A friend of mine has just asked my advice: it seems his computer has picked up a virus and he doesn’t know how to get rid of it. When I asked him what he used his computer for, the answer was “just some emails and Ebay, nothing else” (which does beg the question “so how did you get the virus in the first place?”, but let’s just add a pinch of salt to his answer, take him at his word and continue).
My advice to him was to run a full virus scan on his computer, at which point he got a little vague as to whether the virus allows him to start it or not.
In the “old days” a virus could be removed with a virus scan – or just processes killed and files deleted. Things are a lot harder now. I have had viruses that rewrite themselves into various places on disk once I have stopped their processes, removed files, scanned for root kits and not even rebooted! It’s just not cricket. So I know he may be in for a bad time. Seeing as how he uses his PC for so little (and had no issue reinstalling, though he wasn’t sure if he had the Windows CDs, and wasn’t sure what to do to reinstall), if the virus scan does not work for whatever reason then I suspect a reinstall will be his only option (he doesn’t know about safe mode, so manual intervention is out).
I then realised that the mere fact he does so little with his PC puts him in an awesome position to try a new way of computing that will prevent future virus infections: Linux (Ubuntu, to be precise). You can download for free (they will even ship you 5 CDs for a fiver), installation is a breeze and if all you want to do is look at a web site and check some emails, Ubuntu will allow this with no problems, even for those who have only ever seen computing life through a Window. Obviously it will do far more than that (indeed, I would suggest it is a better fit than Windows for 90% of home user needs), but in this particular instance Ubuntu screams out saying “TRY ME!!!”.
I know there is no such thing as a virus free environment, but the fact is that currently the vast majority of Viruses are not for Linux. If he will have to reinstall anyway, I shall cut him a CD and see how that goes for him.
Dave
–
Image credit: Salvatore Vuono
Article first published as Got a Virus? Get the Cure! on Technorati.
August 2nd, 2011
July 27th, 2011
A while ago I decided to stop using Mozilla’s Firefox (version 3, as it was then) as my browser of choice, opting instead for Google’s Chrome (those being the only two valid options, since I wouldn’t touch IE and wasn’t so keen on the smaller offerings). There were a number of reasons for this, most notable the bloat I was finding in Firefox and I preferred Chrome’s minimalist approach. All good then.
Then Firefox 4 came out. I took a cursory look at this and liked what I saw, but here’s the rub: I didn’t switch back from Chrome. Firefox certainly appeared to be moving in the right direction (copying Chrome in many areas, or so it seemed to me) but I had made the switch to Chrome and Firefox hadn’t done enough to woo me back.
This is actually the situation with a lot of software that you can download for free (or for very little) over the internet these days. Once you start using it, there is a natural inertia to changing what you know and trying something new: it’s just too much hassle. Trying something new needs to give you a significant boost in some area you are interested in before it is worth your while suffering the pains of moving. I often wonder if that is the main reason Linux hasn’t yet taken over the world. Of course, when it comes to file sharing, the situation is often compounded by the fact that to move from one file sharing provider to another involves the significant hassle of moving all your data from their cloud to the new provider’s cloud.
I have recently come across some indications that I may switch back to Firefox in the near future. A few sites I have been visiting have had quirks that I merely assumed were to do with the site being poorly programmed. Well, ok, in essence they are, but those quirks have been fixed for me by using Firefox to view them. Leaving aside the obvious “Shame on you, site, for not testing your user experience on Chrome” statement, I do find it interesting that even in these heady days of browser choice and interoperability, there are still marked differences in the end experience offered by browsers.
So now I find myself in a browser limbo, unsure whether to commit to the new Firefox and this unwilling to invest more effort in configuring Chrome to suit my tastes. Literally, the agony of choice.
Dave
–
Image credit: Maggie Smith
Article first published as Browsers and the Agony of Choice on Technorati.
July 14th, 2011
I seem to meet a great deal of ignorance when it comes to the legal side of cloud computing, and this is rather worrying. Jason Bloomberg recently addressed some of these issues in his post, and indeed it has been mentioned elsewhere, but the potential threats and legal ramifications cannot be overstated.
