Announcing OpenECP: Open Elastic Computing Platform

I am pleased to announce the immediate availability of the Open Elastic Computing Platform (OpenECP) Version 4.0 Alpha (openecp-4.0alpha.tar.gz), provisionally tested on Debian GNU/Linux 5.0 (screenshots). This is an open source fork of the Enomaly ECP product following its abrupt commercialisation in November 2009, which resolves a number of serious security vulnerabilities. For more information refer to:

http://www.openecp.org/

OpenECP is a web-based management platform for Linux-based hypervisors including KVM and Xen which can be used to create "public" and "private" cloud computing environments.

It will always be freely available under the Affero General Public License v3 or similar.

Features

• Xen, KVM, Qemu, OpenVZ, Amazon EC2 support
• Multiple OpenECP server support
• RESTful Web Services API
• Dashboard with metering, chargeback
• Automated virtual machine (VM) deployment

Support
Technical support is provided by the community, however as an open source product anyone is free to support and extend it.

Background
This release was forked from the most recent version of Enomaly ECP as at 2010-02-09 (3.0.4 with a number of additional revisions), as distributed under the Affero GPL v3 by Enomaly, Inc. In order to avoid any potential intellectual property issues, all references to Enomaly™ have been scrubbed from the distribution (in the same way that references to RedHat have been purged from CentOS).

The unmodified Enomaly ECP code (enomaly-ecp-3.0.4.1.tar.gz) is also available along with a non-maintainer release which resolves all known security issues (enomaly-ecp-3.0.4.2.tar.gz) as it appears that Enomaly have no plans to address these outstanding issues.

Private cloud security is no security at all

It's ironic that the purveyors of "Private Cloud" sell their wares on the premise of enhanced privacy and security - a totally unjustified claim which is too often accepted without question - and that they are quick to dismiss the huge benefit of the armies of security boffins employed by "public" cloud vendors (whose future is largely dependent on keeping customer data safe). It's also very convenient for them that the term itself is disparaging of "public" cloud in the same way that "Blog With Integrity" badges imply that the rest of us are somehow unethical (one of the main reasons I personally have and will always dislike[d] it).

It is with that in mind that I was intrigued by Reuven Cohen's announcement today regarding Enomaly, Inc. having recently joined the Intel Cloud Builder Program (whatever that is). It was these two quotes that I found particularly questionable regarding their Enomaly ECP product:

1. Intel was among the first to full(sic) understand the opportunity in enabling a truly secure virtualized cloud computing environments(sic) for service providers and Telco's.
2. Our work with the Intel Cloud Builder Program will help to accelerate our efforts to deliver a massively-scalable, highly-available, high-security cloud platform to our customers.

The reason I'm naturally suspicious of such claims is that I've already discovered a handful of critical security vulnerabilities in this product (and that's without even having to look beyond the startup script - a secure-by-default turbogears component that was made insecure through inexplicable modifications):

1. CVE-2008-4990 Enomaly ECP/Enomalism: Insecure temporary file creation vulnerabilities
2. CVE-2009-0390: Argument injection vulnerability in Enomaly Elastic Computing Platform (ECP)
3. Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh (redux)

I had to dig a little (but not much) deeper for the silent update remote command execution vulnerability. I also inadvertently discovered another serious security vulnerability (sending corporate BestBuy credentials in the clear over the Internet to a 3rd party service), which as it turns out was also developed by Enomaly, Inc. It's only natural that I would be suspicious of any future security claims made by this company.

It doesn't help my sentiment either that every last trace of the Open Source ECP Community Edition was recently scrubbed from the Internet without notice, leaving angry customers high and dry, purportedly pending the "rejigging [of their] OSS strategy". While my previous attempts to fork the product as Freenomalism failed when we were unable to get the daemon to start, having the code in any condition is better than not having it at all. In my opinion this is little more than blatantly (and successfully I might add) taking advantage of the Open Source community for as long as necessary to get the product into the limelight. Had they not filled this void others would certainly have done so, and the Open Cloud would be better off today as a result.

As part of cloud standards work I was interested in taking a look at the "secure" mechanism they developed for distributing virtual machines:

VMcasting is an automatic virtual machine deployment mechanism based on RSS2.0 whereby virtual machine images are transferred from a server to a client which securely delivers files containing a technical specification and virtual disk image.

Another bold claim that initially appeared justified by a simple but relatively sensible embedding of crytpographically strong checksums into descriptor and manifest files that were in turn digitally signed using GPG. Unfortunately no consideration was given to the secure retrieval of the archive itself (nor the RSS feed listing the archives for that matter), nor were signatures actually required by the specification, meaning that it would be trivial for an attacker to insert their own unsigned packages and/or replace existing signed packages with modified, unsigned ones. Or replaying an older, signed version of an insecure workload for that matter.

