Thursday, October 11, 2012

When CloudedIssues.com moves home

First of all, ‘Hi’ & ‘Sorry’. Hi, because I haven’t posted to this blog in a while now, & sorry because of the aforementioned.

A brief update is in order;

I’ve stepped away from LootJunkie (for a variety of reasons), & now curate some new self-created podcasts (Origin:Z RetCon & ‘L90URP’) with a good friend of mine, which also use Tumblr. Tumblr is something I’ve been happily using for my own personal blog (IANBERGIN.COM) for some time now.
Following a love/hate relationship with the Blogspot tool for some time now, I’ve been mulling over moving the Clouded Issues blog to a new home. The ability to manage so many ‘blogs’ from a single point on a platform I love for its non-standard approach meant Tumblr was going to win, & it has.

CloudedIssues.com will now full time live on Tumblr. For historical reasons, I will be leaving the old Blogspot.com site active - but without a domain pointing to it (as alot of historical links reference there). I’ve also managed to copy my posts from that across to this (for completeness & to make sure people have a single reference point).

CloudedIssues.com will continue to contain OpEd/Articles/Blogs from me as & when I see appropriate (I think trying to ensure a regular stream of fresh articles while great, is at this point aspirational - but just wholly impossible - there’s not always something to write about for the purpose of this blog). With that, CloudedIssues.com will also now curate interesting articles with some of my own thoughts around the Cloud Computing space.

 If you're reading this & got here via some historical links on some social network or via the Googleverse, you can check out http://cloudedissues.tumblr.com or http://www.cloudedissues.com
 
- Ian

Monday, August 13, 2012

Episode 23: Cloud will never oust the desktop as Mayor

Yup. You did just read that on a Cloud professional's blog. And I meant every word of it. And it's true too. The cloud will never replace the 'desktop machine' (or 'localised IT infrastructural assets' for those who want to be pedantic & play along at home!). And before you say it, your friendly neighborhood cloud sales person isn't right. Your friendly neighborhood cloud sales person wants to sell you services, & all the spoils that come their  way for making their targets. And they've just read that opening salvo & gotten annoyed by it. Very annoyed.

The cloud is very good at a great deal many things. Sure, it can simplify lots of complicated purchasing into 'consume-on-demand' ICT in nice neat easy-to-use services. Sure it means you're not making CAPEX spends in such an indefinite set of economic & trading circumstances that otherwise kills your ability to be flexible to the market. And sure, it means you can offload some expensive aspects of your requirements to being someone else's problem as a managed service. And they're all very laudable selling points.

But, and this is the biggie - Cloud has become something used BY the desktop. That's right. Cloud is an augmentation to the desktop. Access to cloud services still requires a machine with an OS, with storage to install accessibility software of some sort (browsers, VPN clients, dedicated applications etc.). Even on your mobile devices, you're still dependant on them carrying the traditional 'desktop-architecture'  to access your cloud for management or productivity.

And no, desktops in the Cloud isn't the answer. In fact, it's damn near a non-runner. Purely aspirational in-fact. And Why? Much as there are those who are loathe to admit it, Microsoft owns the market when it comes to productivity computing. They also don't allow their Windows desktop licensing to go near ANY form of multi-tenancy solutions for hosted desktops. Sure there's OnLive, but that is a riddle wrapped in an enigma wrapped in a giant 'how-in-the-hell' blanket.

Given the cloud as a whole is multi-tenancy, unless Redmond reverses its stance on Windows Desktop licensing, this will never happen save for those few businesses who implement on-site virtualisation, which will be for reasons other than cost-effectiveness, but only at the 500 seats or more space.

And no, it's not realistic to expect or suppose there'll be a shift by everyone to using a Google Chromebook, or even to ClamCase's laptop dock. It's just not going to happen. Nor is it realistic to expect that everyone is going to shift to tablet computing eschewing notebooks or desktop machines. There's too much of our daily computing lives in the world that simply will not transfer to mobile. That is clearly visible in markets such as MMO gaming with 9.1m players of World of Warcraft, or the 1m players of Star Wars: The Old Republic, or high end games such as EVE online. If anything, mobile computing devices are simply companion devices. Yup, I just said that too - you didn't misread.

