William Gunaratne's Blog : Rants

MEDC 2007 Europe

wigunara — Wed, 09 May 2007 14:00:00 GMT

MEDC 2007 Europe is THE place to provide a platform for DEEP DIVE sessions on collaborative learning, shared knowledge and practical hands-on development featuring more than 40 technical sessions and labs.

This annual event is tailored for developers and IT professionals who are looking to innovate and scale their mobile and/or embedded development investments, applications and solutions.

MEDC 2007 Europe offers a unique opportunity for your mobile and embedded developer audience to share and enhance knowledge through customized training sessions and experienced presenters.

You can find out more about the event, content and Speakers on the following Web site: www.medc2007.com/europe

Innovation will suffer unless we take a step back

wigunara — Tue, 01 Aug 2006 14:45:00 GMT

So what really Grinds My Gears...

...Solutions to problems created by solutions to problems.

I think the IT industry is particularly bad for that, that's why I don't particularly rate anti-virus, and I'm also not keen on the trend for more and more anti-X technology. We are continuing on a dangerous exercise of creating markets for solutions to problems created by other markets we created to solve other problems, thereby the new markers have no real value add. For an industry, this is bizarre, and its costing our customers money.

We created an operating system with TCP/IP, then a whole generation of applications grew up in the pre-internet war days that were badly designed and could be exploited remotely, so we created firewalls to block TCP/IP ports, and also work-around the fact that TCP/IP was never designed to be used as much as it has, with technologies like NAT. So we invented the firewall which solves a problem in another technology, but then we need to manage this firewall, so suddenly there was a market for centralised firewall management and reporting. But hang on, because of the design of the operating system and application ecosystem we have no controls in place to prevent malicious code from running, firewall or not, so we should write an application that keeps a database of malicious code and prevents it from running (and hey preso, anti-virus was born). NAT is another technology that really shouldn't exist, its solving the problem of limited address space in TCP/IP and has no inherent value in itself, infact it reduces the services available to organisations that use it.

Then the information worker generation came about, and suddenly people had computers at home, and so they wanted to be able to work from home.

We created VPNs, which are a sledge hammer approach to a problem. Sure they allow two networks to be interconnected, but why do the networks need to be interconncted? what services require interconnections? what exactly do the services need to do that requires interconnection? and why can't this be accomplished by re-architecting the services to achieve the desired result directly? Turns out VPN was one sledge hammer too far and a market was suddenly born for VPNless remote connectivity solutions, typically wrapped up in HTTP or HTTPS because all firewalls allow port 80/HTTP, so its easier to adopt (without being any safer than if it used any other port - but that's another issue entirely). So now we have RPC-over-HTTP, thats great, but why don't we just have a new RPC mechanism that can be natively used to transverse the internet? Because if its internet-ready it will have no problem working in a LAN environment.

People will rightly argue that we can't just break everything, ruin our customer's investments and require them to retrain and redevelop thousands of systems, but havevn't we been down this route before so many times?

Someone has to have the proverbial to stand up and say "Betamax is better than VHS". Look what happened with RISC vs CISC, the Intel x86 architecture was born out of a 70's chip for calculators, it has grown (been dragged, kicking and screaming) up and up, 16-bit, then 32-bit, then 32-bit protected mode, now 64-bit, not to mention all the additional extensions that have been bolted on to compensate for the terrible x87 floating point architecture - MMX, SSE, 3DNow!, SSE2, 3DNow! Professional, SSE3, SSE4. As an industry, if we had changed architectures much earlier on - we'd have far more powerful and energy efficient computers today.

Then again, look at "blue sky" projects like Intel Itanium, which was designed to be the uber-architecture of the future. Turns out, it was too ambitious, too much design-by-commitee and will now probably not be realised for a long time (if ever) in any significant way in the marketplace. Passport is another good example, it was the first step in solving some of the fundamental problems of our industry- identity management, which could have been a powerful first step toward solving spam and breaking down security boundries. Security boundries that require VPNs and private LANs. Unified Storage (WinFS anyone?) is another good example.

It seems to me some good ideas are far and few between and too many are falling by the wayside as people produce similar technology that appears to do the same thing on the surface but is really just a modern wrapper for ancient technology.

As an industry, we are good at listening to our customers but not always so great at communicating with them. A typical arguement against change is "protecting customers investment" or "breaking application compatibility", sure those things may happen, but perhaps we should have a broader conversation with the customer about what the changes will mean for the future of computing.

Are we driven to short-sighted solutions by our customers own short-term objectives? Afterall the shelf life of an IT manager or CIO is getting shorter and shorter, they only need to deliver short term results to get their next promotion. Do we need to take a small step back to not only help our customers of today, but our customers of tomorrow and the industry as a whole?

