Friday, October 29, 2010

Into every cloud a little rain may fall

One of NZ's leading ISPs has suffered an embarrassing failure which serves to highlight the risks associated with cloud computing

An unspecified number (believed to be in the hundreds) of Orcon customers have discovered that all the emails they believed were safely stored on the ISP's servers have vanished.

Despite the "best efforts" of the ISPs technical staff, it appears that recovering of the missing emails is not possible.

Perhaps the most common form of cloud-computing is web-based email and this incident serves to show just how vulnerable cloud users can be if the provider's backup and disaster-management strategies are flawed.

Although to most people, the loss of their archived web-based email is more of an inconvenience than a major problem, it is claimed that a number of the affected Orcon customers were businesses that now face losses as a result of the missing material.

With the concept of cloud computing infiltrating ever-more areas that were previously the domain of in-house systems, it is crucial that any data stored on the cloud is also backed-up locally "just in case".

While a loss of email messages may be an inconvenience, the loss (for instance) of a year's accounting information, including current invoices, could be crippling for any business forced to face such a disaster.

It would seem prudent to remind those who rely on cloud-based solutions that they should carefully read the contracts under which those services are provided and check that there is compensation available for losses that may result if the service or the data it contains becomes unavailable.

Even better, it would pay to choose a cloud-based provider who also delivers the ability to back up your own data in a format that can be exported to other systems, should the unthinkable happen.

In the meantime, at least some of Orcon's email users will be wishing they had worn their raincoats today.

Friday, October 22, 2010

The people's phone network

Today I came across a very interesting article on the Internet.

It describes a system called "cognitive radio" which, in this case, allows the provision of cellular mobile services on an uncontrolled part of the radio spectrum known as an ISM (Industrial, Scientific and Medicine) band.

There are a number of ISM bands, some of which are recognised around the world as areas where unlicensed transmitters can be used for almost any purpose, so long as they conform to some basic rules.

Perhaps the most well-known ISM band is the one which resides between 2.4GHz and about 2.483GHz (depending a little on the country you're in). This is the band used by Bluetooth devices, wireless video cameras, radio-control systems for models and even microwave ovens.

The system in the article linked to above works on the 900MHz ISM band which is a little more suited for long-range communications but which is not as universally recognised or implemented as the 2.4GHz one.

The big bonus of ISM-band systems is that they don't require specific spectrum allocations for services and therefore allow for much lower costs.

The downside of course, is that each user of these ISM bands isn't guaranteed sole use and therefore some clever techniques have to be implemented to cope with the inevitable prospect of interfering signals created by other users.

In most cases, the interference problem is pretty readily handled by the use of spread spectrum technologies. These allow many different systems to effectively share the same piece of spectrum without significantly affecting each other.

It wasn't too long ago that spread-spectrum technology was pretty much restricted to the likes of military and scientific uses -- the hardware required to create and decode spread-spectrum (SS) signals being complex and expensive. However, as is always the case, advances have meant that SS is now very widely used.

WiFi systems are inevitably SS-based, using a technique known as direct-sequence spread spectrum (DSSS) transmission.

Another widely used SS technique is frequency-hopping spread spectrum (FHSS) which offers its own set of benefits.

Here is an article that explains spread spectrum and the various flavours thereof in a little more detail.

But back to this "cognitive radio" concept...

Some time ago (in another blog) I suggested that the 2.4GHz ISM band would be a great place to create a P2P cellular network whereby the concept of having fixed towers would become redundant. It appears as if the cognitive radio system is part-way there.

Although ISM-based P2P is unsuited to voice, its potential as a method for handling non-realtime information, such as text messages is huge.

My own experiments indicate that as little as 60mW transmitter power when used with an SS system and a small antenna suitable for hand-held devices, can deliver a range of up to 6Kms, depending on terrain and surrounds. It's clear therefore that such a system has a huge potential as a fee-free P2P SMS network, should suitable hardware become available.

Whether or not we actually see a "people's phone network" remains to be seen -- rest assured however, that the technology is here and people are getting interested already.

Friday, October 15, 2010

broadband(its)

Both New Zealand and Australia are working on rolling out national ultra-fast broadband networks, so it's interesting to compare the similarities and differences in the strategies being adopted by two similar countries.

As Kiwis, we really ought to hope that our political overlords aren't planning on following the Aussie example -- or those who don't want or need broadband could be paying a hefty price for opting out.

If our Aussie cobbers don't want an NBN connection and live in Tasmania, they will indeed have to opt out because being "connected" will be the default. What's more, if Aussies do opt out, it will likely cost them a whopping $300 to be connected to the NBN at a later date.

Australian states are also revising their trespass laws so that workers can access sections and dwellings for the purpose of establishing NBN connections without having to gain the owner's permission first.

Another problem is that those who choose not to connect to the Australian NBN when it's launched will eventually find that they have no option, once the existing copper network is decommissioned.

Here in NZ, things aren't nearly as clear.

Our UFB plans are still somewhat liquid but, given the cost of creating such a huge network, it's likely our politicians will give equal consideration to "imposing" it on consumers, whether they want it or not.

