How to tell it's not a cloud.

People always ask what is cloud computing? - and it's not always simple to explain. Perhaps it's easier to just explain what cloud computing is not.

1. If you can’t buy it on your personal credit card… it is not a cloud

2. If they are trying to sell you hardware… its not a cloud.

3. If there is no API… its not a cloud.

4. If it takes more than ten minutes to provision… its not a cloud.

... and 12 other things that cloud computing is not via James Governor.

Here's what I think cloud computing is all about.

Too Much Energy Efficiency?

Is it possible for technology to be too energy efficient? Looks like that's the case. New LED traffic lights don't produce enough heat to melt the snow that builds up around them.

What's so sacred about 140 characters?

Why 140 characters? The obvious answer, which I'm sure you know, is so that a tweet can fit into the 160 character limitation of an SMS text message. In other words, the Twitter user name (which can be up to 15 characters) followed by the 140 character tweet can all be packaged nicely into a single SMS text message.

Which begs the next question: Why restrict a tweet to the limits set by SMS when this is the World Wide Web? One of the "limitations" of e-mail and the Web is that you need Internet access for connectivity. In developed countries, we take Internet connectivity for granted. Having spend some time living in East Africa I was amazed to see how important SMS was to the locals who don't own computers, printers, or even have an e-mail address. But, nearly all of them had pre-paid cell phones and they used SMS just like we use e-mail (they also had trivial SMS to e-mail and e-mail to SMS bridges).

Additionally, their cell phone networks have features which I wish we had here in the US. Basically, people in developing countries have substituted the computer, printer, and Internet with the cell phone, fax, and the carrier's wireless network. This is how most of the world gets "online" with technology.

Imagine if Twitter didn't just go after the consumer market who own computers and smart phones with Internet access (I'm guessing about one billion people), but, instead, what if Twitter went after every person on the planet who's an active cell phone subscriber (which will reach 4.6 billion by the end of 2009). Now, that would be a fantastic communications tool!

iPhone Bandwidth on Edge, 3G, & WiFi

Script Kiddies SSH Attack Solution

Are you tired of seeing attacks against port 22 (SSH) on your public servers?

The attacks generally look like the following log snippet which is a simple dictionary attack (usually against root or admin).


Nov 15 07:41:58 static-171-163-154-171 sshd[5470]: Failed password for rootfrom 68.152.76.202 port 50818 ssh2
Nov 15 07:41:58 static-171-163-154-171 sshd[5472]: Invalid user password from 68.152.76.202
Nov 15 07:41:58 static-171-163-154-171 com.apple.SecurityServer: authinternal failed to authenticate user password.
Nov 15 07:41:58 static-171-163-154-171 com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.


You could try reporting the offending IP address, but the attacking computer will frequently turn out to be a compromised Windows machine owned by grandma and grandpa.

Solution
Your best bet, after ensuring that you're using a strong password, is to have SSH listen on a port other than 22, such as 8080. Since port 8080 is usually used as an alternative to port 80, attackers will try using the http protocol to exploit it, which will fail before the attack even has a chance to begin. At this point, script kiddies will move along since there are so many other servers, with vulnerabilities, to choose from.

eBay Hacked?

Today, I received some automated spam, related to eBay, through an HTML form submission on one of my websites. While researching it I opened Terminal on my Mac and typed:

whois ebay.com

Imagine my surprise when I scrolled back to the top of the results and saw this.


My immediate thought was that eBay was hacked! But, it turns out that's not the case. Running whois on the Mac just returns all results beginning with ebay.com and some people have taken advantage of that.

It's even worse if you run a whois on microsoft.com.

AWS: Two Account Credentials

Amazon Web Services (AWS) now allows each AWS account to have two credentials. In other words, one AWS account can have two active Access Key ID and Secret Access Key pairs.

Do not confuse this feature with yesterday's announcement by AWS on Multi-Factor Authentication (MFA) which is similar to a SecurID fob.

