The Register recently reported on a Cloud customer wanting a refund. This may sound boring. It’s not.
customers who had paid £50 for a year's worth of "unlimited" cloud-based storage were told that they actually had to pay an extra £30 a month for 1TB
As you can image, this triggered some interesting emails, all documented at The Register
As forced by your outragous price increase I have closed the account. I expect a 75%+ refund of the fee I paid you as it was active for less than 3 months. I hope this part of the process is less opaque than your other business dealings.
From this salvo launched by an unhappy customer, the email chain unfolds:
What you may have interpreted as “abuse” is only a statement of fact. At this stage, I am making no comment on the degree of business disruption caused by your self-publicised 8000% mid-contract price increases necessitating additional resources to change provider.
So factually speaking we did not increase our prices 8000%....
Yes, attitude is definitely there and with justification given the difficulties caused by your imposed price increases.
But enough of this silliness. Go check it out yourself, and think about how you would respond to your customers needs:
incapsula has an interesting article on a Layer 7 DDoS attack which attempted to exhaust their server resources.
even at extremely high RPS rates—and we have seen attacks as high as 268,000 RPS—the bandwidth footprint of application layer attacks is usually low, as the packet size for each request tends to be no larger than a few hundred bytes
So when they started receiving a new type of flood, it was an attention getter
...which peaked at a substantially high rate of 163,000 RPS...the real surprise came when we realized that the assault was also consuming bandwidth at 8.7 gigabits per second (!)
It turns out a script was randomly creating large files and attempting to POST to the server. Nasty.
By doing so, the perpetrators were able to create a ginormous HTTP flood, consisting of extremely large content-length requests.
Within the article they get into the routing of the attack and what they did to mitigate.
this assault is a reminder to consider scalability when strategizing defense plans against application layer attacks.
liquid has an article on 34 IFTTT recipes to improve productivity.
Between Slack, Google Drive, and Evernote there is one particular tool that helps us on a daily basis. It’s called IFTTT and the best part about it is, that once it's set up, you don’t have to worry about it anymore.
If you have not used, or do not know what IFTTT is, go check it out. Seriously. It’s pretty damn skippy.
Here are a couple of my favorites:
Have some important content to read for that meeting? This recipe makes you tackle that reading list, item-by-item. By placing all your Pocket articles into a To-Do list (with Todoist):
Ever wanted to write a diary but just don’t have the time? Or maybe you want to track everything you do (just like in recipe 21). This recipe creates an Evernote Journal based on your Google Calendar. Maybe it doesn’t boot your productivity, but at the end of the day, it might come in handy:
A lot of different notes in different places? Well, this IFTTT recipe makes all your notes go in one place. So that even when you just want to use iOS notes to write down an address, it get saved forevernote (pun inteneded):
Just like recipe 26, but this one mutes your phone whenever it detects that you’re at work. Therefore helping you focus on more important tasks, not your phone:
DevOps as an article on development cloud-native while supporting legacy applications.
the organizations that have gone furthest in adopting distributed, scale-out, microservices-based applications are twice as likely to delay converting existing apps to cloud architectures - Red Hat’s Gordon Haff
There is a balancing act between the war horses that support your enterprise and the new, nimble, fleeting cloud apps. What stays on the old iron and what gets ported to the Cloud is becoming an interesting strategic question.
If it ain’t broke, don’t fix it
With the knowledge of fault-tolerance, scalability, and how nimble the Cloud can be, this brings to the table new ideas on how the legacy systems can be brought into the fold.
The Commission today presented its blueprint for cloud-based services and world-class data infrastructure to ensure science, business and public services reap benefits of big data revolution.
Innovate UK Network has a article on EU science cloud to leverage academic research via Big Data.
The initiative aims to overhaul current “insufficient and fragmented infrastructure” and offer the EU's 1.7 million researchers and 70 million science and technology professionals "a virtual environment to store, share and re-use their data across disciplines and borders.”
It’s all fairly standard issue inntiative via PR at europa.eu, but it was the last sentance that caught me eye:
"We will also be looking into the potential of quantum technologies which hold the promise to solve computational problems beyond current supercomputers."
This, to me, is the intesting part. It’s not what we can do with all this data, it’s what we don’t know yet what we can do with all this data.
How’s that title for link bait? CloudDYN has an article on the disappearing space in the Cloud, and what can be expected.
Wait? Disappearing? Well, in 2014 Seagate fired a volley of fear:
Mark Whitby, SVP of branded products at Seagate, walks us through the fascinating world of storage, warning us of the dangers of not producing enough data and introducing us to the concept of the Zettabyte. The world, he says, will produce 44 of these by 2020, which might not sound a lot until you consider that a Zettabyte is 10^21 bytes. -techradar
But that was 2014. Two years later and it’s still a topic.
companies are realizing the huge potential of big data, which can help them understand consumer behavior, better target their marketing strategies and build customer trust - CloudDYN
Where do they see the problem?