Also, does a bigger trend toward open-standards and interoperability compromise our ability to drive innovation? Do we risk standardising prematurely on a batch of technologies that is a set of compromises, extentions and fixes to fundamentally broken technology. Will this stifle innovation?

Technologies that have found themselves out of their depth are being wrapped up in newer ones, and each time, the stack of cards we are building is getting more and more complex, unwieldy and expensive to manage.

Customers are not challenging us enough, they take for granted that if they deploy an operating system, they'll need a firewall, anti-virus and anti-malware. If they deploy a network they'll need NAT, if they use e-mail they'll need anti-spam. As an industry we should be working together on architectures that solve these problems from the ground-up.

Ok, so I'm being a bit pessimistic I admit. As an industry we do have long term solutions to problems, using the TCP/IP example, we have IPv6 which can rid us of NAT (but will it ever be adopted?). We have web services which in theory can supercede RPC/RMI technologies, and operate across the internet and LANs. private LANs are an interesting concept in themselves, they are another quick-fix to a bigger problem - management, performance and security segmentation.

Somewhere along the line we've lost sight of the big picture. We must rededicate our efforts from quick-fixes to long term solutions. And be brave enough to challenge ourselves to fix the root of the problem rather than add another layer of cards to an already shaky house.

Why File Systems Suck - why putting "My Computer" on the desktop was a big design mistake

wigunara — Thu, 30 Mar 2006 14:01:00 GMT

The PC file system is a double-edged sword. The file systems of DOS/ Windows have allowed the PC Users to enjoy a simple and flexible store for data for a long time. And although it's designed to be a metaphor for traditional file cabinets, with folders and files, in reality, it is just as limited.

Sure, I can use Windows Explorer to move files about, copy them over the network and delete (then recover) them. People felt windows gave them freedom to explore their PC - within the windows environment - because they could access all the data on their Hard Disk, Floppy disk or CD-ROMs. It was called Windows Explorer for a reason, don't get me wrong - I'm not trying to belittle Windows 95 by saying its shell was basically a File Manager - but it was certainly a prominent feature - and one that people liked.

But this level of point-and-click flexibility which Microsoft really committed to with Windows 95 also haunts us today.

Here's why -

It doesn't give us a rich data experience, it allows users to play around with stuff they shouldn't need to and - it doesn't make the separation between executable code and data very well. It doesn't allow files to be "paper clipped" together in the same way they are in the real world - unless you put them in a folder. It doesn't make the separation between replaceable data (i.e. that which came from a CD-ROM or network installation) with that which is original material from the user and the file system boudary is a physical device.

Not only is user data and system data all mixed together on this "all things to all people/programs" store, but the user data can typically only be understood by the Application that was used to create it.

Still keen on the file system?

"But wait" you say - "if you want a rich data experience use why don't you use a database?"

Databases sit atop the file system and provide a standard way (SQL) to access data stored by a proprietary server (i.e. SQL Server, DB2, MySQL etc).

The schema for each table is defined by the author of that table. e.g. there is no de-facto standard for a Contact.

There is another problem - the implementation of SQL tends to vary between vendors. There is another problem still - SQL Implementations tend to be server-based, and therefore have boundaries like file systems do.

So, on the one hand we have File Systems which are too accessible, too simple but have low overhead and can store anything and on the other hand we have Databases which are too complex and too customisable, rely on servers and have high overhead.

So what's the solution?

We need to bring the two concepts together to produce a rich data experience, with the simplicity of a file system. My computer should become "My Data" - that's all I'm interested in, do I care about the fragmentation of my file system, do I care how many files are on the root of drive C: ? Do I want to be able to copy the program files folder? Do I want to trawl through folders to find the right file?

NO!

I want my data, I want other people's data and I want it in a rich way and most importantly - I want it instantly!

So how is Microsoft doing against this yardstick?

Well since Windows 98 we've been trying to sort out the mess of the file system - we added "My Documents", with Windows 2000 we modified Explorer to hide the root of drives and Windows directories by default. With XP we got rid of My Computer from the desktop.

With Windows Vista we'll introduce the first part of that rich search experience, and we'll introduce transactional support for NTFS.

Later we'll introduce WinFS which is our first attempt at bringing a database and file system together.

I have a dream, where C: is irrelevant. I never want to go into "My Computer" again - I don't want to know what the folder hierarchy of my hard drive is, and I don't want to have to wait ages to find anything.