Tablet machines are great for low-interaction computing needs from wherever you find comfortable - be it on a giant bean bag, at your favorite coffee shop, or your favorite park on that bench in front of the lake with the ducks, or even lazing on your couch. Smart phones are in the exact same boat. But I can tell you that you are not going to knock out your end-of-year accounts on those devices. Sure, there are some who will say "But Ian, I do." And if you're one of those, good for you. But you're in an extreme minority that isn't growing, nor will it.

And the most important fact is that people fear change. People will not willingly give up the security of their disks in lieu of those in the Cloud. Cloud writers/gurus/warriors/evangelists/bloggers/watchers often live in a world which is purely aspirational, not filled with FUD (which is often perpetuated by cloudwashers & marketeers), & where their ideals exist peaceably. It's a mind share that right now in the current climate just cannot be overcome by slick-salesmanship, good marketing or even divine intervention. And historically, it's an easy to prove case also.

The cloud while nothing revolutionary, does have many chops that can help your business. It can become a very good friend to your business. But, the cloud will forever be just a drinking buddy to your 'desktop'. They'll be best friends. They'll get drunk together, sometimes sing some great tunes while getting along famously, other times they'll fight like a pair of rummies & not talk to each other. But, they will become closer & share even more with each other. And, we will all look on like concerned friends, continuing to wonder how it will all end. And the cloud should accept that. So should you. And your friendly neighborhood cloud sales person.

Blog Awards Ireland Nomination

Yup, that's right. Clouded Issues has been nominated for another award. This time in the category of 'Best Technology Blog' with Blog Awards Ireland . It's nice to see the blog involved in these kind of things. Would it be nice to win? Sure, but it's nice to get it out there to people outside its core readership too.

Yet again, it is the only Cloud Computing blog nominated in its category - much like the Eircom Spiders last year. Fingers crossed - but either way, it'll be a cracking event & a cracking night (this time without the black-tie requirement 8-)  )

Tuesday, August 7, 2012

Episode 22: When the rain from the cloud is just your tears

The tale of Mat Honan's remotely wiped Apple products has now been committed to the lore of the Internet. But this tale as with any comes with a proviso that has long been the anchor of the 'superhero' story; "With great power comes great responsibility." Our reliance on technology as the super-hero in our modern life has set us up for spectacular falls, akin to any great fallen-hero story-arch.

We have great power in our hands with our smart phones, mobile devices, cloud-enabled hand-held & remote technologies, & yet we wield these powers with little to no real responsibility. Mat Honan originally supposed that his accounts were brute force attacked (something he later retracted), but days later we learn they weren't. He was the victim of social engineering; the attackers rang Apple support, managed to pass through their security protocols due to "Apple's centralised single user account approach."

Blaming Apple is easy, but the fact is we are seeing further centralisation of our online lives with more & more of our accounts & services being linked together via our Twitter, OpenID or Facebook accounts. Each node we link in this way just increases our vulnerability. With security compromises of user databases on the rise, our entire 'digital life' faces compromise from any one of the countless services we interlink.

But that's not even the bigger risk. Publicising information about ourselves in such a carefree manner on social networking sites gives 'hackers' (calling them this when we make it this easy for them denegrates those who are 'real' hackers) less work to do when searching for information to use against us in a social engineering scam, when they wish to target someone.

The real threats as a result of our digitalisation is not our own personal Twitter, Facebook, LinkedIn, or Tumblr accounts - the real risk is our employers, & our businesses. As we increase the drive towards BYOD, our personal & business accounts become increasingly intermingled, something Honan discovered when his employer Gizmodo experienced as part of his account compromise, where tweets from Gizmodo were sent by the hacker.

