Thursday, April 24, 2014

What Exactly Is "The Cloud?"


All About The Cloud

"The Cloud" as you can probably guess, at a gross level, refers basically to storage on the Internet.  But many companies and people seem to use it for different meanings, almost like it is a loosey goosey definition that is being exploited, definitely misunderstood in may cases.  In fact, you may at some point ask, what's the difference between the Cloud and the Internet?  So this article will strive to blow away all the smoke, and boil it down to its essence.

The Internet, as you may well be aware, is simply a set of interconnections between computers (and here I use the term "computer" to loosely describe some computing device).  This interconnection is a combination of wires and wireless media, and a collection of "protocols" or methods of communicating for specific purposes.  For example, the web uses the "HTTP" protocol, or "HyperText Transport Protocol."  File Transfer Protocol (FTP) is used to transfer files, and so on.  The Internet allows devices to connect and communicate with each other in an open and standardized (and sometimes secure) fashion.  So, what is "The Cloud" - as the Internet is well-defined, we don't need to call it something else, do we?

Basically, "The Cloud" is an euphemism (look up the definition) for storing your own data on someone else's machine that is accessible through the Internet.  It is a really good marketing ploy, a good single, simple term to describe a set of security protocols defined by whomever wants to define them, to allow you to store and access data (such as music, pictures, Office documents, applications, or whatever).  One example of A Cloud, is Google Drive.  This is a primarily web-based system that allows you to store and access files in folder structures, as well as providing hosted applications to edit these files - all on Google's systems (or someone they contract to hold their data, which is really your data).  Another example is Apple's iCloud, which allows you to not only store and share files and has hosted applications, but provides a secure way of storing application settings and experience preferences (like bookmarks, keyboard shortcuts, passwords, and more).  (By the way, iCloud also has hosted applications to find your devices on a map, and access e-mail, contacts, and calendar.)

So, anyone can define anything as a Cloud, as long as it allows you to store and access data across the Internet, securely.  Last year I bought a Western Digital cloud drive, which sets up Internet access to my files from anywhere on the Internet.  Granted, this is a loose definition of the Cloud, but probably still within the arena.

Many companies have had Cloud solutions for years, and many more are getting into it.

The Good And The Bad

So, what's so great about it?  You don't have to manage backups.  These clouds are typically accessible across devices, across operating systems.  Also, you can easily select certain data to share, and you are not e-mailing that data (which may be mega- or gigabytes), but a link to that data.  Many offer features like hosted applications (word processor, spreadsheet, etc. that you can run from a web browser to edit your data), so you never have to install or upgrade these apps.

So, if it's so great, what's so bad about it?  Once you put your data on someone else's system, you are completely in their hands as far as security and trust.  In the original computer paradigm, you create a file, and you store it on your hard drive.  Your computer has to be on, and connected to the Internet, for someone to remotely gain access to it.  This has been relegated to a set of fairly sophisticated hackers, who would have to know that your system exists, and have some interest in putting forth the effort to hack into it.  But now, with these Cloud services, they are huge - and become a huge known target for hackers.  Hackers know that your data is there, and know where to go to get it, and can assume that hacking is worth the effort.

Do you use QuickBooks online, to store your financial information?  Do you put your company's Intellectual Property, which may contain ITAR-regulated Defense designs, in the hands of some third party to which you can't hold liable if some of that data is stolen by foreign nationals, and the Department of Defense comes after you?  Do you put your personal files, containing personal data, on Dropbox, Drive, Microsoft SkyDrive, Amazon S3, or a myriad of other services?

Nowadays, we are riddled with news stories - and I can see the trend.  Traditional forms of computer security that we have held as acceptable, are easily cracked.  New password cracking algorithms, plus with the ability for computers to utilize the CPU and GPU to compute, plus more and more powerful computers, mean they can break through your encryption in minutes or hours instead of years, decades, or centuries.  The Heartbleed bug identified last week, that has been in place for 2 years, is a prime example of a core technology (Open SSL) that is used by most software to secure data, having a vulnerability that hackers have already exploited.  Chances are, we are probably not even aware of most of the worst hacks and thefts.