One particular point that I believe gets very little attention is the process of moving customer data across borders. Part of the problem here is that, for example in Europe the law is at best murky and at worst unfit for purpose when it comes to cross border data transfer: it was written in a time when this sort of problem did not need to be considered. With the advent of cloud computing hitting the mainstream, data can – and typically will – jump across a country border faster than an Olympic sprinter and will do so without even a “by your leave”. When an organisation trusts their data to the public cloud, unless they explicitly pay for a bespoke service, that data will reside on some server somewhere with no guarantee of where that server is. Certainly, the provider might say they host the data on the East Coast of the US (which is already outside of the European Union and has thus crossed the border for most), but can it be guaranteed that the data is not backed up somewhere else?
Of course, there are good reasons why the laws have not been firmed up and updated: the situation is incredibly complicated. For example how should data be treated if it originates in a country with very stringent data protection laws but ends up in one with lax data protection laws and then has its protection violated in a way that would contravene the laws of the former but not the latter? There are many suck gotchas that need to be addressed and then ratified in all countries to come up with a coherent plan – I don’t see this happening any time soon.
For this reason, of course, most financial organisations will not use the public cloud at all, realising it is far too risky a proposition. The question thus becomes rather simple: how much risk do you want to take with your clients’ data?
Dave
–
Article first published as Cloud Legalities on Technorati.
Image credit: jscreationzs
July 11th, 2011
I have spoken before about my fear that innocent bystanders public cloud services and data may be put offline or even compromised simply by being unlucky enough to be placed on the same (or even adjacent?) server as that used by someone of interest to the FBI.
Oh dear – looks like that fear is coming true. Part of the allure of the public cloud is that is can sometimes be cheaper than hosting data in-house, and that is achieved by placing many customers data and services on the same physical machine. Thus, your data may be just a few bytes away on disk from any other data – financial accounts, customer lists or pornography. And if the Feds come looking for that data, they will likely just take suspected servers. In that case, if your data or service is hosted on a machine of interest, it becomes unavailable to you or your customers.
The New York Times has now reported that the FBI had just confiscated three racks of servers along with all equipment plugged into them from a data center in Reston, Virginia (leased by a web hoster in Switzerland called DigitalOne). Three racks! This swoop was to try to get closer to the people behind Lulz Security, so many would say that what the FBI were doing was a good thing, but the rights or wrongs of the case do not alter the fact that many innocent bystanders in this will have had their services and data abruptly terminated, simply by being in the wrong place at the wrong time. One of the bystanders affected by this was DigitalOne and their CEO, Sergej Ostroumow was quoted as saying that the “FBI was interesting only in one of the clients and it is absolutely unintelligible why they took servers of tens of clients. After FBI’s unprofessional ‘work’ we can not restart our own servers, that’s why our web site is offline and support doesn’t work.”
Another reason to give people pause for thought. Public cloud is useful – sometimes even essential – but use with caution.
Dave
–
Image credit: Simon Howden
Article first published as A Pitfall of Using the Cloud on Technorati.
July 7th, 2011
There has been increasing focus in recent months on cloud SLAs and how they may impact business. You know what SLAs are, don’t you: they are like terms and conditions – the small print text hardly anybody ever reads when buying a product signing up to a service. Enterprises will be a little more careful with their due diligence but it is still the Wild West out there and very few will know what to look for in such a contract, and I suspect fewer still will know which omissions to check. There is also a new problem beginning to emerge that has been highlighted by a survey made by the Cloud Legal Project at the Centre for Commercial Law Studies (CCLS), within the School of Law at Queen Mary at the University of London in the UK.
The project has been examining a wide range of legal and regulatory issues arising from (obviously public) cloud computing.
The project’s survey of 31 cloud computing contracts from 27 different providers, based on their standard terms of service as offered to customers in the E.U. and U.K., found that many include clauses that could have a significant impact, often negative, on the rights and interests of customers.
Significantly, the survey found that some contracts, for instance, have clauses disclaiming responsibility for keeping the user’s data secure or intact. What is the point in that?
