"cloud" entries

Four short links: 24 January 2014

Four short links: 24 January 2014

Floating Point, Secure Distributed FS, Cloud Robotics, and Domestic Sensors

  1. What Every Computer Scientist Should Know About Floating Point Arithmetic — in short, “it will hurt you.”
  2. Ori a distributed file system built for offline operation and empowers the user with control over synchronization operations and conflict resolution. We provide history through light weight snapshots and allow users to verify the history has not been tampered with. Through the use of replication instances can be resilient and recover damaged data from other nodes.
  3. RoboEartha Cloud Robotics infrastructure, which includes everything needed to close the loop from robot to the cloud and back to the robot. RoboEarth’s World-Wide-Web style database stores knowledge generated by humans – and robots – in a machine-readable format. Data stored in the RoboEarth knowledge base include software components, maps for navigation (e.g., object locations, world models), task knowledge (e.g., action recipes, manipulation strategies), and object recognition models (e.g., images, object models).
  4. Mother — domestic sensors and an app with an appallingly presumptuous name. (Also, wasn’t “Mother” the name of the ship computer in Alien?) (via BoingBoing)
Comment: 1

Is the Jump Box Obsolete?

Security in cloud environments better enhanced in other ways

With compliance becoming an ever-increasing priority and hybrid infrastructures becoming the norm, many traditional IT practices must evolve or die. Perhaps a widely used practice that hasn’t kept up with the evolution of compliance requirements in increasingly hybrid environments is the jump server, often called the jump box.

The original theory for jump boxes made a lot of sense. Set up a jump box as a bastion host inside of your environment that everybody logs into and then you can “jump” to any of the other boxes or servers. The jump box would be a heavily fortified gatekeeper, ensuring that only the correct users could pass it. Audit controls would be placed on the jump box to track all user activity. For those that wanted to level up, multi-factor authentication could be installed at the jump box to make it harder for an attacker to leverage stolen credentials.

Read more…

Comment

How did we end up with a centralized Internet for the NSA to mine?

The Internet is naturally decentralized, but it's distorted by business considerations.

I’m sure it was a Wired editor, and not the author Steven Levy, who assigned the title “How the NSA Almost Killed the Internet” to yesterday’s fine article about the pressures on large social networking sites. Whoever chose the title, it’s justifiably grandiose because to many people, yes, companies such as Facebook and Google constitute what they know as the Internet. (The article also discusses threats to divide the Internet infrastructure into national segments, which I’ll touch on later.)

So my question today is: How did we get such industry concentration? Why is a network famously based on distributed processing, routing, and peer connections characterized now by a few choke points that the NSA can skim at its leisure?
Read more…

Comments: 7

Security firms must retool as clients move to the cloud

The risk of disintermediation meets a promise of collaboration.

This should be flush times for firms selling security solutions, such as Symantec, McAfee, Trend Micro, and RSA. Front-page news about cyber attacks provides free advertising, and security capabilities swell with new techniques such as security analysis (permit me a plug here for our book Network Security Through Data Analysis). But according to Jane Wright, senior analyst covering security at Technology Business Research, security vendors are faced with an existential threat as clients run their applications in the cloud and rely on their cloud service providers for their security controls.
Read more…

Comments: 4
Four short links: 27 November 2013

Four short links: 27 November 2013

3D Fossils, Changing Drone Uses, High Scalability, and Sim Redux

  1. CT Scanning and 3D Printing for Paleo (Scientific American) — using CT scanners to identify bones still in rock, then using 3D printers to recreate them. (via BoingBoing)
  2. Growing the Use of Drones in Agriculture (Forbes) — According to Sue Rosenstock, 3D Robotics spokesperson, a third of their customers consist of hobbyists, another third of enterprise users, and a third use their drones as consumer tools. “Over time, we expect that to change as we make more enterprise-focused products, such as mapping applications,” she explains. (via Chris Anderson)
  3. Serving 1M Load-Balanced Requests/Second (Google Cloud Platform blog) — 7m from empty project to serving 1M requests/second. I remember when 1 request/second was considered insanely busy. (via Forbes)
  4. Boil Up — behind the scenes for the design and coding of a real-time simulation for a museum’s science exhibit. (via Courtney Johnston)
Comment
Four short links: 29 October 2013