(it) is that it’s far easier to generate data than manufacture the capacity to handle it
Sometimes you just need a free site to spin up, for a hackathon, demo, or just to try out something new. Well, the fine folks at POP.co have a detailed, step by step guide on getting you started HERE
We’re all about helping people build their awesome ideas here at POP. What better way to kick off a hackathon or build an MVP than setting yourself up with a free Amazon EC2 instance with Elastic Block Storage and Relational Data Service for free.
For the uninitiated this may cover some tech you are not used to, such as SSH, MySQL, private keys and working in the terminal. But this is setting up a server, and not everything has buttons. Sometimes you have to type something in the CLI :)
Register a Domain with POP
Create a Free Amazon AWS Account
Create your EC2 Instance
Add New DNS Records to POP for your new EC2 Instance
Setup WordPress on your new EC2 Instance
So there you go folks. Everything you need to get a Wordpress site up on the Cloud. For Free!
As you develop in the Cloud you can leverage API’s from other sites for content, mapping and aggregation on you site. For the most part you probably already know what API’s you plan on using, but just in case HERE is a list of API’s you didn’t know where available to you.
Do you have files kept in the Cloud that you access via shortened URLs? It’s not uncommon. Cory Doctorow details HERE the ill effects of these shortened links.
with only six characters to brute force, it's possible to scan all the URLs associated with a cloud service, locate the open shared folders, and poison them with malware while you plunder them for secrets.
Enforcing that obscurity is NOT an effective measure:
security-through-obscurity method of relying on secret URLs leaves users vulnerable to attacks
And as Ron Popeil would say “But wait, there’s more”
By brute-forcing all Google Maps shorteners, you can discover peoples' private addresses and lots of other sensitive information.
Remember people, the Cloud is just someone else’s computer sitting in someone else’s closet. Thread lightly.
Live Chat Social Engineering leads to loss of VPS. This is a horrifying story, detailed eliquently step by step as a site owner watched, before his eyes, his servers dissapear.
Despite having 2factor on the Namecheap account, the VPS panel itself requires no 2factor and allows full serial console to the servers.
At this point I was at the computer and saw a “Thanks for our chat here’s your login/password” email and VPS panel login notifications, and knew right away this was bad.
The post details how the attackers side-stepped 2FA Authentication and gained access to his servers. Then it got worse.
...the hacker decided to give up, but on the way out decided to click the conveniently located “Re-install” button next to each VPS.
And still worse…
Wrong; they have absolutely zero backups...
The lesson that is detailed should be a wakeup call to all of us. Just because it is in the cloud using 2FA Authentication, it really is just a computer sitting in someones closet, controlled by a human with their own little quirks and foibles.
without the social engineering the hacker would have not been able to get into these servers
Google Cloud SQL is easy to use. It doesn't require any software installation or maintenance, and scales effortlessly for demanding applications. Cloud SQL automates replication, patch management, and database management.
Pythian has evaluated the performance of Google’s Cloud SQL Instances using MySQL Workbench.
They provide a break breakdown of their methodology, but the last line says it all (Spoiler Alert!)
Google Cloud SQL High Performance instances performed significantly better than currently being offered Google Cloud SQL Standard Class Instances by a scale of 100-200%
But don’t let that spoil your interest. If you any amount of time in the db, you’ll find their post chaulk full of goodies.
InstantCloud is offering a free server…for 20 minutes. To be truthful I kind of mocked this when it come across my feed, but lo and behold, click the button and up pops up a terminal window along with username/password. Log in and wreck some havoc. 20 minutes at a time.
Ubuntu Wily with Docker - 2 x86 64bits Cores - 2GB of RAM - 50GB SSD disk
I have to admit I’m impressed with how fast it comes into play. Starter VPS is 2.99 euro’s, so about $3.40 in All American Glory.
As of this writing they were still in the invite mode for registration. Hopefully I’ll have more to come about this service.
Leonardo Federico has a great writeup on setting up a new AWS account detailed HERE. He takes you on a step by step journey, and whether a beginner or seasoned pro, provides a wealth of information.
Getting started with AWS account is something tricky especially when you're moving your first steps in the Cloud and you're so impatient to play (exactly as I did when I put this blog up on AWS) with all kinds of these amazing services. That's why having a solid checklist is something extremely important.
What he details is creating your root account, setting up a password policies and monitoring. If you are already working in AWS and would like to add to his checklist, he has posted to Reddit where others have chimed in as well.