Thursday, July 30, 2009

iPhone users ponder the price of freedom

Apple has created a pretty good earner for itself by carefully controlling the software users can download and install on their iPhones.

By vetting, approving and controlling the installation of only certain bits of code, Apple can take a clip on the ticket of every "authorized" application users choose to install.

This concept has obvious benefits for users. For a start, they can download new bits of code with reasonable confidence that they're free from malware and meet at least minimum standards of quality and performance.

On the downside, it makes the applications themselves more expensive and limits a user's choice to only those apps Apple itself chooses to allow. This was highlighted recently when it refused to allow Google's Voice product to be installed on its phones, for fear this would upset AT&T by adversely affecting its revenues from regular calls made by iPhone users.

Some users have decided they don't want Apple's imposed software censorship controlling what goes on their iPhone however, and have opted to "jailbreak" their mobile.

Jailbreaking involves circumventing the mechanisms that allow Apple to dictate what constitutes an approved (and thus, revenue-generating) application.

Apple have struck back by claiming that this practice threatens to crash the entire mobile phone system because it opens the doors to untested or malevolent applications that could play havoc with the network infrastructure.

A suitably "hacked" iPhone, Apple says, could create an effective denial of service attack by overloading a celltower, effectively bringing it to its knees.

Advocates of jailbreaking claim Apple is simply trying to spread fear, uncertainty and doubt (FUD) with these claims. They point to the fact that android-based phones ought to pose the very same threat but that nothing bad has happened.

Indeed, when challenged, Apple seem unable to provide any proof that such attacks have ever taken place as a result of a phone that has been jail-broken.

Unfortunately for Apple, the sheer mass and brainpower of hackers will always overpower the attempts of any manufacturer to keep their products "locked" and under central control. It's only a matter of time (if it hasn't happened already) before users can jailbreak their own iPhones and install whatever software they choose -- without the need for Apple's blessing or any kind of

The ease with which Apple's iPhone encryption was cracked is clear proof that the hacker is mightier than the manufacturer.

No doubt a proliferation of jailbreak software will create a degree of mayhem as unsuspecting iPhone users end up loading their mobile with all sorts of malware that masquerades as a useful but uncertified application.

At least now, the choice is one that can be made by the iPhone user, rather than a manufacturer who sees the certification and distribution of applications as a major part of its revenue stream.

This may not see mobile networks crumbling under DOS attacks but it may spawn fertile new ground for evil little sods to install trojans, backdoors and viruses on iPhones. Only time will tell.

Thursday, July 23, 2009

Thunder in the cloud

Cloud computing is getting bigger every day.

Here in GodZone, NZ Post has announced that it will be opting to use Google's email and messaging "cloud" rather than in-house Microsoft applications and I think this is the start of a trend that will continue to grow in coming years.

Why go to all the hassle of running your own mailserver with the attendant issues of hackers, spam, hardware and software maintenance, etc -- when you can effectively outsource this to a big player like Google.

Google has the bandwidth, it has the servers, it has the software and it has the technical nouse required to ensure maximum uptimes.

In short, it's hard to pick fault with NZ Post's decision... isn't it?

Then we have other companies that are considering shifting far more than just their email and messaging services into the cloud, which is what cloud-based service-providers like Xero are relying on.

One vision for the future is that we go back to what is effectively the old thin-client model that was promoted many years ago for the LAN. Why burden indivudual workstations with the overheads of database management, transaction processing etc, when you can offload all that to a very powerful central server or server-farm?

Doesn't this sound like a wonderful scenario...

No more on-site backups, no more worrying about protecting yourself from disaster, either natural or manmade. No more having to regularly update your applications with downloaded patches, massively reduced system administration costs, etc., etc.

But there is one very important fly in the ointment that is the cloud.

What happens when the cloud actually carries a little (or a lot) of rain?

Yesterday morning I tried to log in and check my YahooMail.

All I got was a DNS error. Apparently the DNS entry for one of Yahoo's mailservers had disappeared and as a result, my connection to that particular cloud was severed.

Fortunately this only lasted a few minutes and I don't commit critical communications to a free email account so there weren't any beads of perspiration on my brow.

But what happens when there's a major outage and it's a mission-critical application such as your order-processing or accounting system?

What do you do if the Southern Cross data cable fails and all your offshore-based cloud applications are no longer within reach?

A smart player would make sure they regularly refresh local copies of their cloud data -- but isn't that just as much of a hassle as doing your own backups on an in-house server? Wasn't the outsourcing of this kind of admin one of the big selling features of the cloud?

And, if your business suffers significant losses due to such an outage, where do you go for compensation?

