Cloud Security Alliance Formed Today

March 31, 2009

Being part of cloud computing myself (both on the sending and receiving side of things) and having been part of an information security team a few years ago, I was very pleased to come across this announcement today:

Key leaders within both the information security and cloud computing industries today announced the formation of the Cloud Security Alliance, to be formally launched at the RSA Conference 2009, in San Francisco on April 21, 2009. The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.

Fearless Bytes 2

March 30, 2009

Another collection of articles I’ve come across recently …

Fearless Bytes 1

March 11, 2009

I come across a number of articles that “speak to me” while flipping through my RSS feeds.  I’ll be linking to them here.  I’m a bit behind on my feeds at the moment, so here’s my first chunk …

  • Improving Software Process – A Letter to Upper Management
    • This is pretty much what I believe in.  Many people I work with would probably agree, but don’t practice it or say it’s too expensive to implement.  I’ll continue to disagree on that point and work to provide the business case for implementing much (all?) of what the author suggests.
  • The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
    • I frequently remind others about many of these; it’s nice to have these in one place and to see it  come from MITRE and SANS.
  • Security: Store strings in-memory securely (.NET 2.0+)
    • This piqued my interest because I’ve had to deal with this in a past project (written in C)
  • Agile Architecture Method
    • Even without the Agile aspect of this article, the author covers many key points in what needs to be considered by architects and engineers
  • Planning Poker – Agile Estimating
    • I found this particularly fascinating because it forces cooperative/team planning.  Not only does this help coagulate the team, but shares knowledge and should end up creating a better plan
  • 10 CSS Tips Every Web Developer Should Know
    • I lack the artistic talent required to make a good-looking page — however there are aspects of web development, even when dealing with CSS and JS, that require some foundational knowledge.  I recently rewrote an existing site and needed to learn some basic CSS and JS, and was happy to come across this article

I Hate Waiting Ten Milliseconds

March 8, 2009

My biggest pet peeve about using a PC is waiting on the hard drive.  Even with defragmentation, boot optimization, smart controllers, algorithms, and caches, they’re irritatingly slow — especially when booting.  They’re even more irritating in a laptop because they’re simply not as fast as their desktop counterparts.

I’ve pulled out all the stops in the past — tweaking Windows XP, buying denser hard drives (faster in desktop applications), faster hard drives (Western Digital Raptor), different technology (15,000 RPM SCSI drives in a mirrored configuration using a Mylex RAID controller with 128 MB of cache).  None of these provided the results I was looking for.

I don’t program file systems, firmware, or operating systems — but I never understood why the system was stupid enough to cause the hard drive heads to scatter across the hard drive reading a few KB at a time before moving on to service the request of another application’s request — especially during boot.  This causes the workload to last orders of magnitude longer than if all of the data an application needed in order to bootstrap itself to life occurred in one sequential read.  Of course, this is very hard given the number of DLLs needed to load today’s applications and reordering those DLLs wouldn’t be the right order for another application.  Yup, this starts to get complicated.

Enter the Solid State Drive.  Seek times don’t really matter.  Problem solved, right?  It depends — depends on your workload and how much money you’re willing to spend 🙂  SSD technology is still rapidly developing.  Obviously raw speed is increasing but more importantly, the interfaces between the operating system and the SSD (which includes OS drivers, motherboard chipsets and the SATA controllers) are still designed for old platter technology.  They make assumptions and optimizations that are counterproductive to SSD technology.  Fortunately advances are being made in the controllers on the SSD drives themselves to compensate.  Additionally, Windows 7 has some SSD-specific provisions.

SSDs can be divided into two basic categories — SLC (Single Level Cell) and MLC (Multi Level Cell).  The short version of the difference is that MLC’s write times are slower and generally suffer from “stuttering” during lots of small write operations — something that happens frequently if it’s hosting your operating system.  There are numerous tweaks that can diminish or remove this problem, however.

I’ve been heavily watching and researching the SSD market for several months now, and was excited to see all the reviews on Intel’s X25-E SLC drive.  However, it was only 32 GB at the time, and was $750.  The price rapidly dropped (currently $420), but still gave me pause because I knew I’d end up hating having to worry about the free space on my SSD all the time.  Last month, the 64 GB version came out ($850).  I broke down and purchased it to replace the 200 GB 7200 RPM 2.5″ drive in my Lenovo T60p.

While my T60p can’t nearly make full use of the SSD because it’s SATA I (1.5 Gbps) and has an older chipset (Intel ICH7-based), I can tell you it’s made a vast difference in performance.  It’s actually moved the bottleneck back to the CPU.  Within 2 seconds of entering my password, my desktop is available, the Start menu is usable, and most of the tray icons have already loaded.  What’s awesome (and indicative of how seek times are irrelevant with an SSD) is that I can load FireFox or IE *immediately* even while the last couple of tray icons are loading up.  My 40,000-file Subversion directory is far faster to operate on.  I can load up the large Visual Studio 2005 project I work on far more quickly.  Outlook 2007 with it’s 500 MB PST and 300 MB OST file loads much more quickly.  I can search it much more quickly (I still highly recommend using Windows Search 4‘s Outlook integration).  I can suspend much more quickly.  While I think there’s room for improvment (which I feel I would see if I were to run the SSD on a modern system), I’m pretty happy.  I wouldn’t make the purchase a second time for a second system, however — it’s simply too expensive.

I’ve been a system admin for 15 years and working with computers even longer.  There are a few moments in technological history that stand out in my mind: true multitasking (386 DX), OS/2 (Warp 3), Windows 95, Windows XP, Linux, Cable Internet, etc.  I have a feeling I’ll be remembering SSD as one of those “moments.”