The Machine Stops

Archive for February, 2008

The Machine Stops

Posted by

The BlackBerry network went down today. The outage lasted about three hours. Roughly speaking, that’s about three hundred messages, blog posts, and feed updates. I got nothing. Nothing at all. Nothing to read, nothing to learn, nothing to think about. The silence was deafening.

Yet silence did give me time to think. In our cybercentric society, connectivity is our lifeblood. Being disconnected brings a weird bloodless feeling. It reminded me of some stories I had read about the dystopian future, where mankind becomes overly dependent upon technology. What would I do if the BlackBerry network stayed disconnected?

Just as I had this thought, the connectivity picked back up. Feeds poured into my device. A hundred voices asked: have you had any ideas lately?

Back to the machine.

Motive, Expertise, Opportunity

Posted by

The ongoing criminalization of network attacks is one of the top security concerns we face today. The breaking and entering into computer networks has become a billion dollar global industry. Yesterday’s script kiddies are fast being replaced by organized gangs with the time and resources to carry out ever sophisticated attacks.

Yet there is a lag in the public’s awareness of this change, which is another security concern. It is taking quite a while for people to develop the Internet equivalent of street smarts. That goes for everyone, mind you, from the front desk receptionist to the back office network administrator. People still make decisions that put them at the mercy of online criminals.

Of course, the relative low quality of software only helps the criminals. There are plenty of vulnerabilities waiting to be exploited. Add to this that some security technology for sale is blatantly broken (like the secure hard drive this week that turned out to be encoded rather than encrypted, XOR rather than AES). All this serves to give the criminals plenty of opportunities to do what they do best.

Now this post paints a bleak picture, to be sure. But I see it as more of a call to arms. There are lots to be done in this field to get the Internet in order.

Using Worms for Patching

Posted by

New Scientist has posted the article Friendly ‘worms’ could spread software fixes. Bruce Schneier has posted his thoughts. “Patching other people’s machines without annoying them is good; patching other people’s machines without their consent is not. A worm is not ‘bad’ or ‘good’ depending on its payload. Viral propagation mechanisms are inherently bad, and giving them beneficial payloads doesn’t make things better. A worm is no tool for any rational network administrator, regardless of intent.”

I agree that consent must be obtained before installing software. Yet this was one article in which I found myself disagreeing with Schneier. I get the impression that he, like so many others, are commenting without actually reading Milan Vojnovic’s work.

 

Does Vojnovic explicitly address permission? Not that I see. The focus is on rapid distribution. The key here is to build a system upon the mechanisms that worms use. Alright, so forget the sensitive term “worm”. Let us call this a distributed software delivery agent.

Such a distributed software delivery could be protected in many ways. A client side agent could provide a mechanism for the end-user to approve or deny the software package. The package itself could be code signed to mitigate tampering. Furthermore, in corporate environments, the package could come with a Kerberos ticket authorizing its distribution.

The last protection is an important one. It is not really the consent of the user that matters in corporate environments. It is the consent of the owner as delegated to the system administrator. The longer it takes the administrator, the greater the exposure is to the threat. It is difficult to patch organizations that are large, complex, subnetted, and have multiple sites. Using this distributed software delivery mechanism directly addresses these large vulnerable businesses.

Why not use a worm’s techniques to build a legitimate delivery mechanism?

Out and About: Storage Networking World

Posted by

I will be out at the Storage Networking World Conference onApril 7 thru 10. On Tuesday, I am holding a session in the Business Continuity/Data Protection track. The topic is Simplifying Business Continuity Planning using OS and Storage Virtualization. Hope to see you there.

Abstract: This session presents the evolution of disaster recovery. An institution responsible for billions in assets, Munder Capital Management’s information systems must be always available. Munder has been thru several BCP cycles as they went from tape to standby systems, from cold to hot sites. This session delves into the lessons learned from these DR strategies as well as presents their latest: use OS and storage virtualization to completely automate recovery.

German YouTube Videos

Posted by

These crack me up. Who says us Germans don’t know how to have fun?

 

German Sports
http://www.youtube.com/watch?v=Fzt9CGSEn8o&feature=related

 

German Dancing
http://www.youtube.com/watch?v=Oa13vrk_SnI&feature=related

 

German Women
http://www.youtube.com/watch?v=ehN0hbwr1nQ&feature=related

 

German Engineering
http://www.youtube.com/watch?v=cuGu5NfHseg

 

And, of course, VW’s “tuned by German engineers” videos:

http://www.youtube.com/watch?v=cv157ZIInUk

http://www.youtube.com/watch?v=0I0WfnhVs2s

Tiered Storage

Posted by

I have had the luck to work on a number of data storage projects. I have designed, tested, and re-architected San and Nas deployments. (That is, Storage Area Networks and Network Attached Storage.) Raid is always a component of these.

At my current position, we have a Compellent San. The Compellent offers tiered virtual storage.

The way this works is that there are actual Raid devices at various levels (Raid1, Raid5, Raid10). The volumes or virtual hard drives are assigned a Raid level. These virtual volumes are then carved out of the physical Raid devices. You can tier the volume so that frequently accessed data and rarely accessed data are at different Raid levels.

This allows different blocks on a server’s volume to be at Raid5 or Raid10. Why would you want to do this? Well, Raid10 is fast but takes up twice as much raw disk space. Thus you put the speed sensitive storage blocks on Raid10 and the rest on Raid5, maximizing your disk investment.

The Compellents are very cool technology. It came out in 2004, and now the idea has spread to other vendors. Still, they were the first and are our preferred vendor.