Fortunately an attacker need not even go to these lengths as despite acknowledging the need for digital signatures in the VMcasting specification, none of the security features appear to have been implemented in Enomaly ECP itself. Worse still, it won't even let you use SSL if you're sensible enough to try:

if url[0].lower not in ("http", "ftp"):
raise E2UndefinedError(_("Unknown scheme in package URL."))

Think you're safe if you keep everything on your own network (that's the whole point, right?). Don't be so sure, as the vmfeed module quietly registers these HTTP URLs for you:

• http://enomalism.com/vmcast_appliances.php [archived copy]
• http://enomalism.com/vmcast_modules.php [archived copy]

Sure enough if you retrieve the first URL you'll get a feed of "virtual appliances" like this one (delivered over HTTP from Amazon S3 no less) and as expected, if you untar it you'll see that there's no signatures whatsoever. Don't get me started on the myriad vulnerabilities no doubt present within the appliances themselves given their age - packaging applications as virtual machines is a notoriously bad idea and one that I hope will be overrun by containers/platforms in the not too distant future.

But wait, there's more - being able to run workloads of your choice (e.g. trojan horses, network scanners, etc.) within your victim's network is one thing, and being able to obtain and reverse engineer their existing workloads (given there's no catering for authentication) another, but taking over the management system itself is where there's real fun to be had. Fortunately all you need to do is set the MIME type to application/python-egg rather than application/enomalism2-xvm2 and this little chestnut gets invoked, quietly unzipping and forcibly installing the supplied python module:

elif self.get_mime()==EGG_MIME:
tx.update("Installing Python egg.", 90)
target=os.path.join(settings.repodir,\
self.get_uuid().replace("-","_")+".egg")
shutil.move(filename, target)
self.install_python_egg(target)

The vmcast_modules feed currently advertises the e2_drivemounter, e2_exception and e2_phone_home modules which are all available for download, again over HTTP, from http://enomaly.com/fileadmin/eggs/.

Anyway I'm sure there'll be backpedalling, downplaying, shooting-the-messenger, etc. which is why you're reading this here rather than in a vulnerability announcement. While the bugs are obviously unconfirmed this still illustrates my point nicely - don't take it for granted that private cloud offerings are secure, and in the unlikely event that the systems themselves are secure, don't assume you or your provider can run them in a more secure fashion than a "public" cloud provider could.

Incidents like this go a long way towards realising one of my predictions for 2010 (or should I say @philww's "considered prediction") in that Private clouds will be discredited by year end.

Update: Following Enomaly, Inc.'s CEO denying access to the source, a "Strategic Advisor and Board Member" downplayed the issues (below), once again claiming "many of the items above have been addressed in [other] editions" and once again failing to provide any details or code for verification. Finally, the CTO tweeted "Seriously, reviewing software you've never tried is like reviewing book you've never read or a movie you've never watched. #Fail" and promptly blocked me.

Given Enomaly claimed to have 15,000 users some 18 months ago and 15,000 organisations more recently (both officially and unofficially), if they're to be believed then that's a lot of people left high and dry by the outstanding vulnerabilities, not to mention their having pulled the source. It's also more than enough motivation to announce the release of OpenECP: Open Elastic Computing Platform.

Whether the community run with it is yet to be seen but in any case it fills the void left by Enomaly ECP, throws stranded customers a lifeline and may just coax the company into being better behaved with respect to security issues and the open source community. Time will tell.

Face it Flash, your days are numbered.

It's no secret that I'm no fan of Adobe Flash:

• Why Adobe Flash penetration is more like 50% than 99%
• Towards a Flash free YouTube killer (was: Adobe Flash penetration more like 50%)
• HOWTO: Fix OS X by uninstalling Adobe Flash

It should be no surprise then that I'm stoked to see a vigorous debate taking place about the future/fate of Flash well ahead of schedule, and even happier to see Flash sympathisers already resorting to desperate measures including "playing the porn card" (not to mention Farmville which, in addition to the myriad annoying, invasive and privacy-invading advertisements, I will also be more than happy to see extinct). In my mind this all but proves how dire their situation has become with the sudden onslaught of mobile devices deliberately absent flash malware*.

Let's take a moment to talk about statistics. According to analysts there are currently "only" 1.3 billion Internet-connected PCs. To put that into context, there are already almost as many Internet-connected mobile devices. With a growth rate 2.5 times that of PCs, mobiles will soon become the dominant Internet access device. Of those new devices, few of them support Flash (think Android, iPhone), and with good reason - they are designed to be small, simple, performant and operate for hours/days between charges.

