Tag Archives: Cloud systems

November 30, 2023 · 23:47

Do two clouds make a weather system?

That is what I considered whilst contemplating a few things. It all started with the article (at https://www.consultancy-me.com/news/7298/new-google-cloud-region-in-ksa-could-add-109-billion-to-economy) where we see ‘New Google Cloud region in KSA could add $109 billion to economy’ there we are given “Google Cloud has announced the launch of a a new cloud region in Dammam, which could contribute around $109 billion to the country’s GDP by 2030. The expansion will extend Google Cloud’s high-performance, low-latency services to a wide range of customers in Saudi Arabia and the wider Middle East”. As I personally see it, if they still had the Google Stadia (with a qualifying question) their revenue could have been almost 20% higher. It starts with around 5% in phase one with a growth to 20% in under two years. So when we are given “Another 36% of the expected activity will be in manufacturing and 3% in the public sector.” But I saw further then that. With Bangladesh and Indonesia in the setting of a much larger growth factor the oversetting of more revenue is not the first step, but it would also result in a new setting of advertising in new areas and new directions. All things they left on the floor for at least two years.

Yet this is not the larger setting, that is given to us with the second article. We see this (at https://aws.amazon.com/local/middle_east/) where we are given “We are excited to announce the new AWS Middle East (UAE) Region is now open! The AWS Middle East (UAE) Region consists of three Availability Zones and is our second region in the Middle East, joining the AWS Middle East (Bahrain) Region, giving customers more choice and flexibility to leverage advanced technologies from the world’s leading cloud provider.” The larger setting is the question if they are going for the same mineshaft, or are they working together? You see, Amazon still has the Luna and as such (still with the qualifying question) they do have the edge on 5 billion leading to 20-30 billion. I cannot be more precise because there are too many factors in play and there is a factor that players like Microsoft ignore and it has cost them massively. Amazon has the edge, but the part of customer acceptance is more difficult then some make it out. I tend to minimise that I pact or go for the smallest iteration and see how far I can take it and  grow from there, as such the 5 billion was stage one. It could be more, but I lack data for that presumption and I do not like to go on a speculative side in this. I feel certain my solution works and now we see with the KSA cloud that only one factor is missing and in all these settings Google and Amazon both missed these billions. Funny isn’t it?

But the two sides do give rise to a few connected things and as I saw my augmented reality implementations there could even be more revenue on the horizon. All sides missed by the two biggest tech companies on the planet and Microsoft was in the wind, they were clueless. You see now why I predicted their downfall? A company that big and they had no idea what they were missing, that is why I do not want them near my IP. I had hoped for the Kingdom Holdings to accept the offer, but they didn’t. The reason why is not important. Now the question becomes will Google adjust their decisions? Will Amazon consider they additional revenue? They are both mere steps away from completion (Google needs one more step). 

But that is merely my point of view. Enjoy the day.

Leave a comment

Filed under Finance, IT, Science

Tagged as , , , , , , , , , , ,

August 30, 2023 · 07:35

A simpleminded A, B, C

It started yesterday when I saw a message pass by on LinkedIn. (See below). 

The honest first thing I thought was ‘Are you effing kidding me?’ It was like an episode of comedy capers. I thought that this level of shortsightedness was a thing of the past, but it seems to me that people will get themselves into heaps of troubles for the longest of times. And what was that term “endless digital potential?” A call to arms for the stupid people? 

So here I am educating the wannabes and the short of cash people, because it is essential. An API is an Application Programming Interface. It is a set of definitions and protocols for integrating application software, or to ‘simplify’ this “a software intermediary that allows two applications to talk to each other.” It is a way for others to talk to your software or data. It allows access. To give another reference. You are about to connect an anchor to your boat. But there are Danforth anchors, plow anchors, fluke anchors and several others. It depends on the size of the boat and WHERE you tend to park that dinghy, that largely decides what kind of anchor you need, not what is the prettiest anchor, that tends to be a factor in losing your boat. 

To put it in a better way “digital potential” will be seen when you connect YOUR data to anyone else’s data. Did you consider that? You see this blinders approach to information is nice and those with dollar shaped pupils take notice and want to race to that digital potential, yet the reality is something less nice. It is the chapter of risk.

RISK
Risk is the number one consideration, there is no other. Is it worth doing ‘approach A’ to get to the finish of revenue? 

Bad coding
This is perhaps the largest foe. Right off the bat, if you start off with the premise of bad coding, you are exposing yourself to serious API security risks and that is an issue. But fear not this person thought of that. We are given “That’s why we designed IBSuite as API First!” Yes, really? Security risks are still a massive danger. Unrestricted access to sensitive business flows is the stuff nightmares are made of and a security risk will bring that to your front door. 

Inadequate validation
A security researcher discovered an API payload that would send invalid data to their own user process, which would repeatedly fail to be handled correctly. This error handling loop prevented further access to their user account. This is perhaps the smallest issue, the problem is that failure to handle something correctly implies that something goes somewhere else. Do you know where that somewhere else is? Consider that your former colleagues spend decades optimising the data you have now, would you like others to enjoy that hard work, or keep that in house? 