Very few security breaches today are carried out by brute force. Most are the net results of social engineering, or end user stupidity - the breaches of Irish Department of Foreign Affairs systems by people linked to Anonymous earlier this year showed that stupidity really was the over-arching issue, with passwords such as 'Password1', which demonstrated two failures;
  1. A failure culturally within the Department of Foreign Affairs ICT to educate users about the security of ICT systems, & to ensure a clear understanding of the requirement to always operate a 'strong password' policy
  2. A failure of the users themselves to understand that given the sensitivity of information they handle from where they work, that security should always be to the forefront of their thoughts when working within ICT systems
Security breaches are often where 'hacker' opportunism meets 'end user complacency'. I have always maintained that the biggest threat to any business is not external, but at every level inside a business, even more so at executive level. Social Networking as powerful a tool as it is for good to be used by us, can just as easily be turned against us at a moments notice.

To protect you from yourself, there are a few simple steps I would recommend & suggest:
  • every time you "link" a social media account to another account or app, ask yourself "Am I really happy with this connection being made permanently? What's this company's history on security like?"
  • If you authorise an app to link to one of your social networking accounts, regularily review that connection - if you don't find yourself using it often, revoke access until it is absolutely needed again - don't leave authorisations blindly open
  • Who can view your social networking streams? How much information do the reveal about you? Perhaps the only people who should see your streams are those you know, & not the great wide world.
  • Are your personal passwords themed with your work password choices? If they are, address it immediately. 
  • Do you save passwords in your browsers, or directly in applications? If so, remove them. Then change your passwords.
  • Is your password comprised of a word with numbers, even with capitals? If so, this is hacker101 from a dictionary list. Even words where letters are replaced with numbers are straight from hacker101; i.e. 'l33t' should ring a bell with most.
  • Do you use the same password for multiple services? If so, this is a rookie mistake, & often how many online gamers accounts get compromised. Using the same password or variants of over & over is just putting you one step at a time closer to getting burned. Badly.
  • Ask yourself can anything I reveal or have revealed on my social networking sites help lead someone to one or more of my passwords? If your answer is 'yes' or 'I'm not sure', you've a problem you need to address.

Wednesday, July 25, 2012

When CloudedIssues.com is overdue an update

Firstly, I'm going to apologise for my lack of activity on the blog - this has been down to my involvement with the LootJunkie.com project, which has taken a large amount of my time, along with one or two other projects that are currently in development that I really can't speak about until they're a little further along (it kills me to not be able to speak about them - but that's just how it goes). I've a few blog posts for Clouded Issues near completion that I hope to publish up before months end (scouts honor!), & I hope I can return to at the very least one post per month going forward.

Secondly, for those who don't know - I'll be giving a speech at the forthcoming Cloud Summit 2012 event on September 12th in Croke Park Dublin called "When Cloud Meets Copyright" - which will discuss the issues facing the Cloud Computing sector & its customers amidst the ongoing copyright war.

I'd finally like to thank everyone who's been so supportive of the blog, & my other projects -- it means alot!

- Ian

Friday, March 30, 2012

Episode 21: Your legacy in the cloud & your rights (or lack of them)

As we shift more of our lives onto the Internet, & thus into the Cloud, we commit our lives either unconsciously for some or fully in the knowledge for others to big data, big business & profits for big business. It has long been sci-fi lore that humans would interface with computer systems uploading their vast knowledge & consciousness to cyberspace to 'live forever'.

But we don't. We die. And when we pass on, there's an estate that is disposed of either via a will with an executor etc, or via the granting of a letter of administration. But, our worldly possessions now are not just limited to the contents of our homes, bank accounts etc., we're all actually the rights holders to our information, our likenesses, & our works we publish on the Internet (unless you sign them away like FaceBook's terms & conditions).

For a long time in the 20th century, loved ones left behind photographs, slides, books, journals, diaries, mementos from trips, postcards. In the 21st century we're looking at Flickr albums, FaceBook wall entries, Twitter accounts, FourSquare pins, GMails, & countless other digital footprints from our lives. Even our own hard-drives of photos, movies, & music. The legacy of our lives can now be measured in ones & zeros. And with many of these future legacies, a problem arises; access to them to retrieve & pass on.