As if that's not enough, companies with the power to make it happen would very much like for us to have a third device that fills the void between the two - a netbook or a tablet (like the iPad). For the most part (again being powered by Android and iPhone OS) these devices don't support Flash either. Even if we were to give Adobe the benefit of the doubt in accepting their deceptiveoptimistic claims that Flash is currently "reaching 99% of Internet-enabled desktops in mature markets" (for more on that subject see Lies, damned lies and Adobe’s penetration statistics for Flash), between these two new markets it seems inevitable that their penetration rate will drop well below 50% real soon now.

Here's the best part though, Flash penetration doesn't even have to drop below 50% for us to break the vicious cycle of designers claiming "99% penetration" and users then having to install Flash because so many sites arbitrarily depend on it (using Flash for navigation is a particularly heinous offense, as is using it for headings with fancy fonts). Even if penetration were to drop to 95% (I would argue it already has long ago, especially if you dispense with weasel wording like "mature markets" and even moreso if you do away with the arbitrary "desktop" restriction - talk about sampling bias!) that translates to turning away 1 in 20 of your customers. At what point will merchants start to flinch - 1 in 10 (90%)? 1 in 5 (80%)? 1 in 4 (75%)? 1 in 2 (50%)?

As if that's not enough, according to Rich Internet Application Statistics, you would be losing some of your best customers - those who can afford to run Mac OS X (87% penetration) and Windows 7 (around 75% penetration) - not to mention those with iPhones and iPads (neither of which are the cheapest devices on the market). Oh yeah and you heard it right, according to them, Flash penetration on Windows 7 is an embarassing 3 in 4 machines; even worse than SunOracle Java (though ironically Microsoft's own Silverlight barely reaches 1 in 2 machines).

While we're at it, at what point does it become "willful false advertising" for Adobe and their army of Flash designers to claim such deep penetration? Victims who pay $$lots for Flash-based sites only to discover from server logs that a surprisingly large percentage of users are being turned away have every reason to be upset, and ultimately to seek legal recourse. Why hasn't this already happened? Has it? In any case designers like "Paul Threatt, a graphic designer at Jackson Walker design group, [who] has filed a complaint to the FTC alleging false advertising" ought to think twice before pointing the finger at Apple (accused in this case over a few mockups, briefly shown and since removed, in an iPad promo video).

At the end of the day much of what is annoying about the web is powered by Flash. If you don't believe me then get a real browser and install Flashblock (for Firefox or Chrome) or ClickToFlash (for Safari) and see for yourself. You will be pleasantly surprised by the absence of annoyances as well as impressed by how well even an old computer can perform when not laden with this unnecessary parasite*. What is less obvious (but arguably more important) is that your security will dramatically improve as you significantly reduce your attack surface (while you're at it replace Adobe Reader with Foxit and enjoy even more safety). As someone who has been largely Flash-free for the last 3 months I can assure you life is better on the other side; in addition to huge performance gains I've had far fewer crashes since purging my machine - unsurprising given according to Apple's Steve Jobs, "Whenever a Mac crashes more often than not it’s because of Flash". "No one will be using Flash, he says. The world is moving to HTML5."

So what can Adobe do about this now the horse has long since bolted? If you ask me, nothing. Dave Winer (another fellow who, like myself, "very much care[s] about an open Internet") is somewhat more positive in posing the question What if Flash were an open standard? and suggesting that "Adobe might want to consider, right now, very quickly, giving Flash to the public domain. Disclaim all patents, open source all code, etc etc.". Too bad it's not that simple so long as one of the primary motivations for using Flash is bundled proprietary codecs like H.264 (which the MPEG LA have made abundantly clear will not be open sourced so long as they hold [over 900!] essential patents over it).

Update: Mobile Firefox Maemo RC3 has disabled Flash because "The Adobe Flash plugin used on many sites degraded the performance of the browser to the point where it didn’t meet Mozilla’s standards." Sound familiar?

Update: Regarding the upcoming CS5 release which Adobe claims will "let you publish ActionScript 3 projects to run as native applications for iPhone", this is not at all the same thing as the Flash plugin and will merely allow developers to create applications which suck more using a non-free SDK. No thanks. I'm unconvinced Apple will let such applications into the store anyway, citing performance concerns and/or the runtime rule.

Update: I tend to agree with Steven Wei that The best way for Adobe to save Flash is by killing it, but that doesn't mean it'll happen and any case if they wanted to do that they would have wanted to have started at least a year or two ago for the project to have any relevance, and it's clear that they're still busy flogging the binary plugin dead horse.

Update: Another important factor I neglected to mention above is that Adobe already struggle to maintain up-to-date binaries for a small number of major platforms and even then Mac and Linux are apparently second and third class citizens. If they're struggling to manage the workload today then I don't see what will make it any easier tomorrow with the myriad Linux/ARM devices hitting the market (among others). Nor would they want to - if they target HTML5, CSS3, etc. as proposed above then they have more resources to spend on having the best development environment out there.

