Cloud computing and privacy

The early results are not too promising.

From the link:

Loosely defined, cloud computing involves programs or services that run on Internet servers. Despite the buzz surrounding it, the idea isn’t new–think Web mail. But huge benefits, such as being able to gain access to your data from anywhere and not having to worry about backups, have led more people to leap to the Internet to do everything from writing documents and watching movies to managing their businesses. Unfortunately, privacy is often still stuck at home.

Behind the Times

Archaic laws that focus on where your information is, rather than what it is, are part of the problem. But a disturbing lack of respect for essential privacy among industry heavyweights who should know better is also evident.

Consider comments that Google CEO Eric Schmidt made during a recent CNBC interview. In response to the question, “People are treating Google (GOOG) like their most trusted friend. Should they be?” Schmidt responded, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.

This kind of “only the guilty have anything to hide” mindset is a privacy killer, and rests on the completely flawed no tion that people want privacy only when they’re doing something wrong. There’s nothing wrong with my taking a shower or searching for information about a medical condition. But it’s still private.

It’s possible Schmidt spoke without thinking–Google is mum for now on the prospect of issuing a clarification of any kind. But meanwhile, privacy is taking a pounding in other areas, as well.

Last summer, a U.S. District Court judge in Oregon ruled that government law enforcement agencies need not provide you with a copy of a warrant they have obtained in order to read all of your e-mail stored on an Internet server–where most of us keep e-mail these days. It’s sufficient to give your Internet service provider notice, according to Judge Michael Mosman.

In his opinion and order, Mosman noted the Fourth Amendment’s “strong privacy protection for homes and the items within them in the physical world.” Still, he said, “When a person uses the Internet, however, the user’s actions are no longer in his or her physical home; in fact he or she is not truly acting in private space at all.”

I bolded that last bit of text, and that may be the most important statement regarding cloud computing and privacy — when you are operating in the cloud, United States Fourth Amendment law as it is currently read does not protect your privacy.

Let me restate that — any actions you take in any aspect of cloud computing conceivably are not covered by your Fourth Amendment right to privacy. This fact should give anyone who is considering the cloud for anything beyond trivial usage a great deal of pause.

Cloud computing security

Security is certainly the most prominent concern going right now with cloud computing. Having a long memory of dodgey connectivity using dial-up and even DSL lines, just making certain I could get to my data, services, et.al. in the cloud remain something of a personal concern.

From the link:

The hype around cloud computing would make you think mass adoption will happen tomorrow. But recent studies by a number of sources have shown that security is the biggest barrier to cloud adoption. The reality is cloud computing is simply another step in technology evolution following the path of mainframe, client server and Web applications, all of which had — and still have — their own security issues

Security concerns did not stop those technologies from being deployed and they will not stop the adoption of cloud applications that solve real business needs. To secure the cloud, it needs to be treated as the next evolution in technology not a revolution that requires broad based changes to your security model. Security policies and procedures need to be adapted to include cloud models in order to prepare for the adoption of cloud-based services. Like other technologies, we’re seeing early adopters take the lead and instill confidence in the cloud model by deploying private clouds or by experimenting with less-critical information in public clouds.

Using the cloud for code debugging

Interesting idea, but I get the feeling this release is trading on “cloud” being the tech word of the moment.

The release:

Safety in numbers — a cloud-based immune system for computers

A new approach for managing bugs in computer software has been developed by a team led by Prof. George Candea at EPFL. The latest version of Dimmunix, available for free download, enables entire networks of computers to cooperate in order to collectively avoid the manifestations of bugs in software.

A new IT tool, developed by the Dependable Systems Lab at EPFL in Switzerland, called “Dimmunix,” enables programs to avoid future recurrences of bugs without any assistance from users or programmers. The approach, termed “failure immunity,” starts working the first time a bug occurs – it saves a signature of the bug, then observes how the computer reacts, and records a trace. When the bug is about to manifest again, Dimmunix uses these traces to rec-ognize the bug and automatically alters the execution so the program continues to run smooth-ly. With Dimmunix, your Web browser learns how to avoid freezing a second time when bugs associated with, for example, plug-ins occur. Going a step further, the latest version uses cloud computing technology to take advantage of networks and thereby inoculating entire communities of computers.

“Dimmunix could be compared to a human immune system. Once the body is infected, its immune system develops antibodies. Subsequently, when the immune system encounters the same pathogen once again, the body recognizes it and knows how to effectively fight the ill-ness,” explains George Candea, director of Dependable Systems Lab, where the new tool has been developed. The young Romanian professor received his PhD in computer science from Stanford University in 2005 and his BS (1997) and MEng (1998) in computer science from the Massachusetts Institute of Technology.

The latest version, released online at the end of December (http://dimmunix.epfl.ch/), leverag-es the network. Based on the principle of cloud computing, all computers participating in the Dimmunix application community benefit from vaccines automatically produced whenever the first manifestation of a given bug within that community. This new version of Dimmunix is able to safely protect programs from bugs, even in un-trusted environments such as the In-ternet.

For the moment meant primarily for computer programmers, Dimmunix works for all widely-used programs used by private individuals and by companies. It is useful for programs written in Java and C/C++; it has been demonstrated on real software systems (JBoss, MySQL, Acti-veMQ, Apache, httpd, JDBC, Java JDK, and Limewire).

###

Microsoft wants data center legal protection

Actually, not a bad idea.

From the link:

Microsoft Corp.’s (MSFT) top legal official yesterday called on Congress to create new laws that would give data stored in the cloud the same protections as data stored on a PC. He also called for tougher penalties for hackers who access data centers, citing significant damage that’s often done in such attacks.

Brad Smith, senior vice president and general counsel at Microsoft, told an audience at a Brookings Institution forum here today that laws now protecting electronic data were written in the early days of PCs. “We need Congress to modernize the laws and adapt them to the cloud,” he said.

While many consumers have adopted cloud computing by subscribing to e-mail services like Google (GOOG) Gmail, to social networks like Facebook and to Microsoft’s increasing online services offerings, enterprises have been somewhat cautious about moving corporate data to hosted systems due to legal and security concerns both here and abroad. Those fears have been causing problem for IT vendors, forcing some to provide significant protections to large users.

Microsoft, Hewlett-Packard teaming for cloud computing project

To the tune of a quarter billion dollars. Pretty serious initiative, I’d say.

