Late Summer Impressions

Dresden, September 2008 - webduke pics

Security and Virtual Machines

A lot of rumors are circling around that Virtual Machines (VM) could pose another threat to IT-Systems which use hypervisor-technologies extensively these days. Unfortunately, concrete facts on implementation issues are not available. This discussion is probably a little bit misleading. From the security perspective, Virtual Machines are an approach to realize Access Control on an Operating System level. This comes along with data isolation. Sandboxing is another option but on a higher layer in the application stack. Sure, security is not the main objective when applying solutions based on Virtual Machines. But these objectives, like flexibility and mobility, are topics we should take in account when talking about security in the scope of Virtual Machines. Why is that? Traditional security mechanisms were developed to protect non-virtualized systems (or real hardware in a broader sense). But Virtual Machines (better: systems based on it) behave different. They are mobile and highly dynamic (people do copy, move, switch on, switch off, change ownership), and follow different life-cycle patterns. This is not good news for firewalls, existing policies, access control within the scope of the VM, as well as for forensic analysis. Beside the technical issues, processes are not ready to face these challenges in many cases. Security folks and administrators should be aware of this and must update their instruments (tools, policies).
Other areas of security are affected as well. Cryptography is just one example. I’m gonna cover this fascinating topic in my upcoming posts. And, virtualization has started to exist in the clouds. How is security performing high above us in totally virtualized solutions? Mmmh.

BlackHat 2008 Revisited - this years location

Las Vegas, August 2008 - webduke pics

Web Browser, Web-OS and the Era of Clouds

The discussion about a “Web-OS” is alive and kicking. Some folks might call it Cloud Computing or Cloud*.*. However, new browser products and offline-gadget-frameworks are leading in this direction, and some blogs do emphasize this implicitly. Well, I don’t wanna spoil the party. Don’t get me wrong; I do not question the ideas of delivering software as a service or similar ideas. But my concerns about the underlying technologies like HTTP, HTML, JavaScript, AJAX and others still exist. Even simple applications (in comparison with a Web-OS) in the Web 2.0 environment are prone to security flaws. New threats pop up on a daily basis. Many web applications (> 90 percent) are vulnerable according to serious studies. Mail programs, automatic update services, browser plug-ins, communication services, all this stuff is affected. The Black-Hat 2008 sessions provide a decent overview on what is going wrong. Is this the right foundation to build a “Web-OS” based on? Not sure. In addition a “Web-OS” would increase our dependencies on the availability of the Internet; beside VOIP, television, mainstream Internet-Services and all the other stuff running over IP-Networks. On the other hand, today’s mainstream operating systems are making progress in terms of security, which is good news. Talking about client computing, I remember the times when a company came up with sleek, thin terminals (in blue color), and announced the end of the personal computer. Nothing really happened. Big fat machines (from different vendors running different big fat operating systems) still exist. And this is okay with me (as long as the multi-core issues will be solved). I do prefer a perfect symbiotic solution comprising a powerful and efficient machine and a fast web access with a lot of cool apps running in the clouds. And, I want to process my texts, spreadsheets and other documents locally. All of this should be working in a secure manner. And at the end of the day (when security concerns and paranoia prevail ;-)), I want to unplug the network cable without loosing the capability to work and to access my documents.

Buchempfehlung

Da ich die deutsche Ausgabe gelesen habe, möchte ich diese kleine Buchempfehlung auch in meiner Muttersprache verfassen. Amazon.com: Get Big Fast von Robert Spector beschreibt die Gründerjahre dieser unglaublichen Internetfirma aus Seattle. Wer die verrückten Jahre des Internetbooms miterlebt (und „mitprogrammiert“) hat, dem sei dieses Buch sehr empfohlen. Natürlich sollten es auch alle anderen lesen, die schon immer wissen wollten, was das Besondere an dieser Firma ist und was sie so erfolgreich macht. Eine Frage bleibt dabei offen – was wird Amazon.com in ein paar Jahren sein und womit wird dieser Pionier des E-Commerce, der heute über einzigartige und zukunftsweisende IT-Technologien und Services verfügt, sein Geld verdienen? Wahrscheinlich kann diese Frage nur ein Mann beantworten. Und auch über den gibt es diesem Buch viel zu erfahren.

A Tribute to Jim Gray

acm queue has started to publish a series of articles about computer-pioneer Jim Gray with the May/June issue. In January 2007, Jim Gray left the Bay Area with his sailboat heading for Faralon Islands and was never seen again – a tragic incident. The articles are absolutely worth reading, describing his work and the extraordinary personality of this famous computer scientist.

Ct - Parallel Extensions to C++

Intel has developed extensions to C++ supporting the optimization of serial code to be executed on multi-core processors. The research project is called Ct (t stands for throughput) and comprises language extensions as well as a runtime compiler, threading runtime and memory manager. Different sources on the web emphasize that the design goal to minimize threading/coordination overhead has been met. In comparison with OpenMP, fewer instructions are needed for parallelization.