Others reserve the right to terminate accounts for apparent lack of use (potentially important if they are used for occasional backup or disaster recovery purposes), for violation of the provider’s Acceptable Use Policy, or indeed for any or no reason at all. Furthermore, whilst some providers promise only to hand over customer data if served with a court order, others state that they will do so on much wider grounds, including it simply being in their own business interests to disclose the data. Cloud providers also often exclude liability for loss of data, or strictly limit the damages that can be claimed against them – damages that might otherwise be substantial if a failure brought down an e-commerce web site.
There are a number of truly horrifying clauses in the contracts examined that should be well understood before anybody, let alone an enterprise, signs up with a public cloud service. One I find alarming is that providers sometimes give themselves the luxury of altering their contracts as and when they please simply by posting the update on their web site!
Another pothole for consumers (and one I have spoken about a few times before) is that the contracts may well be between an EU consumer and US provider. While the provider may well state terms that are legal in the US, those terms may easily breach EU consumer protection laws.
… service providers usually claim that their contracts are subject to the laws of the place where they have their main place of business. In many cases this is a US state, with a stipulation that any dispute must be heard in the provider’s local courts, regardless of the customer’s location.
It’s a jungle out there. If forewarned is forearmed, then hopefully you have been armed.
Dave
–
Read more here
Image credit: Simon Howden
Article first published as The Devil’s in the Detail on Technorati.
July 4th, 2011
In his recent article on Microsoft’s Skydrive, Steve Cassidy illuminates an often forgotten (or, more likely, ignored) aspect of storage in a public cloud: speed. In a blog post from early 2010, some stark figures were calculated illustrating just how long it can take to not only collect your files, but send them to the public cloud in the first place, and it is interesting to note that after way more than a year the problem is still as present as ever.
Steve’s post looked at a 25 gig payload (since this is the Microsoft offering) where as the post mentioned above looked at 50 gig, so I would suggest both in the same ballpark citing very reasonable storage requirements. In that example the blog calculated that approximately 220 hours would be needed to send the data to the cloud in the first place – that is over a month! This is in accordance with Steve’s assertion that
In reality, given likely upload speeds, we are looking at a couple of weeks to use this method of upload – and that’s for any type of file, not just pictures.
Remember that Steve’s example uses half the storage requirements, and he calculates that 2 weeks would be needed to send the files to the public cloud, tying in nicely with the “4 weeks for 50 gig of data) calculation. Thus a two and a half day requirement to download the files again seems perfectly reasonable – or unreasonable when you consider that this is solid download time to recover your files, that you have typically spent a lot of money asking someone else to store. And let us not forget that during that one month of upload time you will be pretty much unable to use your internet for anything else since upload bandwidth can often destroy download bandwidth: the cost goes way beyond the physical price you would pay for the service.
None of this is the fault of the provider, per se. These companies are offering a very valid service: it is just that the service, by necessity, relies on an infrastructure not designed to cope with it. It all boils down to an old adage that I see surface time and again: Use the right tool for the job.
Dave
–
Read more here
Image credit: Simon Howden
Article first published as Slow, Slow, Quick, Quick, Slow (without the Quick) on Technorati.
July 1st, 2011
Lulz, the hacker group able to claim a number of high profile heads (Sony, Nintendo, Fox, the CIA and the United States Senate to name but a few), have announced they are disbanding. Good news, right? Errr – it is never quite so simple.
While they were operating, Lulz proved themselves to be a pretty formidable force. Their aims, they said, were pure: to show the world just how insecure cyber security really is. And they certainly achieved that, stomping on some of the biggest names on our planet. Then recently they themselves were attacked by a new hacker group calling themselves TeamPoison. TeamPoison defaced the website of Lulz, apparently being unhappy with the methods employed by Lulz to carry out their attacks, calling them a bunch of script kiddies, and then threatened to expose the Lulz core members to help organisations like the FBI come a’ knocking. Some have suggested this played a huge part on the Lulz decision to disband.