From the link:

“This is all about integrating technology and making things as close to ‘plug and play’ as we can,” HP CEO Mark Hurd said during a telephone conference call with Microsoft CEO Steve Ballmer and other executives, in which they announced a partnership that appears to represent another move toward consolidation in the commercial tech industry.

The two tech giants said they will collaborate in designing a full “stack” of data center hardware, software management tools and other applications, as well as on Windows Azure, which is Microsoft’s operating platform for cloud computing, in which customers can access data center services over the Internet.

Microsoft, which is a major provider of business software, said it will use HP hardware in the data centers that run the Azure platform. HP, which is a leading provider of data center hardware, said it will develop products that can be sold pre-loaded with Microsoft’s operating system, database program or other software.

“We’re driving ahead aggressively with Hewlett-Packard,” Ballmer said during the announcement. However, he also noted that both companies will continue to develop products in collaboration with other partners in the tech industry, such as Oracle and Dell.

Both executives also said their companies will continue to develop hardware and software that works with products from other tech vendors.

Google’s Chrome OS is out

Here’s a quick report from Technology Review. I’m not convinced naming the operating system to match the browser is that great an idea. I see confusion amongst the casual user. I’m guessing that’s what Google is shooting for, but I don’t see any real advantage there. Both products need marketing — marketing to separate groups — to gain any real traction, and I can’t imagine any level of confusion among users is going to help those efforts.

From the link:

Google gave the first demonstration of its Chrome operating system today, at the same time opening the source code to the public. The company highlighted features that have grown out of what vice president of product management Sundar Pichai called “a fundamentally different model of computing.” Unlike other operating systems, which merely incorporate the Internet, Chrome is completely focused on it.

The Chrome OS is based so aggressively on the Internet that devices running it will not even have hard drives, Pichai said, emphasizing that “every app is a Web app.” All data will be stored in the cloud, and every application will be accessed through the Chrome browser. Because of this, he added, users will never have to install software or manage updates on the device.

The user interface closely resembles the Chrome browser. When the user opens applications, they appear as tabbed windows across the top of the screen. Users can stick their favorite applications to the desktop with one click, creating permanent tabs for them.

A cloud computing primer

I’ve done plenty of blogging about cloud computing, but as the buzzword gets more and more mainstream, more people become curious. This article lays out the basics, pros and cons of cloud computing for anyone looking for a quick primer.

From the second link:

What exactly are we talking about? The “cloud” is an IT term for the Internet, and cloud computing, or cloud integration, means storing and having access to your computer data and software on the Internet, rather than running it on your personal computer or office server. In fact, if you use programs such as Gmail or Google docs (GOOG), you may not realize you are already doing cloud computing.

Part of the confusion is that the terminology is rather vaporous, particularly for non-tech-savvy types, including many small business owners. And it does represent a major shift in how businesses and individuals use and store digital information. We’ll go through some pros and cons that may help you decide whether this is right for your firm.

HTML5 = compatibility

Part two of two posts (find part one here)

CIO.com has an informative article on “Five New Technologies That Will Change Everything.” I’m breaking this particular link into two posts because two of those techs deserve individual attention because of the sea-change they are going to create in your computing and browsing experience respectively.

This post is on the latest HTML version — HTML5. The idea behind HTML5 is creating a standard that allows every web page to look essentially the same regardless which browser, or platform (computer, mobile device, etc.), the user is viewing the page with/on. A lofty goal considering how the browser wars have been fought since IE and Navigator tussled way back in the last century, but here’s to the success of HTML5.

From the link:

Web pages built with HTML5 will display the same on any browser–desktop or mobile.

Hulk VI was great, but what should you watch this evening? Before heading off to work in the morning, you click to some trailers on a movie Website, but you don’t have time to watch many. So you use your mobile phone to snap a picture of the 2D barcode on one of the videos; the phone’s browser then takes you to the same site. On the commuter train to the office, you watch the previews over a 4G cell phone connection. A few of the movies have associated games that you try out on your phone, too.

Remember when every Website had a badge that read “optimized for Netscape Navigator” or “requires Internet Explorer 4″? In the old days, people made Web pages that worked best with–or only with–certain browsers. To some extent, they still do.

The new flavor of the HTML–the standard program for writing Web pages–is called HTML5 (Hypertext Markup Language version 5); and HTML5 aims to put that practice to bed for good.

Specifically, HTML5 may do away with the need for audio, video, and interactive plug-ins. It will allow designers to create Websites that work essentially the same on every browser–whether on a desktop, a laptop, or a mobile device–and it will give users a better, faster, richer Web experience.

Instead of leaving each browser maker to rely on a combination of its in-house technology and third-party plug-ins for multimedia, HTML5 requires that the browser have built-in methods for audio, video, and 2D graphics display. Patent and licensing issues cloud the question of which audio and video formats will achieve universal support, but companies have plenty of motivation to work out those details.

In turn, Website designers and Web app developers won’t have to deal with multiple incompatible formats and workarounds in their efforts to create the same user experience in every browser.

This is an especially valuable advance for mobile devices, as their browsers today typically have only limited multimedia support. The iPhone’s Safari browser, for example, doesn’t handle Adobe Flash–even though Flash is a prime method of delivering video content across platforms and browsers.

“It’ll take a couple of years to roll out, but if all the browser companies are supporting video display with no JavaScript [for compatibility handling], just the video tag and no plug-in, then there’s no downside to using a mobile device,” says Jeffrey Zeldman, a Web designer and leading Web standards guru. “Less and less expert users will have better and better experiences.”

Makers of operating systems and browsers appear to be falling into line behind HTML5. Google Chrome, Apple Safari, Opera, and WebKit (the development package that underlies many mobile and desktop programs), among others, are all moving toward HTML5 support.

For its part, Microsoft says that Internet Explorer 8 will support only parts of HTML5. But Microsoft may not want to risk having its Internet Explorer browser lose more market share by resisting HTML5 in the face of consensus among the other OS and browser makers.

HTML5 is now completing its last march toward a final draft and official support by the World Wide Web Consortium.

Web 2.0 and privacy

As it turns out — not, surprisingly I might add — not so much.

The release:

Looking for privacy in the clouds

DURHAM, N.C. — Millions of Internet users have been enjoying the fun — and free — services provided by advertiser-supported online social networks like Facebook. But Landon Cox, a Duke University assistant professor of computer science, worries about the possible down side — privacy problems.

