Thursday, July 7, 2011

UPD (Usual Post Delay)

People maintaining a blog usually end up in periods of silence. Sorry for that...
I've been pretty busy. Working a lot on several projects (and still doing) one academic, one personal. I'm sure to get off the hook in a while or get rid of something. I usually have the bad habit to take more than I can handle.
Btw I will present my new personal project as soon as possible. We are still into deep development. The only thing I can say is that, of course, it's cool!

What happened in the meantime?
... let me think... oh right! Len Sassaman died :(
I also broke up with my girlfriend, wear braces and canceled my summer holiday.
Pretty shitty, you might think... and how you could be wrong. But, actually, I feel good since I am busy and with future plans set.

Sunday, May 15, 2011

Virtualization and guest security: VMWare and Trend Micro "solution"

After taking part (as a guest) at the VMWare Forum 2011 in Brussel here is a tiny recap.
Virtualization technology is leading to brand new products and companies are collaborating to enjoy this new business although they don't come always with novel ideas.
VMware, as a leader in virtualization marke, usually organize conferences to present their products in order to "spread the verb" to business men who are very likely unaware of virtualization technology and maybe need nice words to be fascinated.
Around VMware old and new companies are eating another piece of the same cake. Thus collaborations with companies who produced standalone software to integrate, for instance in Microsoft Windows, are rising on a regular basis.
Basically, VMware makes a hypervisor, not minimal at all. It's actually a huge software beast which runs on capable machines in order to "virtualize" Windows guest operating systems.
VMware is enjoying business partners like Microsoft, as the main provider of their guest OS, Mitel for VOIP telephony, EMC2 for data storage, TrendMicro and Symantec for security.
Virtualization is coming up in several flavours and with several functionalities. While people are amazed by live migration - virtual machines can be migrated on the fly from one cloud to another in a fully transparent fashion - very few people are considering the security issues which might arise from this apparently simple operation.
Still about security Trend Micro and Symantec, well known antivirus producers in the era of standalone operating systems, are cooperating with VMware to guarantee the same degree of security by implementing their antivirus technology within the hypervisor.
One important feature of hypervisor technology is the strong isolation guaranteed by the hardware (provided correctness of the hypervisor code) among virtual machines and between each virtual machine and the hypervisor itself. Integrating a monitor or antivirus within the hypervisor is considered smart because the code that detects/protects the target system is isolated and cannot be compromised if the target system is attacked by, let's say, a rootkit.
When rootkits attack kernels the overall system is compromised. Moreover malicious code is executed with the highest privilege and (if that happens!) the best thing to do is to switch off the machine and destroy it. Alright don't do that. We can fix it. But what I am trying to say is that the damage might be insanely high.
The "novel" idea by Trend micro is basically a module which implements monitor functionality to be connected to the ESX hypervisor. Unfortunately, the guest must run a device driver, released by VMware and Microsoft (yes this stuff exists only for Microsoft guests), to send to the hypervisor all memory region addresses to protect. Is there someone who has a doubt about the design failure?
Well, if a rootkit can successfully compromise the guest kernel, it may compromise the driver too and communicate to the hypervisor  something like "hey buddy we're good here", and the module in ESX would simply be bypassed.
Implementing a monitor in an isolated system is smart. But leaving half of the protection system within the target system is a design flaw which avoids any benefit because it becomes part of the attack surface.
I have the impression that a traditional protection system is being implemented with the aim of new technology which doesn't seem to be compatible at all. Probably, my conclusion has no impact in the business world where the fact that a guest operating system might be compromised by a malicious device driver is not a big deal. "Their" assumption is based on the fact that installing an unsigned driver or a third party one will never happen. Thus, no worries. Does this really happen?
Beside this little security issue all the rest was great (starting with breakfast and lunch). People like graphs and despite virtualization, virtual cpus, virtual memory and virtual devices, people want to see pie and bar charts with their virtual things in action, just as they want to see where the bucks are.
VMware rocks in that. They provide a great GUI.

Tuesday, April 26, 2011

Mobile Virtualization

For all those skeptics who actually didn't believe me saying this years ago. There we go! Virtualization for mobile phones.
VMware is actually working on that direction and providing a concept of virtualized Android phones.
Imagine a scenario like this: a business man or just an employee at SuperCool Inc. has a mobile phone for communicating with his collegues. When he's off he wants to switch off the bloody phone too. Well well, in a click he could just switch to another operating system and keep the same device.
The coolest thing of virtualization is hardware supported isolation. This means that two operating systems can just live on the same physical phone.
I am just facing a probable issue when an employee gets a call on his "business" virtual phone when he already switched to the "personal" virtual phone.
I guess the hypervisor below could forward the call to the currently active phone with the same mechanism implemented to let two virtual machines exchange data without passing through the network stack (by using a kind of shared memory).
Another interesting idea I have in mind might solve the double-sim card problem. I suggest to keep the same number for business and personal usage. The hypervisor could just stay active and forward calls directly to the "personal" virtual phone (if requested) when the business number is switched off. A lot more policies can be thought by the way.
I am very confident that virtualization technology is mature enough to explore the mobile world, right now!

Check this out folks! Mobile virtualization... "how many operating systems do you have on your phone? This might be the future.

They say.