The risk that both Australia and NZ (if it follows the same path) face is that when faced with the prospect of connecting to the NBN or being disconnected completely, a growing number may opt for the latter.

Those who don't need high-speed broadband may decide that it's simpler just to rely on mobile technology for their communications.

And that's if some local authorities don't scuttle the national initiative first -- as seems to be the case in Brisbane, where the council has decided that the NBN will take too long to reach its city. They're planning their own $600m network using fibre laid in stormwater drains.

Here in NZ, where the timeframe for implementation is even more tenuous, it's quite possible that in highly populated areas, other independent providers may choose to create their own small broadband networks in advance of the UFB network.

The only thing that is totally clear from observations of Australasia's attempts at implementing nation-wide high-speed broadband networks is that nobody's really too sure exactly how they're going to achieve the goals they've set for themselves.

And, however it's done, there will be costs involved and those costs will be passed on to consumers. If you're Australian, that'll be whether you like it or not.

Friday, October 8, 2010

Microsoft patches wormhole -- maybe.

One of the good things about Microsoft's Windows operating system is that it is normally configured to update itself over the Internet.

One of the bad things about Microsoft's Windows operating system is that updates required to address severe vulnerabilities in its software are sometimes far to frequent for comfort.

And next week, Windows users can expect a larger than normal payload of patches to be automatically downloaded and applied to their Windows-based PCs.

According to advance reports, a staggering 49 security vulnerabilities will be addressed by the upcoming "mega-update", and some of the holes being fixed are listed as "critical".

One of the biggest factors in creating this swathe of updated code is the now infamous Stuxnet worm.

It is claimed that Stuxnet is malware which was specifically designed to infiltrate PCs being used for control and monitoring applications within industry. While most worms have been written primarily to pluck potentially valuable data such as passwords and credit-card numbers from desktop PCs, Stuxnet seems to be a completely different kettle of fish.

By attacking industrial computers and those which often operate in a dedicated role, Stuxnet has sent shockwaves through the SCADA (supervisory control and data acquisition) industry and brings home the growing vulnerability that might arise when relying on such popular software platforms for critical systems.

News reports indicate that one of the biggest infections has been within computers used by the Iranian nuclear industry.

There is also intense speculation that Stuxnet may be a tool created specifically to infiltrate the Iranian Bushehr reactor and glean clues as to whether it is being used for the enrichment of fuel for a possible nuclear weapons program.

If that is the case then the authors of Stuxnet may even have been written by the US government to achieve this goal.

What ever the reasons or role of Stuxnet, its days may be numbered -- after next weeks huge patch-payload from Microsoft.

Unless of course, Microsoft has been asked by those fighting "the war against terror" to leave just enough of an open "window" to allow them to keep peeking inside the Iranian's nuclear developments.

Friday, October 1, 2010

Beware the rogues and scoundrels

I have about half a dozen different domains and websites on the Internet and every year I have to renew the domain-names in order to keep those websites visible to the rest of the world.

All my dot-com names are registered through a single company who has to date, provided me with excellent service at a very reasonable price - so I see no need to change.

I'm also lucky that, having written about scams and rip-offs on the Net for over a decade and a half, I recognise when someone's trying to "pull a fast one".

And so it was when just today I received another domain name renewal invoice in the mail.

The invoice, complete with tear-off remittance advice slip, offered me a 1, 2 or 5-year renewal of my domain -- plus the chance to register the .net and .org versions of that name.

Now, if I were just an accounts payable clerk in a busy company I would probably have checked that the domain name involved actually was the one used by that company and that it was indeed due for renewal and then written out a cheque or scheduled a payment.

That would be a big mistake.

Why?

Because this wasn't an invoice for the renewal of my domain name from the company through which I registered that name at all. It was an invoice from a completely separate company which, through cunning and deception, hoped I would indeed be a busy accounts-payable clerk who'd just pay all the same.

Sure, if I'd paid this invoice my domain name would have been renewed -- but it would also have been transfered away from the company I prefer to deal with and may have even placed the visibility of my website in jeopardy.

Just as bad, this attempted hijack would have also seen me paying three times the price I currently pay.

The company doing this is The Domain Renewal Group and I can't issue a strong enough warning to steer well clear of this crowd.

Their letter is headed "Domain Name Expiration Notice" and says:

"As a courtesy to domain name holders, we are sending you this notification of the domain name registration that is due to expire in the next few months".

and goes on to say:

"You must renew your domain name to retain exclusive rights to it on the Web"

"Failure to renew your domain name by the expiration date may result in a loss of your online identity making ti difficult for your customer and friends to locate you on the web"

Then at the bottom:

"Please detach this stub and include it with your payment"

This is an age-old tactic and is very close to a proforma invoice scam. In my opinion, any company which would resort to such tactics really ought not be trusted with something as important as your domain name registration.

So, if you're part of a larger organisation, please check that your accounts department are aware of this scam and that they make sure to double check any invoice for domain name renewal actually comes from the company that provides your service.

Of course if you're a sole trader or smaller business, you still need to be vigilant because these renewal notices are so cleverly worded and so "invoice-like" that a moment's inattention could cost you a lot of money.

Spread the word.