* You may feel that words like "parasite" and "malware" are a bit strong for Flash, but when you think about it Flash has all the necessary attributes; it consumes your resources, weakens your security and is generally annoying. In short, the cost outweighs any perceived benefits.

HOWTO: Set up OpenVPN in a VPS

If, like me, you want to do any or all of the following things, you'll want to tunnel your traffic over a VPN to a remote location:

• Access media services restricted by geography (Hulu, FOX, BBX, etc.)
• Bypass draconian censorship
• Conceal your identity/location/etc.
• Protect your machine from attackers
• etc.

You could of course use a commercial service like AlwaysVPN in which case you typically pay ($5-10) per month or (~$1) per gigabyte, but many will prefer to run their own service. FWIW AlywaysVPN has worked very well for me but it's time to move on.

First thing's first you'll want to find yourself a remote Linux server, and the easiest way to do so is to rent a virtual private server (VPS) from one of a myriad providers. No point spending more than 10 bucks a month on it as you don't need much in the way of resources (only bandwidth). Check out lowendbox.com for VPS deals under $7/month or just run with a BurstNET VPS starting at $5.95/month for a very reasonable resource allocation (including a terabyte of bandwidth!).

Once you've placed your order and passed their fraud detection systems (which includes an automated callback on the number you supply) you'll have to wait 12-24 hours for activation, upon which you'll receive an email with details for accessing your vePortal control panel as well as the VPS itself (via SSH). You'll get 2 IP addresses and I dedicated the second to both inbound and outbound traffic for VPS clients (which live on a 10.x RFC1918 subnet and access the Internet via SNAT).

If you didn't already do so when signing up then choose a sensible OS in your control panel ("OS Reload") like Ubuntu 8.04 - a Long Term Support release which means you'll be getting security fixes for years to come - or better yet, 10.4 if it's been released by the time you read this (it's the next LTS release). Do an "apt-get install unattended-upgrades" and you ought to be fairly safe until 2015. You're also going to need your TUN/TAP device(s) enabled which involves another trip to the control panel ("Enable Tun/Tap") and/or a helpdesk ticket (http://support.burst.net/). If /dev/net/tun doesn't exist then you can create it with "mknod /dev/net/tun c 10 200".

To install OpenVPN it's just a case of doing "apt-get install openvpn"... you could also download a free 2-user version of OpenVPN-AS from http://openvpn.net/ but I found it had problems trying to load netfilter modules that were already loaded so YMMV. If you want support or > 2 users you'll be looking at a very reasonable $5/user - you're on your own with the free/open source version but there's no such limitations either.

OpenVPN uses PKI but rather than go to a certificate authority we'll set one up ourselves. EasyRSA is included to simplify this process so it's just a case of doing something like this:

cd /usr/share/doc/openvpn/examples/easy-rsa/2.0
. ./vars
./clean-all
./build-ca
./build-dh
openvpn --genkey --secret ta.key
./build-key-server server
./build-key client1
./build-key client2
./build-key client3

It'll ask you a bunch of superflous information like your country, state, city, organisation, etc. but I just filled these out with '.' (blank rather than the defaults) - mostly so as not to give away information unnecessarily to anyone who asks. The only field that matters is the Common Name which you probably want to leave as 'server', 'client1' (or some other username like 'samj'), etc. When you're done here you'll want to "cp keys/* /etc/openvpn" so OpenVPN can see it.

Next you'll want to configure the OpenVPN server and client(s) based on examples in /usr/share/doc/openvpn/examples/sample-config-files. I'm running two - one "Faster" one for the best performance when I'm on a "clean" connection (which uses udp/1194) and another "Compatible" one for when I'm on a restricted/corporate network (which shares tcp/443 with HTTPS). I did a "zcat server.conf.gz > /etc/openvpn/faster.conf" and edited it so it (when filtered with `cat faster.conf | grep -v "^#" |grep -v "^;" | grep -v "^$"`) looks something like this:

local 173.212.x.x
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.9.0.0 255.255.255.0
ifconfig-pool-persist faster-ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
tls-auth ta.key 0
cipher BF-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/faster-status.log
log-append /var/log/openvpn/faster.log
verb 3
mute 20

Noteworthy points:

• local specifies which IP to bind to - I used the second (of two) that BurstNET had allocated to my VPS so as to keep the first for other servers, but you could just as easily use the first and then put clients behind the second, which would appear to be completely "clean".
• We're using "tun" (tunneling/routing) rather than "tap" (ethernet briding) because BurstNET use venet interfaces which lack MAC addresses rather than veth. Wasn't able to get bridging up and running, as originally intended.
• There are various hardening options but to keep it simple I just run as nobody:nogroup and use tls-auth (having generated the optional ta.key with "openvpn --genkey --secret ta.key" above).
• Pushing Google Public DNS addresses to clients as they won't be able to use their local resolver addresses once connected. Also telling them to route all traffic over the VPN (which would otherwise only intercept traffic for a remote network).
• Configured separate log files and subnets (10.8.0.0/24 and 10.9.0.0/24) for the "faster" and "compatible" instances.