Now I do see that it is harder to actually hack into a web site and access data than to perform a DOS (denial of service, where many thousands of automated requests from many different locations bombard a web site until it cannot cope any more) attack on a web site, and possibly more elegant too. Lulz employed both methods of course, using the former against Sony to access their customers’ unencrypted data (shame on you, Sony). But then, to demonstrate some of their own capabilities, TeamPoison have published a great many names and phone numbers allegedly coming from the address book of Tony Blair, former prime minister of the UK.
I find this situation very similar to a scene in Jurassic Park III, where the Tyrannosaurus Rex was killed by the Spinosaurus – until then, everyone (at least I) assumed the T-Rex was the undisputed heavyweight: then something bigger and stronger came along.
We are now in the situation where disbanded Lulz members are forming new groups (or just going it alone), TeamPoison is at large and other groups are hovering out there too. It could be considered a very scary situation, but some good could come out of it too. These groups are showing us just how poor cyber security is and there is a lesson in it for all of us: organisations must step up to the mark and harden their defences; individuals need to decide which data to have out in the public cloud, outside of their control, and for that data only chose trustworthy custodians. In that way, the entire internet could benefit from the undoubted skills of these hackers.
Dave
–
Image credit: scottchan
Article first published as The King is Dead … Long Live the King on Technorati.
June 29th, 2011
The world is eagerly awaiting Apple’s latest foray into cloud provision. Yes, latest. You remember their first attempt with Mobile Me, don’t you? Maybe it would have been more successful had they have called it iMobile Me, or Mobile iMe or iMobile iMe. But I digress.
The idea is a simple one – have all your music on the Apple servers and have those synchronised between your Apple devices (and Vista and Windows 7 too). It will synchronise other kinds of files also. The master stroke, I believe, is to make this free for content originally bought from iTunes. Since Apple are already hosting that content, there is no extra disk space outlay on their part – just a bandwidth hike that I suspect will be easily paid for by the new incentive for their customers to buy music from iTunes over the competition.
So far, so good. But Apple are also offering the synchronisation of up to 25,000 songs that were not bought through iTunes. I find this intriguing. I haven’t bought my songs from iTunes since there are many cheaper suppliers out there, and I was put off initially by their insistence on strapping everything with DRM (sure, they have removed that particular albatross now, but I have a long memory). So for someone like me, it sounds like a great idea. They call it iTunes Match, and what the service will do is identify your songs and, if they hold a copy of that song (which, let’s face it, is likely) they will “convert” your copy in their cloud to their version of it, all at 256-Kbps iTunes Plus quality. So if you own a 128 bit recording, you can have that upgraded to 256 bits for free – once you pay the $25 annual fee. Let me quote exactly what they say …
If you want all the benefits of iTunes in the Cloud for music you haven’t purchased from iTunes, iTunes Match is the perfect solution. It lets you store your entire collection, including music you’ve ripped from CDs or purchased somewhere other than iTunes. For just $24.99 a year.
Here’s how it works: iTunes determines which songs in your collection are available in the iTunes Store. Any music with a match is automatically added to your iCloud library for you to listen to anytime, on any device. Since there are more than 18 million songs in the iTunes Store, most of your music is probably already in iCloud. All you have to upload is what iTunes can’t match. Which is much faster than starting from scratch. And all the music iTunes matches plays back at 256-Kbps iTunes Plus quality — even if your original copy was of lower quality.
Nice. But there’s more.
Suppose you have a load of pirated music. I am sure that you, dear reader, won’t, but there are some out there who will. For $25 Apple are effectively saying they will legitimise your entire music collection! Now that is an interesting proposition.
Dave
–
Image credit: digitalart
Article first published as Has Piracy Met its iMatch? on Technorati.
June 27th, 2011
My young daughter asked me recently if I had a Sony PS3 when I was her age. A Simple enough mistake to make, of course, but it got me thinking about how pervasive technology is. Something that is technologically incredible, something that was utterly unheard of when I was a lad, is now commonplace in homes all over the world. It doesn’t stop there. I am not old – at least I don’t consider my self to be that old – yet as a lad computers simply didn’t exist outside of specialist companies who had paid millions of pounds for hardware you would today laugh at in a modern smart phone.