Four short links: 29 October 2013

Digital Citizenship, Berg Cloud, Data Warehouse, and The Spying Iron

  1. Mozilla Web Literacy Standard — things you should be able to do if you’re to be trusted to be on the web unsupervised. (via BoingBoing)
  2. Berg Cloud Platform — hardware (shield), local network, and cloud glue. Caution: magic ahead!
  3. Sharka large-scale data warehouse system for Spark designed to be compatible with Apache Hive. It can execute Hive QL queries up to 100 times faster than Hive without any modification to the existing data or queries. Shark supports Hive’s query language, metastore, serialization formats, and user-defined functions, providing seamless integration with existing Hive deployments and a familiar, more powerful option for new ones. (via Strata)
  4. The Malware of Thingsa technician opening up an iron included in a batch of Chinese imports to find a “spy chip” with what he called “a little microphone”. Its correspondent said the hidden devices were mostly being used to spread viruses, by connecting to any computer within a 200m (656ft) radius which were using unprotected Wi-Fi networks.
Comment
Four short links: 12 September 2013

Four short links: 12 September 2013

PaaS Vendors, Educational MMO, Changing Culture, Data Mythologies

  1. Amazon Compute Numbers (ReadWrite) — AWS offers five times the utilized compute capacity of each of its other 14 top competitors—combined. (via Matt Asay)
  2. MIT Educational MMOThe initial phase will cover topics in biology, algebra, geometry, probability, and statistics, providing students with a collaborative, social experience in a systems-based game world where they can explore how the world works and discover important scientific concepts. (via KQED)
  3. Changing Norms (Atul Gawande) — neither penalties nor incentives achieve what we’re really after: a system and a culture where X is what people do, day in and day out, even when no one is watching. “You must” rewards mere compliance. Getting to “X is what we do” means establishing X as the norm.
  4. The Mythologies of Big Data (YouTube) — Kate Crawford at UC Berkeley iSchool. The six months: ‘Big data are new’, ‘Big data is objective’, ‘Big data don’t discriminate’, ‘Big data makes cities smart’, ‘Big data is anonymous’, ‘You can opt out of big data’. (via Sam Kinsley)
Comments: 2
Four short links: 28 August 2013

Four short links: 28 August 2013

Cloud Orchestration, Cultural Heritage, Student Hackers, and Visual Javascript

  1. Juju — Canonical’s cloud orchestration software, intended to be a peer of chef and puppet. (via svrn)
  2. Cultural Heritage Symbols — workshopped icons to indicate interactives, big data, makerspaces, etc. (via Courtney Johnston)
  3. Quinn Norton: Students as Hackers (EdTalks) — if you really want to understand the future, don’t look at how people are looking at technology, look at how they are misusing technology.
  4. noflo.js — visual flow controls for Javascript.
Comment: 1

Tesla Model S REST API Authentication Flaws

As many of you know, APIs matter to me. I have lightbulbs that have APIs. Two months ago, I bought a car that has an API: The Tesla Model S.

For the most part, people use the Tesla REST API via the iPhone and Android mobile apps. The apps enable you to do any of the following:

  • Check on the state of battery charge
  • Muck with the climate control
  • Muck with the panoramic sunroof
  • Identify where the hell your car is and what it’s doing
  • Honk the horn
  • Open the charge port
  • Change a variety of car configuration settings
  • More stuff of a similar nature

For the purposes of this article, it’s important to note that there’s nothing in the API that (can? should?) result in an accident if someone malicious were to gain access. Having said that, there is enough here to do some economic damage both in terms of excess electrical usage and forcing excess wear on batteries.

Read more…

Comments: 26

Will Developers Move to Sputnik?

The past, present, and future of Dell's project

Barton George (@barton808) is the Director of Development Programs at Dell, and the lead on Project Sputnik—Dell’s Ubuntu-based developer laptop (and its accompanying software). He sat down with me at OSCON to talk about what’s happened in the past year since OSCON 2012, and why he thinks Sputnik has a real chance at attracting developers.

Key highlights include:

  • The developers that make up Sputnik’s ideal audience [Discussed at 1:00]
  • The top three reasons you should try Sputnik [Discussed at 2:46]
  • What Barton hopes to be talking about in 2014 [Discussed at 4:36]
  • The key to building a community is documentation [Discussed at 5:20]

You can view the full interview here:

Read more…

Comment