To use one of my own examples, when my maternal Grandfather passed in the mid 80's, he left an absolute treasure trove of things; photographs, negatives & slides from his countless travels around the world, some of his books with his notes written in them, some of his naval belongings - many of which today, I treasure greatly.

Zip forward about 25 years, & I look at my own little collection. Up until around 2000, I've a fine collection of photographs & negatives, along with trinkets & some writings from countries, cities & towns I've been from around the world. However, after that I'm seeing lots of digital photographs, my musings/writings are exclusively digital. I've e-mail accounts I've held going back to as far as 1995. I've a fantastic collection of gaming moments across a number of MMO games I've played (and some I continue to play today), along with many other exclusively digital assets.

As I go on in years, these will no doubt increase substantially. And when I inevitably pop my clogs, I will have to ensure I've a list of password details written down somewhere to allow my loved ones retrieve everything. But, what happens if something happened before I had time to plan for this eventuality? Should I already be creating a password safe of sorts? Convention on security would tell you creating one of these is absolutely insane, yet on the flip side, how else would loved ones retrieve everything else? It's not as if they can ask the service providers to hand over the data, as the contracts of use are between me personally & the providers, it's not like financial assets after death that form part of an estate.

Which brings on the more interesting question; while our personal data is recognised in data protection acts as our own, should our personal data now in turn form part of our estate legally? Should there be provisions for this in data protection legislation?

In the UK for example, 'property' when dealing with a dead person's estate is defined as follows:

"'Property' includes houses, real estate generally, shares, antiques, jewellery, works of art, and intangible property such as patents and copyrights."

and according to UK law, access to that property happens as follows:

"If the deceased held property in their sole name, and they left a valid will dealing with the property, the property will usually pass in accordance with the will. If the deceased left no valid will, or a will that did not deal with the property, it is dealt with under the law of intestacy.

If the deceased held property with another person or persons, the deceased's executor or administrator needs to find out how the property was owned. Where the property is a house, there should be written documentary evidence of the type of ownership
."

In Ireland, under Ireland's own 1965 Succession Act, property is defined as "includes all property both real and personal", & none of the references seem to make direction to copyrights and or patents. part of the problem globally seems to be the lack of establishment by courts how some one's online services relate to transfer to estates upon their passing. This is not a new issue. It is an issue that has been questioned for a number of years, & a really good example to read is Thomas Scrampton's piece in 2009.

One of the leading writers/speakers on this area is Lillian Edwards, who is currently Professor of e-Governance at Strathclyde University. In mid 2010, she gave a talk at Wolfson College about 'Death & the Web', which raised many interesting statistics. More recently it has again come up for discussion, with Laurence Eastham writing about it for SCL, which was prompted by a press release by UK law firm, Rothera Dawson Solicitors.

And yet, in Ireland as a country pushing forwards as a central player in Digital Europe, apart from us having our cyber security act buried on some civil servants desk now for over a year in the life of this Government, & unimplemented from the last residents of the Government offices, there is no discussion about us moving this important area of legislation, or legislative discussion forward.

It is all well & good to push the agenda of Ireland as a centre of cloud excellence & influence, but if our legislation around data in the cloud continues to be woefully inadequate due to ill informed politicians, civil servants with their own agenda of 'not rocking the boat' & businesses who in general have a poor level of awareness of data protection & their legal requirements/compliance, & a no-one in the legal sector even spotting this is a ball that needs picking up & running with, we are heading for a massive storm amongst our clouds.

As the cloud finds itself becoming part of the discussion on rightsholders & their legal reachs via SOPA/PIPA/ACTA etc - why are we not asking for the rights to our own creations/works/digital assets to remain with us? Surely as the discussion about privacy is front & centre to the Cloud & digital media/social networks, our rights to our own content must become part of that fabric of discussion, & part of the discussion as 'rightsholders' in our own sense.