Two AWS Account Credentials
AWS supports multiple concurrent access keys. This allows you to rotate keys without impact to your applications' availability. AWS recommends that you rotate keys on a regular basis. To rotate keys, create a new key below, update your applications to use the new key, and then deactivate/delete the original key.

You are allowed two access keys at any point in time, and the keys may be in the following states:

So What?
This new feature can ensure a smooth transition when rotating your keys. In the past, when you created new credentials it overwrote your old credentials. You were out of luck if you missed an application or web service that was using the old credentials. Now, you can create new credentials and update your apps. If you notice an app no longer working when you click "Make Inactive" then you can reactivate the old credentials while you fix the problem.

You can find more details when you access your AWS security credentials.

Twitter Redirects: Nice and Clean

Twitter's website begin counting clicks inside of tweets. Obviously, they do this to track stats, i.e. how many people click on links from the Twitter web site.

The interesting thing is that they're passing on the simple referrer that you'd expect. In other words, instead of the referrer looking like:

http://twitter.com/link_click_count?url=http%3A%2F%2Fadjix.com%2Fsx4d&linkType=web&tweetId=3696834541&userId=-1&authenticity_token=8c678e082a5ee88d47f03b05cf6f6887b8903acd

It simply looks like:
http://twitter.com/joeMoreno

This is very clean for link tracking websites like Adjix which track clicks by IP address and referrer:


Update: Just discovered a clear downside - when the Twitter website is slow, clicking on these links are painfully slow since you have to first be redirected by Twitter's servers.

Twitter's "Track" Command: Gone But Not Forgotten.

Twitter used to have a fantastic real time search command: Track

Sometime in 2008 it seems to have been turned off - probably because it generated too much SMS (text messaging) traffic.

Fire!
During the San Diego Wildfires of 2007 I was splitting my time between San Diego (Carlsbad) and Santa Cruz (Capitola). The wildfires broke out over the weekend when I was in the Bay Area. By Monday morning two separate fires were threating our home in Carlsbad. I went to sleep, Monday night, trying to prepare myself, mentally, for what it was going to be like once our home burned down.

Tuesday, as I drove down to Carlsbad, I wanted every piece of information I could find about the fires. Listening to XM channel 247 (emergency channel - a wordplay on 24/7) helped, but it was too broad since it was covering all the fires burning in San Diego, Orange County, and L.A.

This is where Twitter's Track command was a saviour (keep in mind that there were no iPhone apps back then). I simply texted some keywords to Twitter and every time someone's tweet contained one of those words it was relayed to me via SMS. I had Twitter track "Carlsbad" and the major road near my home, "Palomar".

Retweeting wasn't as popular back then as it is now so I received very few duplicate tweets. Nearly every tweet that I received - and I was receiving a new tracking tweet every five minutes - was helpful:
"It doesn't look like the fire's reached Carlsbad."
"Winds dying down and reversing direction - I can see flames from Carlsbad."
"Voluntary evacuation south of Palomar Airport Road."
"KPBS reports that fire in San Marcos, near Carlsbad, is 20% contained."
etc.

Luckily, the closest both fires got to our home was about four miles. Now, if only Twitter could bring back the Track command and ignore retweets.

My Experiences with DNS Hosting

Overview
The Domain Name System, better known as DNS, is probably the most critical part of the Internet. DNS converts domain names, such as google.com, into IP addresses like 74.125.45.100. Since it's so important it's also the most robust and redundant Internet infrastructure in place. Attacks against this system usually go unnoticed by the public. If an attack were to successfully bring down all 13 root name servers then Internet traffic would, for all practical purposes, be unroutable - and the Internet would stop working. Luckily, each root server is actually a farm of servers which appear, from the outside world, as a single server.

Taking Down the Internet
Taking down all 13 root servers at the same time would have the effect of removing every street sign on every road in the world. Unless you know where you're going, and you've been there very recently, then your network packets used for web browsing, e-mail, etc, won't know how to reach their destination.