Saturday, April 23, 2011

why facebook sucks, and I am using it

ok here i am writing about facebook (again)
Everybody knows (at least 640 million jerks around the world using it at time of writing) what facebook is. they call it social network. But actually it is a sneaky way to collect information without exagerating with paranoid behaviour.
Mark Zuckerberg (who coded the facebook on the internet) is not a genius. actually he's known to be a lame student without a life who didn't even "invent" the facebook.  He's more a thief than a genius, later supported by investors who saw in facebook a powerful idea for the market. They then protected him. Of course they didn't do that because of the poor Mark. But just to protect their business. ok stop with obvious. you need to read something cool.
The thing is that as a computer scientist (wait what?) I totally agree with the fact that facebook is not a technology carrier. There's nothing technologically amazing in a Javascript/HTML web page served by a PHP/Mysql server.
From a social point of view it is strong, indeed. As i wrote in a previous post facebook is the mirror of modern society. I mean, everybody wants to see what others are doing. When the others are her friends, bingo! This is the social dilemma: "am i interested in what my friends are doing, what do they think about something, where are they going next week?" And the answer is yes! If you add their relationship status, political and religious view, photos and messages etcetera etcetera, it's over. They just created what they needed to survive indefinitely.
I am always scared with things that last indefinitely. I am also scared when users become product. There's a kind of conflict of interests in this. But it seems that nobody cares and, you know, the junkie is drug addicted and doesn't care that much that he's going to die soon. He doesn't see it as a problem.
Facebook stores all your data and God knows what they will do with that. Google does that too. But at least it's not that sneaky, plus it provides a service which, you like it or not, is useful. I don't think that knowing the religious belief or the political view of a member on facebook is a positive thing.

An interesting post gives an analysis of the privacy policy used at facebook from 2005 to 2010. Basically they are giving the user much less control on his own information in order to allow their advertising and business partners to get, consult and use more and more information about users. How they use this information? If you were a computer engineer you would know how powerful this is and the amount of things you could do.
Market analysis, becomes a lot easier when you can access the database of 500+ million users talking about almost everything. Data mining is the regular tool they use to inspect data and extract non trivial information and sell it to other companies (apparently very interested).

Moreover social networks are sad. And the "inventor", who didn't invent it, is sad too. He really thinks that facebook is making a better world. Or maybe he's just playing his role to make investors happy of their new toy.
If they really care about communication...why they don't just keep users' data encrypted on their servers?

Friday, April 22, 2011

Are we making it good?

I don't consider myself a pioneer of Information Technology. But I used the Internet the first time in 1993. Damn! I am really old, am I? Well, at that time everything was just new, and slow, and a lot of things didn't even exist, as you may know.
Basically, they were building the Internet. They were inventing new ways to allow people to communicate with each other. New solutions at the very low level were studied in order to keep the bottleneck "of the network" as much low as possible. At a first sight, and maybe deeper, those studies look lot more genuine than current ones.
This new generation is used to consider the Internet as part of their life. They don't care about multitasking, TCP headers, protocols or even bits. Because they were born when all these things already existed and worked greatly.
What is the contribute of the new generations to the IT world? Facebook? Twitter? Friendster? Myspace? I can go on indefinitely... and you know that.
I have the impression to have so much technology availability and we have to justify this somehow. We have so many Giga and Tera available we have to use. This justifies the growth of web services like the ones above, at least from a technological point of view. They couldn't have even thought before because there were no resources. But now resources are cheap and they'll get cheaper and cheaper. Does this mean that a lot many silly services will be created?
We don't have to forget that next to the technological impact there's always a social one. There are millions (no joke!) of tweets out there where people claim they "just woke up" and some other millions that "today it is sunny".
Justifying the excess of technology with such things is cruel and crazy at the same time. I feel raped as a computer scientist. But first as a rational human being.

Wednesday, April 20, 2011

The dilemma of academic research

Since I was a child I got to know that research is or should have been a way to improve something, create something new and make others' life better. A cooperation is very much welcome and in some cases it is the very first requirement.
Things get more and more complex and a researcher working hard in the lab can do a lot less than a team of researchers who could share ideas and results all over the planet. This is a fact.
Another fact is that publications should be available to the community. But in practice there are researchers who think that their work is more valuable if printed on hard paper. Or maybe editors think this since they have to keep the interest of their customers.
So also in the academic world it seems that the producer-consumer relationship is making things harder then it should be. It seems (to me of course) that the academia doesn't want to speak Internettish.
Otherwise we wouldn't have had all those paid databases only capable (and I would add rich) Universities  can access.
Last but not least if I could have downloaded a stupid paper and realize that what I was working on *already* existed I would have spent the last month of my life doing something better!!

Tuesday, April 19, 2011

Google is not awesome anymore

Yes indeed. I think (and the stock market too) that Google is going down. At least it is standing, which is like a loss for a company who keeps people from the balls and has access to such an amount of information.
Who's fault is this? No clue. Probably the social network effect which is taking all it can (maybe also ads), more importantly users. I am not saying that a user who wastes his time with a social network do not use google anymore but... something is happening.
I also think that Google is in a sleepy mood. No cool projects, no cool news nor campaigns. Ok, you can't be awesome anytime. You need to be DOWN for a while in order to experience an UP later. That's the rule.