Tuesday, January 31, 2012

Episode 20: The dirty business of cleaning the Cloud with SOPA

SOPA has become the pariah term for the Internet in recent weeks. In the US, mass lobbying from internet users made it more undesirable than a fart in a spacesuit, & that is saying something. However, the day after the January 18th protests, MegaUpload was taken down by the FBI, citing fraud, money laundering, racketeering, & its founders arrested in New Zealand, pending extradition to the US to face those charges.

Over a week later, the FBI is seeking to confiscate all MegaUpload data that was held on US based servers, whether legitimate or not, & the owners of legitimate data have little to no indication if or even when they will have their property returned to them.

In Ireland, a statutory instrument is being sought for implementation by the music industry there under threat of legal action against the state following the unsuccessful suit by EMI Ireland against Internet Service Provider, UPC, where the judgement laid down that instructions to block sites, and or force disconnections of offending users could not be achieved due to a gap in legislation.

That 'gap' in legislation was due to be plugged last week, were it not for a steam-train of lobbying by Irish Internet users in the 'Stop SOPA Ireland' campaign, which raised the alarm to industry, & internet users alike. It also prompted the Irish Internet Service Providers Association to issue a strongly worded letter against the proposed statutory instrument. ALTO, who represent a group of telecoms companies, also set forward their view opposing the change in law in its current form.

The issue with the secondary legislation due to be passed was the vagueness of how it could/would be used, leaving interpretation wide open to the judiciary, no clear indication of how costs of such challenges would be met (or by who), along with even going so far as having such vagueness to possibly effect the likes of Google, FaceBook, Twitter, LinkedIn & others who operate in Ireland, as no clear-cut guarantees could be given to them not coming under threat from it.

All of which led to over 77,000 signatures on a petition against the legislation in its current form, hundreds of thousands of emails to politicians, calls, on street demonstrations & for the first time, having secondary legislation becoming subject to an open debate in parliament chambers.

The intense increase with which such 'seizure' legislation is being sought worldwide completely undermines the viability of Cloud Computing, as the legislation being sought is often extremely on-sided, does not seek to ensure that access to legitimate information is protected while also allowing the wheels of law to engage against infringing data.

Those seeking the legislation (the movie, music & entertainment industries) claim it is needed to protect their business, while caring nothing for the businesses that will be caught in the crossfire, many of whom will be small to medium enterprises, which will not have resources to extricate themselves from the legal salvos on both sides, while their business suffers.

What is worse is the fact that Governments who are trying to stem the bleed of small business failures are doing nothing to recognise this, or recognise the impact on innocent parties. Even the organisations who represent small business seem to turn a blind eye to this, & don't seem to care how they could in fact one morning as a result of some action being taken wake up to find a membership out of business simply because they failed to be informed, step in to seek consultation, & drive for that.

There is a very real threat out there to the Internet & cloud computing. It is not piracy. It is not copyright infringement. It is over-zealous politicians eager to not offend rights-holders who seek legislation that is potentially incredibly damaging to the growth of our now globalised information & knowledge society.

No-one is disputing that copyright infringement is wrong. No-one is disputing that piracy does hurt businesses in some way. However, the ideology of American-esque 'shock-and-awe' to solve this problem is unhelpful, self destructive & damaging, & the Cloud will suffer, as will the industries around it, those who depend on it to try keep businesses afloat so they can move forward.

The destruction of the Cloud at the hands of ill-thought, ill-considered, under-debated & consulted anti-piracy measures that are enacted with iron fists will cost more jobs globally than the issue of piracy itself.

Today in Ireland, as we debate the issue of how such legislation needs to be approached, thought & consulted, a country seen as leaders in the Cloud will find its fate determined by a Minister of State under pressure to save face, save costs from a legal action & keep Ireland out of the spotlight. Unfortunately, his actions to date have ensured there is one on Irish Government buildings today, & the outcome from the chamber debate.