The "compatible.conf" file varies only with the following lines:

port 443
proto tcp
server 10.8.0.0 255.255.255.0
status /var/log/openvpn/compatible-status.log
log-append /var/log/openvpn/compatible.log

Next you'll want to copy over client.conf from /usr/share/doc/openvpn/examples/sample-config-files (but set 'AUTOSTART="compatible faster"' in /etc/default/openvpn so it's ignored by the init scripts).

client
dev tun
proto udp
remote 173.212.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca burstnet-ca.crt
cert burstnet-client.crt
key burstnet-client.key
ns-cert-type server
tls-auth burstnet-ta.key 1
cipher tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA
cipher BF-CBC
comp-lzo
verb 3

As I've got a bunch of different connections on my clients I've prepended "burstnet-" to all the files and called the main config files "BurstNET-Faster.conf" and "BurstNET-Compatible.conf" (which appear in the Tunnelblick menu on OS X as "BurstNET-Faster" and "BurstNET-Compatible" respectively - thanks to AlwaysVPN for this idea). The only difference for BurstNET-Compatible.conf is:

proto tcp
remote 173.212.x.x 443

You're now almost ready for the smoke test (and indeed should be able to connect) but you'll end up on a 10.x subnet and therefore unable to communicate with anyone. The fix is "iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT --to-source 173.212.x.x" (where the source IP is one of those allocated to you).

Being paranoid though I want to lock down my server with a firewall, which for Ubuntu typically means ufw (you'll need to "apt-get install ufw" if you haven't already). My ufw rules look something like this:

# ufw status
Status: active

To                         Action  From
--                         ------  ----
Anywhere                   ALLOW   1.2.3.4
1194/udp                   ALLOW   Anywhere
443/tcp                    ALLOW   Anywhere

The first rule allows me to access the server from home via SSH and 1194/udp and 443/tcp allow VPN clients in. To allow the clients to access the outside world we're going to have to rewrite their traffic to come from a public IP (which is called "SNAT"), but first you'll want to enable forwarding by setting DEFAULT_FORWARD_POLICY="ACCEPT" in /etc/default/ufw. Then it's just a case of adding something like this to /etc/ufw/before.rules:

# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]

# SNAT traffic from VPN subnet.
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT --to-source 173.212.x.x
-A POSTROUTING -s 10.9.0.0/255.255.255.0 -j SNAT --to-source 173.212.x.x

# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT

You may need to enable UFW ("ufw enable") and if you lose access to your server you can always disable UFW ("ufw disable") using the rudimentary "Console" function of vePortal.

On the client side you've got support for (at least) Linux (e.g. "openvpn --config /etc/openvpn/BurstNET-Faster.conf"), Mac and Windows and there's various GUIs (including OpenVPN GUI for Windows and Tunnelblick for Mac OS X). I'm (only) using Tunnelblick, and after copying Tunnelblick.app to /Applications I just need to create a ~/Library/openvpn directory and drop these files in there:

• BurstNET-Compatible.conf
• BurstNET-Faster.conf
• burstnet-ca.crt
• burstnet-client.key
• burstnet-client.crt
• burstnet-ta.key

When Tunnelblick's running I have a little black tunnel symbol in the top right corner of my screen from which I can connect & disconnect as necessary.

I think that's about it - hopefully there's nothing critical I've missed but feel free to follow up in the comments if you've anything to add. I'm now happily streaming from Hulu and Fox in the US, downloading Amazon MP3s (using my US credit card), and have a reasonable level of anonymity. If I was in Australia I'd have little to fear from censorship (and there's virtually nothing they can do to stop me) and as my machine has a private IP I'm effectively firewalled.

NoSQL "movement" roadblocks HTML5 WebDB

Today's rant is coming between me and a day of skiing so I'll keep it brief. While trying to get to the bottom of why I can't enjoy offline access to Google Apps & other web-based applications with Gears on Snow Leopard I came across a post noting Chrome, Opera to support html5 webdb, FF & IE won’t. This seemed curious as HTML5 is powering on towards last call and there are already multiple implementations of both applications and clients that run them. Here's where we're at:

• Opera: "At opera, we implemented web db [...] it’s likely we will [ship it] as people have built on it"
• Google [Chrome]: "We’ve implemented WebDB … we’re about to ship it"
• Microsoft [IE]: "We don’t think we’ll reasonably be able to ship an interoperable version of WebDB"
• Mozilla [Firefox]: "We’ve talked to a lot of developers, the feedback we got is that we really don’t want SQL [...] I don’t think mozilla plans to ship it."