When people post pictures or political opinions to share with their friends, they’re actually turning them over to the owners of the network as well.

“My concern is that they’re under the control of a central entity,” Cox said. “The social networks currently control all the information that users throw into them. I don’t think that’s necessarily evil. But it raises some concerns.”

For instance, MIT student experimenters have demonstrated the ability to sneak in and download more than 70,000 Facebook profiles. And a BBC technology program also showed how such personal information could be stolen.

“A disgruntled employee could leak information about social network users,” Cox said. “They could also become attractive targets for hackers and other computer ne’er-do-wells.”

Though users may not have caught this when they clicked to accept a site’s terms of service, they’ve largely signed away the rights to their own data by joining an Online Social Network. “These rights commonly include a license to display and distribute all content posted by users in any way the provider sees fit,” Cox said.

To delve deeper into these issues and begin the search for alternatives, Cox recently won a $498,000, three-year grant from the National Science Foundation. The funding is part of the federal stimulus package called the American Recovery & Reinvestment Act of 2009 (ARRA). He and two of his graduate students, Amre Shakimov and Dongtao Liu, are collaborating closely with Ramon Caceres at AT&T Labs in Florham Park, N.J., which is also a major supporter.

“What the grant will do is fund research into alternatives for providing social networking services that don’t concentrate all this information in a single place,” he said. Cox’s notion is instead to create what network architects would call a “peer-to-peer” system architecture in which information is spread out. Being distributed, individual data is thus harder to steal or otherwise exploit.

“The basic idea is that users would control and store their own information and then share it directly with their friends instead of it being mediated through a site like Facebook. And there are some interesting challenges that go along with decomposing something like Facebook into a peer-to-peer system.

“Facebook is a great service because it’s highly available and really fast. When you break something into thousands and millions of different pieces instead, you’d want to try to recreate the same availability and performance. That’s the research challenge we’re going to be looking at over the next three years.”

Cox proposed three possible options in a report for the Association for Computing Machinery’s Workshop for Online Social Networks in Barcelona in August 2009. In each, users would load their personal information into what is called a “Virtual Individual Server,” or VIS.

One option would host each social network user’s VIS on his or her own desktop. “But the problem with desktop machines is that they go down all the time,” Cox said. “When desktops are shut off they are not available.”

An alternative idea is to distribute VISs within redundant “clouds” of servers such as those offered by the Amazon Elastic Computer Cloud. “Amazon will run little computers on your behalf out in their infrastructure,” Cox said. “The nice thing about that is the service will never go down. But the problem is that it’s very expensive. It costs about $50 a month to have just one server out in the cloud.”

A third notion is called “hybrid decentralization.” The idea is to keep VISs on desktops when possible but switch to the more costly and reliable cloud distribution option when individual desktops go offline.

“So there are these different tradeoffs,” Cox said. “Users can try to put their information in clouds of servers, which are going to be highly available but expensive. Or they could try to store it on their own machines, which would be cheap but subject to service interruptions.”

Under his NSF stimulus grant, Cox will be able to pay Shakimov and Liu for three years and fund some of his own work to explore those options. Other AT&T Labs research participants besides Caceres are Alexander Varshavsky and Kevin Li. Amazon is also providing equipment support.

“The research will point in a couple of directions,” he said. “Can we get a desktop machine to intelligently switch over to a cloud? Can we reduce the cost by only using a cloud when the desktop is not available?”

Or perhaps the same information can be put in a number of places in the hope that at least one of those computers is always working. “So in addition to serving my own stuff I might ask my friends to serve my stuff as well,” Cox said.

“The problem there is that now you’re trusting somebody else to serve and store your data. We have some interesting challenges ahead.”

###

Storage Networking Industry Association in the cloud

Cloud computing is moving beyond buzzword status and entering the realm of the wide-release meme. You’re going to hear “cloud” all over the place, and get hit with cloud computing opinions from people who effectively have no clue what they’re talking about.

Projects like these should help quantify and define this tech movement.

From the link:

The Storage Networking Industry Association (SNIA) announced today the formation of the Cloud Storage Initiative (CSI) in order to establish a lexicon of cloud-computing terminology, publish use cases, white papers and technical specifications, and to create reference implementation models for grid-storage architectures.

The CSI will coordinate and deliver educational materials for cloud storage vendors and user communities. The organization also plans to perform market outreach highlighting the virtues of cloud storage. The group is developing a single specification as part of its efforts. The Cloud Data Management Interface (CDMI) will be an application programming interface to which vendors can write management software that will allow interoperability between heterogeneous cloud storage offerings, according to Wayne Adams, SNIA’s chairman emeritus. The SNIA made the announcement at the Storage Networking World conference, which is co-sponsored by Computerworld .

Cybersecurity and cloud computing

There are many pitfalls out there vis-a-vis security and privacy and cloud computing. Both enterprise and individuals should approach cloud computing methodically and really put some thought into what data goes into the cloud.

From the link:

The best defense against data theft, malware and viruses in the cloud is self defense, researchers at the Hack In The Box (HITB) security conference said. But getting people to change how they use the Internet, such as what personal data they make public, won’t be easy.

Also from the link:

Access to personal data on the cloud from just about anywhere on a variety of devices, from smartphones and laptops to home PCs, shows another major vulnerability because other people may be able to find that data, too.

“As an attacker, you should be licking your lips,” said Haroon Meer, a researcher at Sensepost, a South African security company that has focused on Web applications for the past six years. “If all data is accessible from anywhere, then the perimeter disappears. It makes hacking like hacking in the movies.”

Pentagon’s cloud computing availability claim off …

… by a thousandth of one percent. That ’s some retraction.

From the link:

Days after claiming 99.999% availability for its newcloud computing service, a U.S. Defense Department spokesman says he misspoke and meant to say the agency is achieving 99.99% availability instead.

Cloud computing in D.C.

CIO.com carried two stories today on cloud computing in Washington. The first covers a cloud computing conference in D.C. going on this week, and the second covers an endorsement of cloud computing by the CIA for internal use.

From the second link:

One of the U.S. government’s strongest advocates of cloud computing is also one of its most secretive operations: the Central Intelligence Agency. But the CIA has adopted cloud computing in a big way, and the agency believes that the cloud approach makes IT environments more flexible and secure.

Jill Tummler Singer, the CIA’s deputy CIO, says that she sees enormous benefits to a cloud approach. And while the CIA has been moving steadily to build a cloud-friendly infrastructure — it has adopted virtualization, among other things — cloud computing is still a relatively new idea among federal agencies.