The Root
Top Level Domains (TLDs) are the last portion of a fully qualified domain name (i.e. .com, .net, .us, etc). To be completely correct, all TLDs end with the same character ("." pronounced "dot"). If you have a decent web browser then the following link should work: http://www.cnn.com./ (include the ending .) If this example doesn't work, then try pinging it from the command line. Think of the . as the root of DNS.

Domain Name Registration
When you purchase a domain name the registrar usually configures your DNS with some default settings. Generally, it'll point your domain to a generic landing page until you either upload your own web page or reconfigure the DNS to point to either another DNS server or web site. Once you've changed a DNS record, it can take some time until ISPs are updated. How long these updates take to propagate is configurable when creating a DNS record - the typical range is from an hour to a day.

DNS Configuration
You have two options when configuring DNS. Either you can configure it through your registrar or you can run your own DNS server. Over the past decade I've tried both methods, extensively.

DNS Self-hosting: QuickDNS Manager
In the beginning, domain registrars did not have sophisticated DNS management tools so I ran my own DNS server using QuickDNS Manager from Men & Mice (They no longer sell this great product, under this name, anymore). QuickDNS made it extremely simple to configure DNS using the QuickDNS Manager's GUI.

Click to enlarge

In this example, the TTL (time to live) column sets how long, in seconds, third party DNS servers (i.e. ISPs) should cache this information before going back to the the registrar. The defaults in the upper right are used when the TTL column is blank for a particular record. Therefore, this DNS configuration tells third party DNS servers to cache the www.example.com and example.com records for 300 seconds (five minutes).

Although self-hosting my own DNS server gave me a huge amount of flexibility the biggest draw back was that it requires a dedicated server machine. Since running a DNS server doesn't require heavy lifting by the server's CPU, I was successful in running my own DNS server for business purposes on an old 233 MHz (Wall Street) and then later a 500 MHz PPC G3 (Pismo) PowerBook with no problem at all. The beauty of using an old laptop as a server is that its battery acts like an internal UPS. As a matter of fact, about five years ago, I used to run e-commerce web servers, mail servers, DNS servers, etc., "on the cheap" using a farm of laptop servers.

There are other many other DNS server software options, but I particularly liked QuickDNS due to its ease of use.

GoDaddy's DNS in the Cloud
These days, it's hard to beat using a DNS service that's hosted in the cloud - especially when, in the case of GoDaddy, it's free. For the cost of registering your domain name (about $10/year), you can configure your domain's DNS either through a web browser or through a text file that can be uploaded and downloaded to/from GoDaddy.

GoDaddy UIs
GoDaddy's DNS notations deviate slightly from the DNS BIND standard, but it still works as expected. Specifically, they have eliminated the need for each domain to end with a dot - after all, it's implicit. Also, when you want to reference the domain's root name (i.e. example.com) you use the @ symbol.

Here's a screenshot of how I've configured AdjixSucks.com to be a static web site hosted on Amazon's S3 (more about hosting websites on S3 can be found here):



Here's the text file, from GoDaddy, which can be downloaded, edited, and then uploaded (Be sure not to upload duplicated DNS records. If there's a duplicate record then GoDaddy will not apply any changes and return an error. This is a great safety mechanism to prevent accidents which could bring down a website.)


Using GoDaddy's web interface, you can configure your DNS record's TTL for 30 minutes, one hour, 12 hours, one day, or one week. To configure with a finer level of granularity, i.e. 300 seconds, you'll have to upload the updates to GoDaddy via a text file.

Out Source or In-house?
While there are other DNS hosting options, and some cost a small amount of money, it makes a lot of sense to use a professional DNS hosting solution instead of running your own DNS server. If you don't own the hardware then you don't have to support it. (While software may have bugs, it never fails in the manner that hardware can.) Due to the critical nature of DNS, third party hosting solutions do an excellent job at supporting this service.