.

Above left: The submarine engines used for backup power. Above right: Another view of the power equipment.

Above left: The submarine engines used for backup power. Above right: Another view of the power equipment.

And here is what it used to look like

And here is what it used to look like

Above: This map shows the layout of the data center.

Above: This map shows the layout of the data center.

Facts about the data center

  • Originally a nuclear bunker: The data center is housed in what was originally a military bunker and nuclear shelter during the Cold War era. The facility still has the code name from its military days: Pionen White Mountains.
  • Located in central Stockholm below 30 meters (almost 100 ft) of bedrock: The facility has 1110 sqm (11950 sq ft) of space and is located below 30 meters of solid bedrock (granite) right inside the city.
  • Fully redesigned in 2007-2008: Pionen was completely redesigned in 2007-2008 to become the data center that it is today. More than 4,000 cubic meters (141,300 cubic ft) of solid rock was blasted away to make more room.
  • Can withstand a hydrogen bomb: The bunker was designed to be able to withstand a near hit by a hydrogen bomb.
  • Houses the Network Operations Center for one of Sweden’s largest ISPs: The bunker houses the NOC for all of Bahnhof’s operations. They have five data centers in Sweden, Pionen being the largest. The facility also acts as a co-location hosting center, so you can actually put your own servers here.
  • German submarine engines for backup power: Backup power is handled by two Maybach MTU diesel engines producing 1.5 Megawatt of power. The engines were originally designed for submarines, and just for fun the people at Pionen have also installed the warning system (sound horns) from the original German submarine.
  • 1.5 megawatt of cooling for the servers: Cooling is handled by Baltimore Aircoil fans producing a cooling effect of 1.5 megawatt, enough for several hundred rack-mounted units.
  • Triple redundancy Internet backbone access: The network has full redundancy with both fiber optics and extra copper lines with three different physical ways into the mountain. Pionen is one the best-connected places in northern Europe.
  • Work environment with simulated daylight and greenhouses: For a pleasant working environment the data center has simulated daylight, greenhouses, waterfalls and a huge 2600-liter salt water fish tank.
  • Staff: 15 employees, only senior technical staff, work full time in Pionen.

Further info: http://www.bahnhof.se/colocation.php

Web TechnologyComments Off
30
Sep 08

Google turns 10, and gives us a nice scrollable timeline

Google has turned 10, and we wanted to celebrate. Soon we will be a teenager :) a Googler said…

The site for the Tenth birthday has some nice features, including a scrolling time line of the history that is very Gooey indeed.

There are nice subtle elements to the component. If you scroll the bar you will see that the size of the blue area changes as the scope changes.

It’s fun to look back and see how bad the original logo was (no comment on the current one ;)

Web TechnologyComments Off
28
Sep 08

What’s new in HTML 5

This is a series of demos intended for showing implementations of HTML5 in (non-final) browsers available in September 2008.

See also: Web Hypertext Application Technology

Web TechnologyComments Off
28
Aug 08

New Algorithm Boosts Network Efficiency

Researchers at the University of California have developed a new network routing algorithm that has the potential to significantly boost Internet traffic routing efficiency. This new approach focuses on the needs of dynamic networks, where connections are frequently transient. From the article: ‘What the team did with their new routing algorithm, according to Savage’s student Kirill Levchenko, was to reduce the “communication overhead” of route computation — by an order of magnitude.’

Web TechnologyComments Off
03
Jun 08

Create Ascii Art..

I just remembered the old DOS times…

Convert your text to ascii art NOW! :)

http://www.patorjk.com/software/taag/

← Older Entries
Newer Entries →