“Cloud computing as a term really didn’t hit our vocabulary until a year ago,” said Singer.

But now that the CIA is building an internal cloud, Singer sees numerous benefits. For example, a cloud approach could bolster security , in part, because it entails the use of a standards-based environment that reduces complexity and allows faster deployment of patches.

“By keeping the cloud inside your firewalls, you can focus your strongest intrusion-detection and -prevention sensors on your perimeter, thus gaining significant advantage over the most common attack vector, the Internet,” said Singer.

IBM throws down a cloud gauntlet

By undercutting Google’s  business email service at $36 a year against Google’s $50 annual rate. IBM, old and hoary as it might be, has a strong track record for supporting enterprise-level applications, and a strong case on the difference between consumer and enterprise support — a serious cloud computing issue – but at the end of the day I don’t see Big Blue cutting too far into Google’s expanding empire.

From the link:

Without providing specifics, Google says its corporate users now number in the “hundreds of thousands.” Some companies, including Fairchild Semiconductor International Inc., switched from IBM’s premium e-mail service that costs substantially more than Web-based e-mail.

Now, IBM is counter-punching. IBM thinks the timing for its e-mail alternative is ideal, given that Google’s service suffered a highly publicized outage that locked out corporate customers for nearly two hours last month.

“Candidly, Google has shown itself to be weak” in some areas of e-mail, said Sean Poulley, an IBM executive overseeing the company’s e-mail service. “There is a world of difference between supporting a consumer-grade service and a business-grade service.”

Cloud computing and security

An interesting overview from Bill Brenner at CIO.com.

From the link, the conclusion:

Having said that, I also agree with Mike Versace that we should offer some basic approaches that ease the learning curve and ask some basic questions. The approach that I’ve been using is what I coined RAIN, which is just a plain old tried-and-true planning and analysis approach with emphasis on interfacing.

• (R)equirement: understand your business requirements, and derive technical, non-technical, regulatory and security requirements.
• (A)nalysis: from your requirements, analyze what tasks or services you want to or can outsource, and clearly define which party is responsible for which tasks, to reduce confusion and conflict later; perform risk analysis, especially with respect to cloud connectivity, mutli-tenancy, local data privacy regulations (of your providers), and business continuity.
• (I)nterface: clearly define system and human interfaces. Who and how to contact providers for services or problems? What API or webpages to use and how, what the returned result should look like? The more interfaces/touch points, the higher the risk for breakages or problems.
• e(N)sure – verify and ensure services are performed according to agreements. (Validate and boundary) Test the results sent from providers to ensure that they are in the correct formats and are what you expected; audit or pen test services; perform practice runs with your providers.

This is nothing new or fancy, but I’ve witnessed light-bulb moments without glassy eyes when I explained cloud computing challenges with this approach.

In more cloud computing news today, here’s Technology Review and CIO.com on Amazon’s cloud services.

Beating denial of service attacks

Interesting cyber security research.

The release:

Denial of service denial

New filtering system could protect networks from zombies

A way to filter out denial of service attacks on computer networks, including cloud computing systems, could significantly improve security on government, commercial, and educational systems. Such a filter is reported in the Int. J. Information and Computer Security by researchers from Auburn University in Alabama.

Denial of Service (DoS) and distributed Denial of Service (DDoS) attacks involve an attempt to make a computer resource unavailable to its intended users. This may simply be for malicious purposes as is often the case when big commercial or famous web sites undergo a DDoS attack. However, it is also possible to exploit the system’s response to such an attack to break system firewalls, access virtual private networks, and to access other private resources. A DoS attack can also be used to affect a complete network or even a whole section of the Internet.

Commonly, attack involves simply saturating the target machine with external internet requests. In the case of a DDoS attack the perpetrator recruits other unwitting computers into a network and uses a multitude of machines to mount the attack. The result is that the resource, whether it is a website, an email server, or a database, cannot respond to legitimate traffic in a timely manner and so essentially becomes unavailable to users.

Methods for configuring a network to filter out known DoS attack software and to recognize some of the traffic patterns associated with a mounting DoS attack are available. However, current filters usually rely on the computer being attacked to check whether or not incoming information requests are legitimate or not. This consumes its resources and in the case of a massive DDoS can compound the problem.

Now, computer engineers John Wu, Tong Liu, Andy Huang, and David Irwin of Auburn University have devised a filter to protect systems against DoS attacks that circumvents this problem by developing a new passive protocol that must be in place at each end of the connection: user and resource.

Their protocol – Identity-Based Privacy-Protected Access Control Filter (IPACF) – blocks threats to the gatekeeping computers, the Authentication Servers (AS), and so allows legitimate users with valid passwords to access private resources.

The user’s computer has to present a filter value for the server to do a quick check. The filter value is a one-time secret that needs to be presented with the pseudo ID. The pseudo ID is also one-time use. Attackers cannot forge either of these values correctly and so attack packets are filtered out.

One potential drawback of the added layer of information transfer required for checking user requests is that it could add to the resources needed by the server. However, the researchers have tested how well IPACF copes in the face of a massive DDoS attacks simulated on a network consisting of 1000 nodes with 10 gigabits per second bandwidth. They found that the server suffers little degradation, negligible added information transfer delay (latency) and minimal extra processor usage even when the 10 Gbps pipe to the authentication server is filled with DoS packets. Indeed, the IPACF takes just 6 nanoseconds to reject a non-legitimate information packet associated with the DoS attack.

###

“Modelling and simulations for Identity-Based Privacy-Protected Access Control Filter (IPACF) capability to resist massive denial of service attacks” in Int. J. Information and Computer Security, 2009, 3, 195-223

Google blackout bad omen for cloud computing?

Incidents like Google’s outage are exactly what gives me qualms about cloud computing. I had a pretty dodgy DSL line for a while and every time it was down for any amount of time I was a train wreck. If I was busy at the time it was even worse since I work out of a home office. I know for a fact I lost at least one contract because my service was out for an afternoon.

Thinking about going total cloud makes me imagine that scenario jacked up a few orders of magnitude. If your documents are in the cloud any outage takes them away. Running a cloud operating system? A blackout means a black desktop.

Anyone who runs a business using Gmail for a primary email and Google Apps for document storgage was totally shut down Tuesday afternoon.