Of these, Microsoft's argument (aside from being disproven by existing interoperable implementations) can be summarily dismissed because offline web applications are a direct competitor to desktop applications and therefore Windows itself. As if that's not enough, they have their own horse in this race that they don't have to share with anyone in the form of Silverlight. As such it's completely understandable (however lame) for them to spread interoperability FUD about competing technology.

Mozilla's argument that "we really don't want SQL" is far more troublesome and posts like this follow an increasingly common pattern:

1. Someone proposes SQL for something (given we've got 4 decades of experience with it)
2. Religious zealots trash talk SQL, offering a dozen or so NoSQL alternatives (all of which are in varying stages of [early] development)
3. "My NoSQL db is bigger/better/faster than yours" debate ensues
4. Nobody does anything

Like it or not, SQL is a sensible database interface for web applications today. It's used almost exclusively on the server side already (except perhaps for the largest of sites, and even these tend to use SQL for some components) so developers are very well equipped to deal with it. It has been proven to work (and work well) by demanding applications including Gmail, Google Docs and Google Calendar, and is anyway independent of the underlying database engine. Ironically work has already been done to provide SQL interfaces to "NoSQL" databases (which just goes to show the "movement" completely misses the point) so those who really don't like SQLite (which happens to drive most implementations today) could conceivably create a drop-in replacement for it. Indeed power users like myself would likely appreciate a browser with embedded MySQL as a differentiating feature.

In any case the API [cs]hould be versioned so we can offer alternatives like WebSimpleDB in the future. Right now though the open web is being held back by outdated standards and proprietary offerings controlled by single vendors (e.g. Adobe's AIR and Microsoft's Silverlight) are lining up to fill in the gap. Those suggesting "it's worth stepping back" because "there are other options that should be considered" which "might serve those needs better" would want to take a long, hard look at whether their proposed alternatives are really ready for prime time, or indeed even necessary. To an outsider trying to solve real business problems today a lot of it looks like academic wankery.

Press Release: Cloud computing consultancy condemns controversial censorship conspiracy

SYDNEY, 24 December 2009: Sydney-based Australian Online Solutions today condemned the government's plans to introduce draconian Internet censorship laws in Australia.

Senator Stephen Conroy (Minister for Broadband, Communications and the Digital Economy) recently announced the introduction of mandatory Internet Service Provider (ISP) level filtering of Refused Classification (RC)-rated content as well as grants to encourage ISPs to filter wider categories of content. This would require the implementation of complicated, expensive and unreliable, yet trivially circumvented filtering technology at the cost of the taxpayer and Internet user, despite a strong message having been sent that this is both unwanted and unwarranted. Reader polls conducted by the Sydney Morning Herald and The Age newspaper showed a staggering 95% of some 25,000 readers reject the federal government's plans to censor the Internet in Australia, on the basis that it impinges on their freedom. "There are better and safer ways to tackle the problem, such as educating parents, teachers and children, offering customisable filtering as a value-added option and improving law enforcement (including cooperation with other countries)" said Sam Johnston, Australian Online Solutions' Founder & CTO.

The full frontal assault on civil liberties aside, Australian Online Solutions has also raised some serious technical concerns about the program. "At a time when individuals and businesses are looking to shed expensive legacy systems in favour of cheap, scalable Internet based services, any action which can only impair performance and reliability while threatening to strangle Australia's connectivity with the outside world calls for extensive justification", said Johnston. "Cloud computing, which delivers computing services over the Internet on a utility basis - like electricity - gives its' users a significant advantage over competitors. However web-based applications such as Facebook, Gmail, Hotmail and Twitter are extremely sensitive to bandwidth and latency constraints introduced by censorship technology", added Johnston. "The proposed law threatens to exclude Australia from this large and growing industry altogether, both as provider and consumer, at a time when it could emerge as a market leader. Would you buy an Internet-based service from China or Iran, or even use one if you were based there?". Analysts Merrill Lynch and Gartner estimate the cloud computing market to reach $175 billion in the coming years.

Trials commissioned by Senator Conroy and conducted by "highly reputable and independent testing company" Enex Testlab were also called into question, on both technical and conflict of interest bases. Enex Testlab, a supplier of "independent" evaluation, purchasing advice and product review services, boasts a corporate client list with over a dozen vendors of filtering technology including Content Keeper Technologies, Content Watch and Internet Sheriff Technology (accounting for around one quarter of all clients listed) and offers formal certification for content filters. As such it is believed they have strong motivation to avoid releasing a report directly or indirectly critical of their clients' offerings.

