So this week, I launched www.6o.to. This is a URL shortener. Yes, I know that there are *many* services just like this on the internet… or are there? What makes 6o.to special is that it is based on the DNS infrastructure, and an active implementation of a Draft IETF specification I published last year.
Quite simply, the URLs are stored in TXT records via DNS. This means that websites could look these up not by a complex API, but via standard DNS. Of course, this doesn’t exclude *also* having a complex API, but DNS allows for some really cool things.
For instance, one brilliant result of using DNS is the ability to cache content. Individual sites such as universities or large organizations could utilize their existing DNS infrastructure to reduce the effect of numerous redirects, by providing their own internal redirection service.
I realize that the advantages of this new service are highly targeted towards those providing IT infrastructure, rather than the end-user adopting the service. Much of the forward development of this service will be to provide features that the end-user will rave over… stay tuned?
Several months ago, ZFS added deduplication support. This is a brilliant feature which allows duplicate (N) copies of data to be represented only once on disk, rather than keeping multiple (N) copies. Unfortunately, deduplication has many potential security concerns, some obvious and some not-so-obvious. For instance, hashing collisions are an obvious problem and are fairly well-considered in deduplication implementations, this is why ZFS uses the still-secure SHA-256 algorithm.
This article describes the simple method by which any user may determine if data exists elsewhere within a ZFS pool with deduplication enabled. The attacking user must possess write access and the ability to determine the volume’s size/alloc/free statistics. Such statistics may be available via various means such as NFS, Samba, or ‘df’.
The root of this bug originates in the choice of ZFS engineers in their handling of ‘df’. That is, should the deduplication be completely transparent? Should used/allocated space always increase even if it surpasses total space (weird)? Or, rather, should the disk size increase by the deduplicated amount? The ZFS engineers choose, perhaps unfortunately, the latter solution.
The attack is simple. Upon allocating blocks, if the volume’s size increases, then the blocks must have already existed. In contrast, if the volume’s size stays the same, but the allocated space increases, then it is the first copy of the blocks to have been written within the pool.
The best prevention against this attack is not to use deduplication. Success of this attack is based on disk activity, frequent writes of random duplicate blocks will invalidate the delta calculation. This attack is expected to perform best against large continuous blocks, as such data will trigger a larger delta. Unfortunately, it is precisely for large datasets that deduplication is preferred.
The important question, of course, is what are the current practical applications? There are certainly privacy concerns. It should be noted that private cryptographic keys should be relatively safe as the attack is more effective against large datasets.
I’d love to receive feedback,
please email me: eric@windisch.us, or find me on twitter: ewindisch
-
EDIT: I realize that the volume statistics are not visible via ‘df’, nor via NFS or CIFS. You must receive this information from the ‘zfs’ command, or from tools which interface to it. A bug report has been filed in OpenSolaris.
There are no such thing as hosted public clouds.
My belief is that there is no such thing as a hosted public cloud. The private cloud is a solution for a business/consumer to manage their scalability and reliability. These private clouds may have public interfaces, but to the consumer this is not a “cloud” but a single consolidated, non-redundant system. That is to say, the customer has a single point of failure. Once a single point of failure is introduced to a system, it is no longer a cloud. For that reason, no single provider can sell a public cloud, so no such thing a public cloud may possibly exist.
Private clouds may offer public interfaces, and these services have been known as “public clouds”. I think this is a misnomer because building on a single provider, even if that provider has a cloud infrastructure, does not qualify as building on a “cloud”. Anyone building on top of a hosted service is building on “cloud” if, and only if, they are building in a redundant and reliable fashion against multiple points of failure: I.E if they’re also building on top of MORE THAN ONE hosted service provider’s compute platform.
If we must use the term “public cloud”, then this must be used in the singular to as a generalization of hosted services.
In regard to the recent events at Danger/Microsoft, I should note that to the Sidekick community that they were not hosted on the cloud, but instead by a single point of failure. Even if Danger/Microsoft was utilizing a private cloud to host their data, this would not have eliminated the threat of a single point of failure from the perspective of the end-user. I will also extend a warning to the users of Salesforce: You are NOT on a cloud. Salesforce operates their services on a private cloud, but as end-users you are still linked to a single point of failure: Salesforce.com Inc.
In my opinion, the only time in which operating through a single vendor may still qualify as being a “cloud” would be through the use of on-premises software and hardware which is not restricted by DRM, time-locks, or similar limitations. For instance, running VMware software would still qualify as a cloud solution because this software would not suddenly fail to operate if VMware was to be purchased, change their licensing, or through any other course of events. However, it might be argued — I’d argue it — that with Microsoft’s WGA, strict interpretation of this cloud definiation would make it impossible to run a cloud on Microsoft’s current server software line.
Thoughts?
To me, it appears the plan is to
tighten regulation immediately, with the public option only available
in another 4 years. If I’m wrong about this, I’d love to know, I’m embarrassed to admit I don’t know as much about this plan
as I’d like.
Anyhow, if this is true, it means that in preparation for the new
regulations, insurers will drop many of the self-employed and will
raise prices before the new rules take effect. With the public option
available with a 4 year delay, many will be in worse shape than they
are now until that day comes. Knowing conservatives, and the fact
there will be a new congressional and presidential race in that time,
we might even get stuck without any public option at all, and millions
currently insured losing their coverage even after the four year wait.
At least, that is my fear… how the law eventually gets written and
implemented is yet to be seen.
I write this as a self-employed, small business owner whom buys his own private individual insurance in Pennsylvania.
A long-time IRC aquaintance of mine, Zackary Slater (aka zakk), has been running a site called TimeDoctor.org for a number of years. It has been primarily focused on video-games, internet memes, and other various content, but he has asked me to join and provide a more technical slant. His site currently has much wider exposure in the blogosphere than my own, and I’m happy to be joining as a contributing editor.
Today, I have published my first article, “What the heck is cloud computing?“
I encourage you to check it out.