Cloud computing definitely has some serious kinks to work out before it’s a serious option for real-world application.

From the link:

What have we learned from Google’s latest outage? That 99.9 percent uptime doesn’t matter during the other one-tenth of one percent.

Yesterday’s outage was not Google’s first. They don’t happen very often, but they do happen often enough that anyone seriously considering Google for cloud computing ought to think again.

Gmail is the core of the Google Apps suite that is targeting Microsoft Office. Imagine Google does that successfully and tens, maybe hundreds of millions of users’ connected offices go offline simultaneously due to some Google glitch.

(My colleague Ian Paul agrees that the outage casts a dark cloud over cloud computing).

That prospect ought to be enough for sensible people to let others enjoy Google’s growing pains. Which is also why Gmail and Google Apps users are wise to retain other ways of getting their work done. But, if we can’t rely on Google Apps, why are we using them?

Intro to DaaS

Just when you were getting used to cloud computing and SaaS (software-as-a-service), along comes another buzzy tech player — data-as-a-service, or DaaS.

From the link:

Unfortunately, the business world has given this baby a jargony name: Data as a Service, or its diminutive, DaaS. It rhymes with SaaS, its better-known cousin that stands for Software as a Service. SaaS is the catchall name for on-demand software applications like those on an iPhone. DaaS, in contrast, recognizes that software is becoming a commodity; it’s data mixed with software that’s king.

Quantum computing — a breakthrough and a warning

The potential power of quantum computing is astonishing, and a lot of research is going into creating quantum computers. Of course there’s always a dark side to anything — a quantum computer that realizes the full potential of the technology will also render current security and encryption obsolete overnight.

This post is a about a breakthrough involving the building blocks of matter and how that adds to quantum computing research, and also a cautionary tale from a researcher who is preparing for the security needs when the first quantum computer arises.

First the warning:

So far, so good, despite an occasional breach. But our security and our data could be compromised overnight when the first quantum computer is built, says Dr. Julia Kempe of Tel Aviv University’s Blavatnik School of Computer Science. These new computers, still in the theoretical stage, will be many times more powerful than the computers that protect our data now.

Laying the groundwork to keep governments, companies and individuals safe, Dr. Kempe is working to understand the power of quantum computers by designing algorithms that fit them. At the same time, she is figuring out the limits of quantum computers, something especially important so we can build safety systems against quantum hackers.

“If a very rich person worked secretly to fund the building of a quantum computer, there is no reason in principle that it couldn’t be used for malevolent power within the next decade,” she says. “Governments, large corporations, entrepreneurs and common everyday people will have no ability to protect themselves. So we have to plan ahead.”

And now the breakthrough:

Discovery about behavior of building block of nature could lead to computer revolution

A team of physicists from the Universities of Cambridge and Birmingham have shown that electrons in narrow wires can divide into two new particles called spinons and a holons.

The electron is a fundamental building block of nature and is indivisible in isolation, yet a new experiment has shown that electrons, if crowded into narrow wires, are seen to split apart.

The electron is responsible for carrying electricity in wires and for making magnets. These two properties of magnetism and electric charge are carried by electrons which seem to have no size or shape and are impossible to break apart.

However, what is true about the properties of a single electron does not seem to be the case when electrons are brought together. Instead the like-charged electrons repel each other and need to modify the way they move to avoid getting too close to each other. In ordinary metals this does not usually make much difference to their behaviour. However, if the electrons are put in a very narrow wire the effects are exacerbated as they find it much harder to move past each other.

In 1981, physicist Duncan Haldane conjectured theoretically that under these circumstances and at the lowest temperatures the electrons would always modify the way they behaved so that their magnetism and their charge would separate into two new types of particle called spinons and holons.

The challenge was to confine electrons tightly in a ‘quantum wire’ and bring this wire close enough to an ordinary metal so that the electrons in that metal could ‘jump’ by quantum tunneling into the wire. By observing how the rate of jumping varies with an applied magnetic field the experiment reveals how the electron, on entering the quantum wire, has to fall apart into spinons and holons. The conditions to make this work comprised a comb of wires above a flat metal cloud of electrons. The Cambridge physicists, Yodchay Jompol and Chris Ford, clearly saw the distinct signatures of the two new particles as the Birmingham theorists, Tim Silk and Andy Schofield, had predicted.

Dr Chris Ford from the University of Cambridge’s Cavendish Laboratory says, ‘We had to develop the technology to pass a current between a wire and a sheet only 30 atomic widths apart.

‘The measurements have to be made at extremely low temperatures, about a tenth of a degree above absolute zero.

‘Quantum wires are widely used to connect up quantum “dots”, which may in the future form the basis of a new type of computer, called a quantum computer. Thus understanding their properties may be important for such quantum technologies, as well as helping to develop more complete theories of superconductivity and conduction in solids in general. This could lead to a new computer revolution.’

Professor Andy Schofield from the University of Birmingham’s School of Physics and Astronomy says, ‘The experiment to test this is based on an idea I had together with three colleagues almost 10 years ago. At that time the technology required to implement the experiment was still a long way off.

‘What is remarkable about this new experiment is not just the clarity of the observation of the spinon and holon, which confirms some earlier studies, but that the spinon and holon are seen well beyond the region that Duncan Haldane originally conjectured.

‘Our ability to control the behaviour of a single electron is responsible for the semiconductor revolution which has led to cheaper computers, iPods and more. Whether we will be able to control these new particles as successfully as we have the single electron remains to be seen. What it does reveal is that bringing electrons together can lead to new properties and even new particles.’

 ###

 Notes to Editors

1. The paper is published in Science 10.1126/science.1171769 at http://dx.doi.org/10.1126/science.1171769

2. The experiment was performed in Cambridge’s Cavendish Laboratory with theoretical support from scientists at the University of Birmingham’s School of Physics and Astronomy.

Cloud computing and Wall Street

Looks like IT tight budgets at financial firms are the rubber and cloud computing is the new road.

From the link:

Can new technology initiatives help pull Wall Street out of the danger zone? A new survey released by IBM and Securities Industry and Financial Markets Association (SIFMA) finds that IT budgets are tight on Wall Street, but things are loosening up, and there’s going to be plenty of demand for new technology initiatives in the near future as firms on the Street look to “transformational” solutions to help better manage risk.