Furthermore, the scope of the testing was artificially constrained, criticial controls (such as connection consistency) were missing and success criteria were poorly defined or non- existent from the outset, in a trial that appears to be a manufactured success. Nonetheless unflattering results which highlighted serious deficiencies in the proposal were disingenuously touted by Senator Conroy as showing "100 percent accuracy" with "negligible impact on internet speed".

Other problems with the fatally flawed and heavily criticised report include include:

• Proof that "a technically competent user could circumvent the filtering technology" while "circumvention prevention measures can result in greater degradation of internet performance".
• Admission that all filters were "not effective in the case of non-web based protocols such as instant messaging, peer-to-peer or chat rooms".
• False positive rates (over-blocking of legitimate/innocuous content) of up to 3.4% (over 5.1 billion pages per Internet Archive estimates) with failure rates as high as 2% (3 billion pages) considered "low".
• False negative rates (passing of inappropriate content) exceeding 20% (over 30 billion pages) with failure rates as high as 30% considered "reasonable by industry standards" (45 billion pages).
• Admission that 100% accuracy is "unlikely to be achieved" and that the false positive rate increases with sensitivity, with no attempt to scientifically determine acceptable failure rates.
• Faults being perceptible to end users, with some customers reporting "over-blocking and/or under-blocking of content during the pilot" while considering "mechanisms for self-management" and "improved visibility of the filter in action" to be "important".
• Unjustified assumptions including that "performance impact is minimal if between 10 and 20 percent", while at least one system "displayed a noticeable performance impact". Some customers "believe they experienced some speed degradation".
• Admission of "uncontrollable variables", including ones that could result in "40 percent performance degradation over theoretical maximum line-rate, or more in some cases", even at speeds less than 1/12 that of the proposed National Broadband Network (NBN).
• Admission that reliable recognition of IP addresses to be filtered is unreliable (indeed often impossible), particularly for large-scale websites that use load balancing (e.g. most cloud computing solutions).
• Results that were "irregular/incorrect" and "highly anomalous with reasonable expectations" (such as physically impossible improvements in performance when transferring encrypted, random payloads).
• Complete absence of quantitative cost analysis (e.g. what financial load will be borne by both the taxpayer and Internet subscriber, both up front and on an ongoing basis), as well as any secondary costs such as decreased efficiency.
• Overall results indicating that 1 in 5 customers' needs were not met, with 1 in 3 opting out of continued use of the filtered service.

In addition to contacting local representatives, Australian Online Solutions encourages concerned individuals and businesses to join and support organisations including Electronic Frontiers Australia (EFA), GetUp and The Pirate Party Australia. The immediate availability of a limited number of sponsorships for founding members of The Pirate Party Australia is also announced for those who want to get involved but, for whatever reason, cannot afford the membership fees in this difficult economic environment. To take advantage of this opportunity please contact membership@pirateparty.org.au with a brief explanation of your situation.

"Anyone who cares about their future and that of their children and grandchildren should take action now", said Johnston, who applied to both The Pirate Party Australia and Electronic Frontiers Australia (EFA) in response to Senator Conroy's announcement. "The government's gift to us this Christmas was draconian censorship, so let's return the favour in helping The Pirate Party Australia attain official status by acquiring 500 exclusive members".

###

About Australian Online Solutions Pty Ltd

Australian Online Solutions is a boutique consultancy that specialises in cloud computing solutions for large enterprise, government and education clients throughout Australia, Europe and the USA. Founded in 1998, Australian Online Solutions has over a decade of experience delivering next generation Internet-based systems and is a pioneer in the cloud computing space, whereby technology previously delivered as hardware and software products are delivered as services over the Internet. Cloud computing is Internet ('cloud') based development and use of computer technology ('computing'). For more information refer to http://www.aos.net.au/

About The Pirate Party Australia

The Pirate Party Australia (http://www.pirateparty.org.au/) is a political party with a serious platform of intellectual property law reform and protection of privacy rights and freedom of speech. The Pirate Party Australia aims to protect civil liberties and promote culture and innovation, primarily through:

• Decriminalisation of non-commercial copyright infringement
• Protection of freedom of speech rights
• Protection of privacy rights
• Opposition to internet censorship
• Support for an R18+ rating for games
• Reforming the life + 70 years copyright length
• Providing parents with the tools to run their own families.

