- LittleBits Adds Functionality (MakeZine) — That next big idea might come from one of the latest bits in the littleBits catalog, the cloudBit. The piece enables wi-fi control of your circuit in various configurations — from the Internet to the bit, from the bit to the internet, or from bit to bit.
- Big Data’s Big Ideas (Ben Lorica) — this is a lot of what’s on the O’Reilly radar at the moment. Excellent short summary, with links.
- Rodney Brooks and Robotics (Boston Magazine) — [The robot] Baxter’s LCD eyes will look at the spot where it’s about to reach, making its movements, from a human perspective, more predictable. “If you want a machine to be able to interact with people,” Brooks says, “it better not do things that are surprising to people.”
- FUZIX — new open source OS from Alan Cox. Runs on Z80s, mostly runs on 6502s, and in theory if it’s got 8 bits and banked RAM you can probably run Fuzix OS on it. (via Alan Cox)
Think your IT staff can protect you better than major cloud providers? Think again.
I just ran across Katie Fehrenbacher’s article in GigaOm that made a point I’ve been arguing (perhaps not strongly enough) for years. When you start talking to people about “the cloud,” you frequently run into a knee-jerk reaction: “Of course, the cloud isn’t secure.”
I have no idea what IT professionals who say stuff like this mean. Are they thinking about the stuff they post on Facebook? Or are they thinking about the data they’ve stored on Amazon? For me, the bottom line is: would I rather trust Amazon’s security staff, or would I rather trust some guy with some security cert that I’ve never heard of, but whom the HR department says is “qualified”? Read more…
Common behavior to watch out for when transitioning to a PaaS
Today I am going to cover 5 ways developers may be on a Platform as a Service (PaaS) but have not really embraced the new platform effectively. If you have done any of these things below while building your application hosted on a PaaS, like OpenShift, Heroku, or Google App Engine, don’t feel bad:
- PaaS is a relatively new concept in the development world and I think some of these patterns are only recently coming to light
- I have seen veteran developers making these mistakes as they move to the new paradigm
One piece of terminology I will use throughout the article is container. When I am using this word I am referring to the piece of the PaaS that hosts the application and does the work. An application can be composed of multiple containers and the PaaS will probably have a method to add your favorite server-side tech to the container. On OpenShift this is called a gear while on Heroku it is called a dyno.
So without further ado, let’s dig in on some of the code smells in the cloud.
Security in cloud environments better enhanced in other ways
With compliance becoming an ever-increasing priority and hybrid infrastructures becoming the norm, many traditional IT practices must evolve or die. Perhaps a widely used practice that hasn’t kept up with the evolution of compliance requirements in increasingly hybrid environments is the jump server, often called the jump box.
The original theory for jump boxes made a lot of sense. Set up a jump box as a bastion host inside of your environment that everybody logs into and then you can “jump” to any of the other boxes or servers. The jump box would be a heavily fortified gatekeeper, ensuring that only the correct users could pass it. Audit controls would be placed on the jump box to track all user activity. For those that wanted to level up, multi-factor authentication could be installed at the jump box to make it harder for an attacker to leverage stolen credentials.