The survey of more than 350 Wall Street IT professionals found a “significant” increase in interest in new technologies and computing models, in particular cloud computing, as firms seek to overcome budgetary restrictions and skills shortages. Almost half of the respondents now see cloud computing as a disruptive force.

The past year has seen marked growth interest in cloud computing. The number of respondents predicting that cloud computing would force significant business change more than doubled (from 21% in 2008 to 46% in 2009), making it the top disruptive technology, ahead of operational risk modeling and mobile technologies.

Major initiatives underway at most Wall Street firms include enhancing electronic trading tools (69%), improving data capacity and bandwidth (58%), and improving technology framework and infrastructure
(58%). It can be assumed that the last item includes SOA efforts.

Amazon and cloud computing

Did you know Amazon is in the cloud computing outsourcing business? Me either. Looks like the books and products e-tailer is now offering outsourcing for “a storage service, a compute service, a database service, a messaging service and a payment service.”

Overreach away from a core competency or a great business idea to leverage internal knowledge?

Cloud computing and accounting

Now there’s a header I didn’t expect to be typing anytime soon. A coupling of one of the buzziest of tech buzzwords going and bean counting. Who knows, maybe the two go together like butter and toast. It’s going to be interesting to watch and see how much of cloud computing is just a lot of hot (and in this case opaque) air, and how much turns into real world applications. For the record, I’m not certain some of the actual applications cited in this article truly relate to current concept of cloud computing.

From the link:

Cloud-based computing is an extension of SaaS. Rather than hosting the client and their data on a specific fixed server, the application provider often has multiple servers in multiple locations, and a user can be actually operating on different computers every time they call.

According to Dr. Chandra Bhansali, chief executive of Hauppauge, N.Y.-based AccountantsWorld, one of the earliest providers of Web-based accountant-oriented applications, “This is the time where accountants are starting to see the promise of cloud computing. The most important benefit the Internet brings is collaboration. There is no other profession where the client works so closely with the service provider.”

A FIT FOR SMALL BIZ

The burgeoning remote trend has become especially appealing to small businesses that often lack the IT resources of their larger counterparts.

For Penny Banker-Mertz, EA, proprietor of Penny Banker Tax & Financial in Bay City, Texas, being able to work remotely, and with clients that also sometimes need the same remote capability, is a big plus. She uses AccountantsWorld’s Accounting Relief product. “I can review accounting from anywhere I have a high-speed connection. I don’t have to be tied to my office. Some of my clients who are also self-employed like this feature as well.”

Cloud computing and business

I’ve done plenty of blogging about cloud computing in the past and here are two more links on the topic. First up is a BusinessWeek breakdown on how cloud computing will change business and next is the thoughts of Microsoft’s chief software architect, Ray Ozzie, on cloud computing.

From the BusinessWeek link:

In 1990, in a keynote speech at the Comdex computer conference, Microsoft’s (MSFT) then-chief executive, Bill Gates, bolstered his bona fides as a tech visionary when he declared the PC industry would produce advances within a few years that would put information at people’s fingertips. To get there, Gates said, the world needed three things: a more “personal” personal computer, more powerful communications networks, and easy access to a broad range of information. Sometimes visionaries are right on the vision but off on the timing.

Only now is Gates’ grand vision finally becoming a reality for businesses. While pieces of what he had in mind have been available for years, they typically were expensive and difficult to set up and use. Now that more personal PC is here in the form of smartphones and mini-laptops, and broadband wireless networks make it possible for people to be connected almost anytime and anywhere. At the same time, we’re seeing the rise of cloud computing, the vast array of interconnected machines managing the data and software that used to run on PCs. This combination of mobile and cloud technologies is shaping up to be one of most significant advances in the computing universe in decades. “The big vision: We’re finally getting there,” says Donagh Herlihy, chief information officer of Avon Products (AVP). “Today, wherever you are, you can connect to all the information you need.”

And here’s Microsoft’s Ray Ozzie:

Ray Ozzie, Microsoft’s Chief Software Architect and the guest speaker at last night’s dinner (Techmeme), said the company wasn’t necessarily talking or thinking about the cloud when he came on board as part of the acquisition of his company, called Groove Networks, in 2005. When it came time to start offering a new way of thinking about the cloud and software, the approach came slowly. At the event, he said:

In any large organization, the government, the military, Wal-Mart, Microsoft, change of management is a challenge. You cannot effect change by mandate. You can’t say this is the way it’s gonna be and everyone snaps.

Speaking at any event where the topic has to do with cloud computing means that you inevitably are asked to define cloud computing. Clearly, Ozzie must have given a lot of thought to a definition for the cloud but he actually may have given it too much thought. While not quite as babbling as Sen. Ted Stevens’ explanation of how the Internet works (remember the “series of tubes?”), Ozzie’s definition of cloud computing was definitely worthy of a “huh?” head shake.

…self-service on-demand way of accessing resources with a virtualized abstraction that is relatively homogeneous

Wow. That’s a mouthful. But it also goes to show that even someone like the Chief Software Architect at Microsoft struggles with a way to define the cloud. Still, he spoke highly of the work that Microsoft does in the cloud environment, as well as on the client side, to meet the changing needs of all types of customers, from consumers to large enterprise.

Cloud computing not ready for prime time

A fact pounded home by Google’s recent problems with outages and malicious links in search results.

Here’s a CIO.com article on cloud computing and why a slow and steady approach is best:

These are troubling events that illustrate just how perilous the cloud can be. But don’t believe those who suggest this is a new threat. It merely validates the security concerns smart people have been raising for a very long time.

One of the people I trust on this issue is Chris Hoff, whose recent cloud security talk at SOURCE Boston attracted a crowd that included security luminaries like Dan Geer [ CSO podcast interview with Geer] and Marcus Ranum.

Hoff has warned repeatedly that companies are moving too fast on cloud computing without truly understanding what it’s about first. ["This love affair with abusing the amorphous thing called 'THE Cloud' is rapidly approaching meteoric levels of asininity," he told me in one interview.]

Another voice I trust on the issue is Ariel Silverstone, a veteran of the Israeli Defense Forces with experience in physical and information security who regularly contributes to information technology certification exams and to newspapers, magazines and online publications like CSOonline.

In his latest CSO column [ Cloud Security: Danger (and Opportunity) Ahead] Silverstone noted that the breathtaking pace of cloud computing adoption demands that the technology evolve with stronger security woven into the architecture.