So she is growing up taking for granted this incredible technology. She wants a mobile phone (I can remember when a house phone – a single house phone – was a luxury afforded to few), has an iPod (how many remember cassettes and records?) and her own computer. Fully teched up, in my view.
There’s a but coming.
But, I am not keen on the way many young people interact with each other these days – or more specifically how they don’t interact. They have their own language, full of short cuts and atrocious spelling. They typically speak, if they speak at all, in grunts. I realise I am starting to sound like my grandmother used to but there is a wider point I am trying to make outside of the “old geezer takes a whack at new fangled youngsters” point. I am well aware that language evolves, English perhaps faster than others, and it is right and proper for it to do so. Aside from the poor spelling and poor grammar that alters the meaning of sentences unless you understand the context in which they are written (I am most certainly against that – “there”, “they’re” and “their” are three very different words – don’t be thick: understand when to use which), I applaud many of the new ways of communicating. Language is a tool for us and if the rules no longer make sense, ignore them. I just feel that electronic communication is simply one way in which we can communicate, and should not be used as a replacement for speech and other forms of interaction.
My daughter loves the couple of games she has on the PS3, and also occasionally enjoys playing on her DS. She also reads; in fact, she devours books at a great pace. She plays with her brother and friends (usually imagination based games) and, when I can, I try to play board games with her (we both love chess). In this way I try to ensure that she has a rounded view of the world and understands that technology is merely a tool rather than an all enveloping lifestyle.
The world is a stunning, beautify place with many sounds, sights and smells that would simply go unnoticed if you spent your whole life immersed in your own little world, with music on demand drowning out birdsong and your DS/whatever blotting out a colourful flower. We own our gadgets – they don’t own us.
Dave
–
Image credit: africa
Article first published as Children and Technology on Technorati.
June 24th, 2011
Popular Science magazine ran a disturbing article on the scale of the security problem facing public cloud usage. The reason is very simple.
U.S. businesses will be spending $13 billion annually on cloud services by 2014, up from $3 billion in 2009, according to market-research firm In-Stat. But the cloud’s prevalence carries a serious risk: As businesses’ operations move to the cloud, all that stored data-everything from personal information to credit-card numbers, as well as businesses’ intellectual property-makes for a huge target. And with its easy access to massive computing power and significant gaps in security, the cloud is very hackable.
A lot of attention in the article is placed on the ability of cyber criminals to crack passwords and create massive botnets using could provided computing power. All very valid, but I personally find these things less worrying. Sure, the potential for massive disruption is worrying, but so is the thought that our species might get wiped out by a massive asteroid hitting our planet: not much I can do about it. The bottom line is that the public cloud is, and has been for over 30 years, an incredibly useful tool. It carries risks but that is part of the price society pays for its usefulness: most wouldn’t consider scrapping all cars simply because criminals could use them to run people over. And anyway, I suspect that type of cloud usage will reduce over time as new controls are put in place to inhibit it.
For me, this was the truly scary bit
Last summer at a DefCon hacking convention in Las Vegas, two security consultants showed a room full of hackers, FBI agents and computersecurity experts how, with only $6 and a few lines of code, they could knock out a company’s website for a full two hours. “Our weapon?” announced David Bryan, a penetration tester at business-security firm Trustwave who goes by the handle VideoMan: “the cloud.”
…
Numbers on how pervasive cloud hacking might now be are hard to come by, in part because cloud providers often ask their clients to keep attacks quiet. But if you ask the hackers, as security firm Fortify Software did at DefCon last summer, you get a scary glimpse into the potential depth of cloud-based crime. Twelve percent admitted to attacking the cloud for financial gain-even scarier given that many DefCon hackers are actually hired consultants like Bryan.
Of course, since then there have been numerous high profile attacks against the likes of Sony, Nintendo and even the CIA’s own website.
I see it as yet another example of a lesson needing to be learned. Don’t publish important stuff in the public cloud – keep your data only with people you can trust.
Dave
–
Read more here
Image credit: Salvatore Vuono