Your ISP won't be interested in providing such compensation. Chances are that they provide service on a "best effort" basis. If you use Xtra/Telecom you might qualify for a $50 phone card or a month's free internet but that's about it.

Even if you try to claim compensation from the operators of the Southern Cross Cable you'll likely get a cold reception.

So it seems that cloud computing has the potential to save SMEs and large organisations a huge amount of money. Unfortunately, it also has the potential to cost them even more.

Before welcoming the cloud with open arms, it might pay to check up on just what your legal position is in respect to compensation if/when things go bad and you're left without access for any significant period of time.

And, unless Google and other cloud service providers start servicing local customers using locally-based servers, there will always be a dark side to the cloud that should be considered by all those contemplating the jump from in-house to web-based applications.

Thursday, July 16, 2009

Be careful out there

It doesn't matter whether you've got the latest patched version of MS Windows, all the antivirus software money can buy, or the most fabulous firewall in the world - you may still be vulnerable to some of the evils lurking online.

If you need proof of this, just look at how often your Microsoft-based PC regularly downloads patches and fixes for brand new, hitherto unknown vulnerabilities that continue to be uncovered and exploited on an almost weekly basis.

The latest round of patches, issued on Tuesday of this week US-time, includes a raft of fix-ups, including a couple of "zero-day" holes that, until fixed, could have compromised the security of any machine targeted by suitably skilled hackers.

And it's not just Microsoft products that place your systems at risk...

The much vaunted Firefox browser has also shown itself vulnerable to nasty security vulnerabilities this week and, at the time of this posting, no fix has yet been issued for this huge hole.

So, apart from running some esoteric, seldom seen operating system and hoping that it's too small a target for hackers to bother with, just what can savvy computer users do to avoid placing their valuable data at risk?

Linux is one answer but it is also not a golden bullet, just look at the long list of security vulnerabilities reported for one distribution of this increasingly popular Windows alternative.

It appears that the best weapon against having your system compromised is vigilance and good practice.

The truth is that no security strategy is any stronger than its weakest component. There's no point in having the most expensive and capable firewall in the world if your users are free to plug in "bought from home" USB drives that may contain malware.

Likewise, there's no point in dropping your guard just because you've invested in the latest and greatest anti-virus software. Although it's a great help, it's far from 100% effective in detecting and eliminating new threats to your system that may infiltrate other first-line defenses.

Perhaps the only real protection against losing valuable data or up-time to malware is a strong sense of paranoia -- and a good set of regularly refreshed backups.

Wednesday, July 8, 2009

Goodbye TV ads, hello Internet ads

TV advertising sucks.

It costs a small fortune to make even a half-decent TV advertisement and even when you do come up with a gem, it soon goes stale after repeated screenings, leaving your audience resentful that you (and your product/service) are interrupting their favourite programmes with your message.

Internet advertising sucks too.

People browsing their favourite website don't want nasty flashing, distracting animated banners, pop-up windows or Flash applets all vying for their attention.

But guess what?

Internet advertising is about to get a whole lot more interesting and TV advertising may soon be so worthless they won't be able to give it away.

A new generation of advertising specialist appears to be surfacing to take advantage of these trends.

These aren't the pony-tailed, latte'-sculling, bran-muffin eaters who have for so long controlled the ad-spend of small and large companies alike. No, these are a bunch of Net-savvy viral marketers who have the potential to offer customers a whole lot more bang for their buck.

Already there are companies appearing who will advise you how to best use new social-media tools such as Facebook and Twitter to promote your product - but I suspect most of them are like the "web-consultants" of old. They really deliver little more than commonsense advice, while charging a fortune for the privilege.

The really good guys are out there coming up with viral marketing strategies that see internet users seeking out their messages and willingly referring them to others in a way that no other medium except the internet can allow.

Some existing TV ads have already gone viral in an almost accidental way, take this Air NZ safety video (YouTube) for example.

With over 3.5 million views, this single video has probably been seen by more people than any of its domestically screened TV ads have been.

And the cost?

Well given that the production costs were already paid before it was put on the internet, this video represents hundreds of thousands of dollars worth of advertising -- for free.

Of course the secret to having a successful viral advertisement that people will actually seek out and watch voluntarily is something that the "experts" will sell you for a fee. However, based on the "bang per buck-spent", it really does look as if viral internet advertising, via YouTube, Twitter or whatever, is the most cost-effective way to promote yourself, your product or
your services right now.

With advancing technology and increasing alternative sources for electronic entertainment, the TV ad might just have had its day and be about to fall from its decades-old position as the "best" advertising medium.

Once again, the internet has shown itself to be a great playing-field leveler. This time it's letting the Net-savvy advertiser reach a huge audience for a fraction the cost it would take to do the same thing using traditional mainstream media methods.

Hooray for the Net!