“We approach quickly the point in which the amount of data and of processing in the cloud will be not only unmanageable but also pose a security and related privacy risk to the users of the data, and to people who the data concerns,” he wrote.

Search and seizure and data centers

This ought to be troubling for anyone storing data anywhere other than a drive in their possession. Hopefully you’d at least be backed-up somewhere in your possession, but the idea your data could be indefinitely seized and pored over by the authorities should be very chilling. And as the article mentions, should be a significant aspect of the the cloud computing argument.

From the link:

The FBI’s target in the data center raid—one of five seizures conducted that day—is simply listed as Cabinet 24.02.900 in the affidavit and search warrant.

Cabinet 24.02.900 allegedly held the computers and data used to serve voice-over-IP clients for the companies at the center of the case. Yet, it was also home to the digital presence of dozens of other businesses, according to press reports. To LiquidMotors, a company that provides inventory management to car dealers, the servers held its client data and hosted its managed inventory services. The FBI seizure of the servers in the data center rack effectively shut down the company, which filed a lawsuit against the FBI the same day to get the data back.

“Although the search warrant was not issued for the purpose of seizing property belonging to Liquid Motors, the FBI seized all of the servers and backup tapes belonging to Liquid Motors, Inc.,” the company stated in its court filing. “Since the FBI seized its computer equipment earlier today, Liquid Motors has been unable to operate its business.”

The court denied the company’s attempt to get its data back, but the FBI offered to copy the data to blank tapes to help the company restart its services, according to a report in Wired.

The incident has worried IT managers, especially those with a stake in cloud computing, where a company’s data could be co-mingled with other businesses’ data on a collection of servers.

“The issue, I think, is one of how search and seizure laws are being interpreted for assets hosted in third-party facilities,” James Urquhart, manager of Cisco Systems’ Data Center 3.0 strategy, said in a recent blog post. “If the court upholds that servers can be seized despite no direct warrants being served on the owners of those servers—or the owners of the software and data housed on those servers—then imagine what that means for hosting your business in a cloud shared by thousands or millions of other users.”

Web 2.0 government

Looks like the nation’s first CIO is looking to make some needed changes around D.C. I particularly like the idea of a data.gov site with open format access to U.S. government information and documents. Bring the government of the people back to the people.

From the link:

The U.S. government’s first CIO, Vivek Kundra, introduced himself Thursday as someone who will act aggressively to change the federal government’s use of IT by adopting consumer technology and ensuring that government data is open and accessible.

Kundra also wants to use technology such as cloud computing to attack the government’s culture of big-contract boondoggles and its hiring of contractors who end up “on the payroll indefinitely.”

Kundra, in a conference call Thursday with reporters shortly after President Barack Obama named him as federal CIO said one of his first projects is to create a data.gov Web site to “democratize” the federal government’s vast information treasures by making them accessible in open formats and in feeds that can be used by application developers.

“How can we leverage the power of technology to make sure the country is moving in the right direction?” asked Kundra, stressing that his ambition is to “revolutionize technology in the public sector.”

Kundra was expansive about his tech goals and critical of the government’s contracting record for IT projects that “frankly haven’t performed well,” saying there have been few consequences for failures.

90 things to watch in 2009

A list for the coming year from JWT, the advertising agency. To tell the truth, this list looks a tad random to me.

The release:

Ninety Things to Watch in 2009

JWT’s Annual List Includes Pisco Sours, Inconspicuous Travel and the Collective Consciousness

NEW YORK, Dec. 26 /PRNewswire/ — JWT, one of the largest advertising agencies in the world, today released its list of 90 things to watch in 2009.

“Our list points to the broader trends we’re seeing, showing the ways in which these shifts will manifest in our everyday lives,” says Ann Mack, director of trendspotting at JWT.

Among these shifts, the recession will make the biggest impact, says Mack. “A lot of what to watch in 2009 relates to consumers’ adaptation to the economic situation, from ‘affordable nutrition’ to ‘more under one roof,’” notes Mack.

JWT’s list of 90 Things to Watch in 2009 (unranked and in alphabetical order):

  1. 21st-Century Networking
  2. Affordable Nutrition
  3. Amy Poehler
  4. Apatow-esque Humor
  5. Bruno
  6. Building a Beauty Arsenal
  7. Buraka Som Sistema
  8. Career Reinvention and Extension
  9. Chat-Avoidance Services
  10. The Cleveland Show
  11. Cloud Computing
  12. The Collective Consciousness
  13. Creativity in the Informal Economy
  14. Credit Card Dieting
  15. Crowdfunding
  16. The Decline of E-Mail
  17. Distraction as Entertainment
  18. DIY Repairs and Renovations
  19. Doha
  20. Dragonball
  21. EarthRoamer
  22. Electric Bikes
  23. Elizabeth Banks
  24. Emma Stone
  25. The Energy Race
  26. Environmental Exercise
  27. Family-Friendly TV
  28. Freebies
  29. Gerard Butler
  30. Girl Talk
  31. Giving Circles
  32. Gluten-Free
  33. Good Old-Fashioned Cooking
  34. Graphic Novels Hit Hyperdrive
  35. The Green-Collar Class
  36. hi5
  37. Holographic Projection
  38. Home as Castle
  39. HomeAway
  40. Homemade Beauty Treatments
  41. How to Talk to Girls
  42. Incognito luxury
  43. Inconspicuous Travel
  44. Innocent Cosmetics
  45. Lady GaGa
  46. Lala.com
  47. Lance Armstrong
  48. Lykke Li
  49. Maria Pinto
  50. Marketing with Aromas
  51. Michelle Obama
  52. Microfinancing’s Second Wave
  53. Mobile Phones Get Personal
  54. More Under One Roof
  55. NASA’s Kepler Telescope
  56. Netbooks
  57. Noor
  58. No “Paper” in Newspapers
  59. Nutrition Replaces Dieting
  60. Obama-speak
  61. ODO7
  62. Online TV Network Crackle
  63. Online Video Ads
  64. Outliers (as a term)
  65. Palin’s Grandson
  66. Personalized Travel Guides
  67. Pisco Sours
  68. Presidential Sightseeing
  69. Prince William Wedding Watch
  70. Product Source Tags
  71. Radical Transparency Meets Genomics
  72. Readers + Social Media = Revenue?
  73. Residential Market for Solar Power
  74. Ricky Rubio
  75. Russell Brand
  76. Safe-keeping
  77. The Small Movement
  78. Smart Garages
  79. South Africa
  80. Stuart Karten
  81. Sustainable Fishery
  82. T. Boone Pickens
  83. Telepresence
  84. Touch Screens
  85. Twitter Copycats
  86. Virtual Reality Therapy
  87. Virtual Socializing
  88. Widgets
  89. Wikileaks
  90. Xbox Streaming

  About JWT

JWT is the world’s best-known marketing communications brand. Headquartered in New York, JWT is a true global network with more than 200 offices in over 85 countries employing nearly 10,000 marketing professionals.