But, just as insidious I find, is do you really know or trust the company behind your cloud?  Do you trust Apple, Google, Yahoo, Amazon, or the little-heard-of companies that are contracted to store their data?  Do you trust the NSA's access to these data, should they (or their computer software) deem that they need to investigate you?  Because, the more that you put digitally, and the more you put it in the hands of someone else, the more vulnerable you are to the Science Fiction stories where the police hit a few keystrokes and can cross-reference any private or public information to instantly make a decision on who is "bad" to them (ala Continuum).

If you heard of Heartbleed but have no idea what Open SSL is, here's a 2-sentence primer.  Open SSL is a free set of libraries that most software developers use to secure data, such as encrypt Internet traffic or a file on a Cloud drive.  Heartbleed is a vulnerability that allows hackers to easily break that encryption and see what is encrypted, and was introduced in Open SSL 2 years ago, only now to be discovered.

How does that affect you?  Dude.  Dude!  I can guarantee you that at least 90% of everything you do on the Internet that you think of as secure (credit card purchases, cloud storage, password entry, VPN, etc.) uses Open SSL to encrypt the data.  That means that, if anyone is listening or wading through the data you store on other systems, and they know how to exploit Heartbleed, everything you have is an open book to them.  They can get your logon ID's, passwords, bank account numbers - anything you type into a web page that says it is secure, or indeed even if you don't have a web page, but some application that communicates over the Internet.  There is absolutely no guarantee, and no way for most of these companies who host your data, to even know or track if they have been hacked.  Some of the hacking may just be some third party "listening" in on the traffic between their site and you.

I am almost certain that there are vulnerabilities other than Heartbleed, that have not been or may not ever be found.  Who are the perpetrators?  Who knows.  NSA?  CIA?  Al Quaeda?  Syrian Electronic Army?  China?  Russia?  Could be anyone.  I predict in the next several years, the whole concept and practice of security will undergo an overhaul, an upheaval.  Is a simple name and password sufficient?  Not any longer.  What will replace it?  Multifactor authentication?  Biometrics?  Something else?

Either way, be afraid - be very afraid.  The more we use Cloud, the more vulnerable we are.   And there is nothing we can do about it, either legislatively, or legally.

Tuesday, April 22, 2014

Poorer Battery Life with iOS 7?

Recently, Apple released iOS 7, the new software for its "newer" mobile devices (devices introduced within the last few years).  As you may know, it is radically different.  And, its battery consumption is greatly improved, if you disable some new features.

I have heard of some few people who really didn't like the new look, and I recently found out that Apple has not signed the old iOS 6 to allow you to "downgrade" if you already upgraded to 7.  However, mostly, the reaction from people that I have seen and talked to is overwhelmingly positive.

There are some new features that utilize the hardware (and thus drain the battery) more, that I feel most people probably don't want.  So, if you are one of those who upgraded, only to find your battery draining faster, hopefully this will help you out.

1.  Per-App Use of Cellular Data
Definitely, go through the Privacy section of the Settings app, and turn off Cellular Data access to the apps you don't care if they use cellular or not.  For example, all those apps that show ads, you don't need to consume your cellular data plan for that.

2.  Multitasking and Background App Refresh
iOS 7 has greater support for background app execution, which of course means more battery chewed up.  Predictive use based on history means iOS 7 will determine, based on how you use your apps, whether it will allocate background processing to running apps.  For example, if you read your news on the NPR app each morning during breakfast, then before breakfast time if the NPR app is running in the background, it will "wake up" and download the latest news, instantly ready for you during breakfast.  Double-tap your home button and swipe up to "throw out" the running apps you are no longer using.

3.  Location Services
Location Services is Apple's way of making GPS location available to the Apps.  Of course, in order to read the GPS satellites, it has to turn on the antenna and this takes up battery.  There are various aspects of Location Services you can control, such as for what functions you want to make it available.  Some new features that take advantage of this are:

  • Location-Based iAds.  When you see Apple iAd advertising banners in apps, it now can target based on your location.  Translation: Apple makes more money from advertisers wishing to target their ads, but using up your battery to do so.
  • Popular Near Me.  In the App Store, you can now find out apps that are popularly purchased in locations near where you are.  This might be cool, say if you are traveling, don't want to talk to anyone, and just simply find out what people around you buy.  Me, I say who cares.
Scout through the Settings app and see what other tweaks you can find to improve battery life.  One thing I truly love in OS X 10.9 Mavericks is the Energy Consumption calculation.  If you click on the battery icon in the menu bar, you get a list of applications consuming significant energy - so you can close them out.  I wish iOS had something like that!