About Electronic Fronteirs Australia (EFA)

Electronic Frontiers Australia (EFA) is a non-profit national organisation representing Internet users concerned with on-line freedoms and rights. The EFA is the organisation responsible for the "No Clean Feed" (http://nocleanfeed.com/) grassroots movement to stop Internet censorship in Australia. They are also dealing with related issues such as the Anti- Counterfeiting Trade Agreement (ACTA) and censorship of computer games. Individual memberships start at $27.50 and organisational memberships are available. For more information refer to http://www.efa.org.au/

About GetUp

GetUp is an independent, grass-roots community advocacy organisation that is actively tackling this and other pertinent issues including climate change. For more information about how to get involved refer to http://www.getup.org.au/

About Sam Johnston

Sam Johnston, Australian Online Solutions' Founder and CTO, is a prominent blogger on cloud computing, security and open source topics. He maintains a blog at http://samj.net/

Press Contact:

Sam Johnston <sam.johnston@aos.net.au> +61 2 8898 9090 (pager)

Australian Online Solutions Pty Ltd

http://www.aos.net.au/

For the latest version of this release please refer to http://tinyurl.com/cloudcensor

A word on the Australian Internet censorship scandal

I've had a quick scan over Senator Stephen Conroy's infamous, long-awaited report on the efficacy of current Internet filtering technology and find it to be nothing short of scandalous. Without getting into the nitty gritty details (for example, how a filtering solution can achieve the impossible by improving rather than degrading the performance of encrypted, random transfers), it reads like it's a whitepaper for one of the various purveyors of censorship technology.

The cynic in me insisted I take a quick look at who these Enex Pty Ltd jabbers are anyway - who knows, they could be an industry lobby group for all we know. Sure enough, a quick look at their corporate client list reveals (based on some quick Google searching) over a dozen companies who make a living selling commercial censorship technology:

• Anthology Solutions
• Content Keeper Technologies
• Content Watch
• F-Secure Corporation
• Internet Sheriff Technology
• Manaccom
• MessageLabs
• NetBox Blue
• Netgear
• Netsweeper
• PC Tools Software
• Raritan (?)
• Secure Computing Corporation (McAfee)
• Symantec
• Trend Micro

To put things in perspective, this represents around a quarter of their published client list, and that's not including half a dozen or so service providers that could arguably be thrown in with this bunch. Who in their right mind would risk upsetting one in four of their paying customers by writing a report critical of their products? And does anyone really believe that these vendors resisted the urge to apply pressure? Or that there were not personal relationships involved? I don't, not for a second. In my opinion this report was rigged from the outset to succeed, and in doing so deprive Australians of essential civil liberties.

The report itself is fatally flawed; the error margins are significant (e.g. "a conservative
+/-10 percent"), critical controls were missing (e.g. "as much as 40 percent of an internet service performance could be lost [due to factors outside of our control]"), outrageous assumptions were used (e.g. "performance impact is considered minimal if between 10 and 20 percent") and perhaps most importantly of all, it's creator has an obvious conflict of interest. I don't consider it to be worth the paper it's [not] printed on.

Another deeply concerning development is government grants that would encourage ISPs to go beyond the mandatory filters, despite all censorship systems tested reporting 2.5-3.5% false positive rates (that is, where innocuous/legitimate content is filtered). To put that in perspective, the best part of a billion legitimate pages would be improperly filtered (according to Wikipedia stats), or around 1 page in 30.

Speaking of Wikipedia, many of the systems are hybrid which means that hosts known to be clean would be ignored by IP (which is much more efficient). If, however, even a single page were problematic then the entire site (and all others sharing its' IPs) would be forced through a filtering proxy. This would affect some of the most popular sites on the Internet (such as Wikipedia and YouTube), not to mention other increasingly useful services like WikiLeaks (no doubt silencing such services is seen as a fringe benefit to our self-appointed censors). Need I remind you that similar filters in Britain caused severe problems for Wikipedia over a single CD cover only last year.

Another consideration that has not been covered anywhere near enough is the performance impact on cloud computing services. Web interfaces like Facebook, Twitter and Gmail are extremely sensitive to latency introduced by proxies and raw computing services like Amazon's S3 are sensitive to bandwidth limitations. Then you have the problem of platforms like Google App Engine, Google Sites & Microsoft Web Office which are both difficult to identify (they have many IPs which are not disclosed and difficult if not impossible to enumerate) and which host content for a massive number of customers. If even one person shares a document deemed obnoxious to their sensibilities then the performance will be reduced to unacceptable levels for everyone until it is removed (and then some).

It is my contention that censorship is completely incompatible with cloud computing, and that this alone is reason enough to scuttle it. In the mean time Electronic Frontiers Australia (EFA) has just landed themselves a new life member and I encourage anyone who cares about their future and that of their children to join as well (my friends in the USA may want to take a look at the EFF and Europeans the FFII).

Thanks to Gizmodo Australia for the image above, used without permission but with thanks. No thanks to Gizmodo for breaking the link.