JWT consistently ranks among the top agency networks in the world and continues its dominant presence in the industry by staying on the leading edge — from producing the first-ever TV commercial in 1939 to developing award-winning branded content for brands such as Freixenet, Ford and HSBC.

JWT’s pioneering spirit enables the agency to forge deep relationships with clients including Bayer, Cadbury, Diageo, DTC, Ford, HSBC, Johnson & Johnson, Kellogg’s, Kimberly-Clark, Kraft, Nestle, Nokia, Rolex, Schick, Shell, Unilever, Vodafone and many others. JWT’s parent company is WPP (NASDAQ:WPPGY).

Cloud computing brings security benefits

I’ve blogged on cloud computing before and this Technology Review article suggests the concept might be the best way to keep PCs virus-free.

From the second link:

Most people know better than to connect a computer to the Internet without first installing up-to-date antivirus software. But even the best software protection won’t catch every new virus, and performing a thorough system scan can require plenty of processor power, slowing some computers to a crawl.

New research from the Universityof Michigan suggests that computers could be better protected from viruses without sacrificing performance if antivirus software were moved from the PC to “the cloud”–a collection of servers that work seamlessly as one powerful machine. Using this approach, researchers found that they could detect 35 percent more recent viruses than a single antivirus program (88 percent compared with 73 percent). Moreover, using the distributed software, called Cloud AV, they caught 98 percent of all malicious software, compared with 83 percent, on average, for a single antivirus solution.

Zoho, Google and Microsoft

This CIO.com story on Zoho is first I’ve heard of the software firm. It’s interesting because it’s taking a different approach to breaking into the big leagues. Zoho’s in the software as a service (SaaS) space, so its key competitors include Google and Microsoft.

(Total aside, if you’re reading much of the IT media world right now, SaaS comes up almost as often as cloud computing.)

An excerpt from the first link:

Here’s an interesting strategy for a new software company: create applications that place you squarely in the competitive sights of Google and Microsoft, bypass venture capital funding, and rebuff an acquisition offer from Salesforce.com, the surging software as a service (SaaS) company that delivers its products over the Web

That’s been the exact path of Zoho, a SaaS company launched in 2005 that offers a wide range of online software, including e-mail, a word processor, spreadsheets, wikis, and even a customer relationship management application that it sells to sales and marketing departments. In all, Zoho sells 17 productivity and collaboration apps, all for prices that, by traditional software standards, are dirt cheap.

For the whole lot of Zoho’s business applications, it costs a mere $50 per user per year (the same price that Google asks large enterprises for its Google Apps software). By contrast, the Professional Version of Microsoft Office, the popular software found on workstations throughout most of the corporate world, retails for as high as $499, the same price as some personal computers on the shelf at Wal-Mart.

A cloud computing backgrounder

If you’ve been reading any info tech media lately I’m sure you’ve at least come across the hottest buzzword around — cloud computing.

CIO.com has a fairly comprehensive article titled “Demystifying Cloud Computing.” It’s a great place to start to learn more about the topic.

From the link:

Welcome Cloud Computing

Staten describes the concept as “a pool of abstracted, highly-scalable, and managed compute infrastructure capable of hosting end-customer applications and billed by consumption.”

Simply put, cloud computing is the next generation model of computing services. It combines the concepts of software being provided as a service, working on the utility computing business model, and running on grid or cluster computing technologies. Cloud computing aims to leverage supercomputing power, which can be measured in tens of trillions of computations per second, to deliver various IT services to users through the Web.

In his report, Staten refers to cloud computing as a service delivery platform, which is built on the same basic fundamentals of traditional hosting or SaaS. The building blocks of cloud computing, he says, that take the concept beyond conventional forms of IT service delivery models are:

– A prescripted and abstracted infrastructure. Fundamental to the cloud computing model is standardization of infrastructure and abstraction layers that allow the fluid placement and movement of services. It starts with a flat implementation of scale-out server hardware that, for some clouds, serves as both compute and storage infrastructure (others are leveraging SAN storage). Their infrastructure enables the cloud and is decided upon solely by the cloud vendor; customers don’t get to specify the infrastructure they want — a major shift from traditional hosting.

– Fully virtualized. Nearly every cloud computing vendor abstracts the hardware with some sort of server virtualization. The majority employ a hypervisor to keep costs low. Some have solutions that span virtual and physical servers via another middleware element, such as a grid engine.

– Equipped with dynamic infrastructure software. Most clouds employ infrastructure software that can easily add, move, or change an application with very little, if any, intervention by cloud provider personnel.

– Pay by use. Most clouds charge by actual use of resources in CPU hours, gigabits (Gbs) consumed, and gigabits per second (Gbps) transferred, rather than by a server or with a monthly fee. Their pricing is compelling.

– Free of long-term contracts. Most cloud vendors let you come and go as you please. The minimum order through XCalibre’s FlexiScale cloud, for example, is one hour, with no sign-up fee. This makes clouds an ideal place to prototype a new service, conduct test and development, or run a limited-time campaign without IT commitments.

– Application and OS independent. In most cases, the architectures of clouds support nearly any type of app a customer may want to host as long as it does not need direct access to hardware or specialized hardware elements. Cloud vendors told say there’s nothing about their infrastructures that would prevent them from supporting any x86-compatible OS.

– Free of software or hardware installation. You tap into a cloud just as you would any remote server. All you need is a log-in. There’s no software or hardware requirement at the customer end nor the need for specialized tools.

Update 8/11/08 — More on cloud computing from AccountantsWorld.com. I don’t if it’s just the IT updatesI receive or not, but it seems I can’t turn around without hearing something about cloud computing right now.

Update number 2 from 8/11 — See what I mean? Here’s another CIO.com article, this time featuring Dell. It appears the Texas-based computer company tried to copyright the term “cloud computing,” that effort has hit some Fed roadblocks. Dell does own www.cloudcomputing.com.