I want to deal with people, document titles and types. If there is an obscure document written by a singe author stored on a server under the stairs in some pokey building in a far away country - I want to be able to find that document in seconds!

If I save a file to my USB memory stick and put it in my pocket - then when I search for that file on my laptop I want it to know that I put that file on that memory stick, I want it to tell me when I did and offer me an offline copy of that memory stick from when it was last inserted - (after all what else are we doing with all that free space on people's hard disks?)

If I'm in a meeting at a customer site with another colleague - and I'm trying to access a document stored at our company HQ - but I have no connectivity, I want my laptop to also query my colleagues laptop to see if his laptop has a copy of this file and access it from there.

I want data at my finger tips, across physical device boundaries and I want to be able to share it with other people seamlessly.

I wait in anticipation...

Does the Anti-virus industry have "The wrong end of the stick"?

wigunara — Mon, 06 Mar 2006 17:30:00 GMT

My previous blogs have brought up an interesting debate about white-listing vs. black-listing. To recap, white-listing is the process of explicitly listing what is good and assuming everything else is not. Black-listing is the process of explicitly listing what is bad, and assuming everything else is good.

The Group Policy article concludes that white-listing is the better approach in the case of Software Restriction Policies, and if you have developer background then the Least Privilege design principle also suggests white-listing is better.

The principle also applies "in the real world" where you require a passport before you can pass through airport security (although often countries also operate a black-list of passports they do not trust)

White-listing examples

· Passports/Driving License/ID Cards

· Security clearance for MOD/DOD

· Software restriction policies

· Credit

· Firewalls

· Operating System File Security

Black-listing examples

· Anti-virus

· Most Website filtering software

· Passports (again)

· Night-club/Bar security

· Police records

· Software restriction policies (again)

· Society in general (innocent until proven guilty)

· Countries

What I want to understand is, fundamentally, are there any criteria to consider before deciding on a white or black listing policy for any given need?

I think so, I think it comes down to

· Average trustworthiness

· Complexity to implement a black listing policy

· Complexity to implement a white listing policy

· Consequences of misplaced trust

Take driving licenses for example

· How much would you trust the average person with a automobile?

· How difficult would it be to implement a black-listing policy for drivers who cause accidents?

· How difficult would it be to implement a white-listing policy, which requires training and a test in order to obtain a license?

· What happens if we don't train and test people before letting them drive?

My answers would be,

· not very much

· very difficult

· even more difficult

· people may not be able to drive at all and may cause fatal accidents.

Given the first and last answers, driving licenses (a white-listing policy) makes sense and overcome the inherent difficulties of a white-listing policy.

Anti-virus and Website Filtering software work on the assumption its good unless the vendor has black-listed the site.

Spam filtering software is an interesting one, typically spam filtering has been a black-listing process, but as spam spiraled out of control there were a number of initiatives (some by Microsoft) to move to a white-listing system. Although ultimately the spam problem is about lack of accountability, and out of the scope of this article, most spam filtering is a mixture of black-listing and heuristics.

Perhaps there should be an anti-virus product for lockdown environments that works on a white-listing principle - for the uber security conscious.

Here is a call for comments- why don't Anti-Virus companies work in reverse and publish a list of known good software. I suggest that, by using the criteria above, there is a case for a white-listing anti-virus product -

1. Average trustworthiness of software is good

2. Difficulty to maintain a black-listing policy - black-listing is a reactive process for anti-virus. As viri come out, the anti-virus vendors must respond, they have no control over the process.

3. White-listing could be managed proactively, scheduled submission dates for testing. The AV vendors do not expose their customers to risk if they don't create a virus definition quickly enough.

4. The consequence of not catching a virus quickly enough, or failing to produce a virus definition update or the customer failing to download the update means the customer could be exposed to malicious code.

This makes a strong case for a white-listing solution, only point 1 defends the existing model.

In addition, consider the following -

· Bad guys don't want their software found. Good guys want everyone to get hold of their programs (usually for commercial reasons).

· IT administrators can simply integrate the list of known good software with their software restriction policy.

· It finally brings anti-virus in line with other white-listing IT security technologies, such as firewalls.

Anti-virus is potentially hit and miss, as there could be a delay between a virus being released into the wild and each anti-virus vendor publishing an update. This is akin to a goal-keeper in soccer (Football to us Brits), if your lucky the goal-keeper will stop the ball (virus), if not the other guys score.

I suggest the industry needs an all-encompassing solution that works using technologies from software restriction policy, anti-virus and Authenticode to provide a white-listing solution. As more and more businesses and governments run their processes on computers - the risk of malicious software running on some computer systems is just too high for a "goal-keeper" approach to defense.