random memes }

Cloud is Fierce

Presented to a military customer. After, a co-worker observed that military/government folk did not understand references to cloud and security. Offer the following for clarity.

Clouds are Fierce

A cloud-datacenter is the high-ground on the Internet. A cloud-datacenter is thousands of computers, terabytes of network, and exabytes of storage. Gain control of a cloud-datacenter, and you command huge resource in network, compute, and data.

You will not get in.

Cloud-datacenters are under attack, 24-hours a day, 365 days a year. Attackers range from millions of script-kiddies, to thousands of highly skilled hackers sponsored by nation-states. The big cloud providers hire the best cyber-security folk on the planet - as there is no other option. (We can tell this from research papers and security conference presentations.)

With the rise of Internet over the past thirty years, mistakes were made, and much was learned from those mistakes. The very best cyber-security folk are very keen on not repeating mistakes.

The most battle-hardened cyber-security folk on the planet run cloud data-centers.

Government was the problem

The fundamental research papers underlying modern cyber-security were written by the early 1980s. We have in theory known how to do proper cyber-security for over forty years, but government stood in our way.

In the early decades, Cold War regulations gave the National Security Agency (NSA) much power over the use of encryption. This somewhat made pragmatic sense in the 1940s, 50s, 60s and 70s (but was always somewhat at odds with the principles of the United States Constitution). The Cold War era International Traffic in Arms Regulations (ITARs) treated encryption like nuclear bomb parts.

In the mid-1980s, I read up on network security, made the required calls, and got a surprise visit from three pleasant (then) young folk from the NSA. They agreed that my planned use of encryption was entirely proper.

Net effect of NSA policy was to slow adoption of proper cyber-security defense. Old folk at NSA wanted to preserve their offensive capability.

That required weakening our cyber-defense. In present, that means our present national security is less, as for decades we were prevented from adopting proper cyber-security. So the NSA has in past action much-weakened our present security.

Renting in the Cloud

Moving your applications and data into the cloud, is like renting a house. This cloud-house comes with all the latest security-features. (As a reminder, the cloud-folk are very serious about security.) This house is surrounded by high fence, with video cameras all around. The doors and windows are reinforced and alarmed.

But if you leave the key under the front mat, all of this is for naught.

About half the articles in the popular press, once you dig past the fluff, are exploits possible only as the key was under the mat.

Note that gaining access to this cloud-house gets you exactly nothing else. The street leads out to the Internet, but you have no access at all to the surrounding houses, or to the underlying cloud infrastructure. Extreme measures engineered into the cloud infrastructure ensure security.

Network topology in a cloud is complex. Decades of research and development have made software-defined networking tough and performant. This means you cannot see your cloud-neighbors on the network.

Even further, modern server CPUs are capable of applying strong encryption at astonishing rates to data stored in computer memory. This means that even if you got access to your cloud-neighbor's data (which you cannot), even then you would be unable to read the encrypted contents.

These cloud-folk are fierce about security.

The best Cyber-Security folk are massively proactive

The other half of articles in the popular press are exploits that have no practical use. Yes, you read that right. The best cyber-security folk are very serious about eliminating even theoretical threats.

Read past the popular-press fluff, and often you find that the Sun might die of old-age before a newly-discovered exploit is of practical use. This is entirely proper. On the outside-chance of better future exploits, the cyber-security community wants to eliminate even threats that in present are wildy impractical.

Again, these folk are fierce.

Cloud datacenters drive technology

In the present, cloud datacenters and cell phones are the main drivers of computing technology. Dense and power-efficient compute are driven by cell phones (on the low end) and datacenters (on the high end).

Precise World Time

One remarkable technology from the datacenter becoming generally available is Ethernet-hardware based time synchronization. Where older Ethernet hardware designs may lack support, as we move to past 1Gbps Ethernet, support for PTP (IEEE 1588 - Precision Time Protocol) becomes more common.

If your hardware reports the capability, then with a bit of tuning you can synchronize a group of computers within a few nanoseconds (or better).

$ sudo ethtool -T enp8s0
Time stamping parameters for enp8s0:
Capabilities:
	hardware-transmit     (SOF_TIMESTAMPING_TX_HARDWARE)
	software-transmit     (SOF_TIMESTAMPING_TX_SOFTWARE)
	hardware-receive      (SOF_TIMESTAMPING_RX_HARDWARE)
	software-receive      (SOF_TIMESTAMPING_RX_SOFTWARE)
	software-system-clock (SOF_TIMESTAMPING_SOFTWARE)
	hardware-raw-clock    (SOF_TIMESTAMPING_RAW_HARDWARE)
PTP Hardware Clock: 0
Hardware Transmit Timestamp Modes:
	off                   (HWTSTAMP_TX_OFF)
	on                    (HWTSTAMP_TX_ON)
Hardware Receive Filter Modes:
	none                  (HWTSTAMP_FILTER_NONE)
	all                   (HWTSTAMP_FILTER_ALL)

If you happen to have an atomic clock, or access to GPS time, then with PTP you can synchronize an the entire group to within a few nanoseconds of world time.

Back in the 1990s, it was pretty amazing when with the Network Time Protocol (NTP) we could synchronize computers all over the world to within a few seconds (and often over dial-up modems). In the present, we can synchronize within nanoseconds. (Heck, it is hard to build hardware that well synchronized.)

Wide hardware support for PTP was driven primarily by the needs of large data-centers.

If you are looking for advances in computing technology, look at the clouds.

"no bull" - also a cloud