Hesitating over API utilisation
Some state that in big companies, sometimes management can neglect to track APIs and their utilisation numbers. From this point, you can incur many charges and leave yourself open to security risks due to exposed APIs. So not only are you in danger to hand over your data, you can get charged for it too. Utilisation of data and greed in one nice compact solution, who would have thought it possible? 

Accountability
This does sound like the odd duck out, but in reality it often connects to data loss, Since API’s connect external users and applications with a firm’s internal applications, they are potential paths to a firm’s data. If access to these paths is not controlled, data can reach the wrong hands – and can be stolen, modified, or even irretrievably deleted. So data could get copied and then deleted, to make sure it does not hinder YOUR storage. I wonder if they will charge you to hand the data back? Just a thought.

Risks of XML
I admit, this is the hardest one for me. It is not always easy to put your finger on XML, its usage is too widespread, in the 90’s it was never an issue, more of a fab for some. Yet, 3rd party APIs could be compromised and leveraged to attack other API services. Attacks such as SQL injection, XML External Entity injection, and more, should be considered when handling data from other APIs. This part tends to be tedious but essential. It is time consuming ground work, but it must be done. 

APl incompetence
This is harder for me, I have a massive lack of knowledge here, it is specific niche knowledge that the experts have, yet it amounts to the ability to have a fault-tolerant system. Consider that in the 90’s there was accounting software. If I used a specific expression, the program would crash. No biggie you would think, but at that point I ended being in THAT system, now completely open with supervisor privileges. I had access to the entire mainframe with access to everything. This was a specific setting that was solved 3 weeks later. But what happened when it was not found? Consider that your system is open to anyone that employs such a solution and they get access to everything including the porn pics of your wife and your data. I am willing to bet that option one was a lot more upsetting to you, weird that.

Lack of security
You would think that this is covered, but it is not. Akamai (a US cybersecurity firm) reported “Of note, fewer than 50% of respondents have API security testing tools in place. Even fewer have deployed API discovery tools. Although the survey results suggest enterprises recognise the security risks of widespread API usage, there is no clear consensus on where to prioritise investments”, this matters. Security should be everything when it is about your house and your data. 

This is all mere top-line header consideration. So consider the intro I reacted to and the lack of risks that it shows. So how much risk are you willing to take with your house and your data? If I was inclined to be that short sighted in promoting ‘digital potential’ I would have gone with “APIs are not required, but if you consider and adhere to the risks in a proper way, they are the safest way to connect and explore digital potential. Any eco-system has risks, which is why we designed IBSuite to be a safety first option in exploring the digital oceans for revenue you cannot see now, but to get there in a digitally safe way, one that keeps your data YOURS.” Is it as good? Perhaps not, but it instills value that you as a customer and the data YOU have is used for safe navigation and that matters.

This was a functional boat once, they chose the wrong anchor and in the wrong place that cost them their livelihood. What will you do? Look deeper, look better, look elsewhere? All good questions and it all started by understanding the risks of an API because everything has a risk, not looking at it implies you are taking too many risks with something you can only lose once. 

1 Comment

Filed under Finance, IT, Science

Tagged as , , , , , ,

March 30, 2021 · 22:39

An almost funny thing

I saw an article at the BBC and I will get to that in a moment, but it reminded me of a situation that happened in 2010. I needed a new laptop and I was looking in a shop at their Collection of laptops. A man came to me and was trying to convince me just how amazing this laptop was. My inner demon was grinning, I get it, the man was enthusiastic, he was giving the numbers, but in all this, did he realise what he was saying? I am not doubting the man’s skills, he was doing a good job, I was however in IT and had been there for 30 years, so I have pretty much seen it all, and there it was, my little demon, on my right shoulder calling me ‘pussy’. So as the man stated ‘this laptop has a one terabyte hard-drive, can you even imagine ho much that is?’, I could not resist and my response was ‘Yup, that would fit roughly 10% of my porn collection’, his jaw dropped to the ground, his eyes almost popped, the demon inside me stated ‘Nice!’ Actually, it was not quite true, it would only fit a rough 0.32114%. It was the impact of the shock factor. You see, there is a hidden agenda there, when you (appropriately) use the technique, you get to see the real salesperson and that was what I needed. He was thrown, but he recomposed and continued giving me the goods on the laptop, I bought that laptop roughly 132 seconds later.

So today I saw ‘The Rise of extortionware’ (at https://www.bbc.com/news/technology-56570862), here I notice “where hackers embarrass victims into paying a ransom”, it is not new, it is not even novel. I will also give you the second game after the people involved get arrested, they will demand anonymity and any bleeding heart judge will comply. I state that these people will be handed the limelight so that the people that faced ransomware attacks can take their frustration out of these people. But that remains wishful thinking. So next we get “Experts say the trend towards ransoming sensitive private information could affect companies not just operationally but through reputation damage. It comes as hackers bragged after discovering an IT Director’s secret porn collection.” I have the question was it a private or a company computer? You see, sone focus on the boobies, just what the advertisers on Twitter hope for, they want the click bitches, it makes them money. It is time that we set the larger stage, you see the entire mess would be smaller if Cisco and Microsoft had done a proper job. OK, I apologise, Cisco does a proper job, but some things slip through and in combination with Microsoft exchange servers it is not slipping through, it is a cyber hole the size an iceberg created on the Titanic and we need to set a much larger stage. So when we see “Thanks God for [named IT Director]. While he was [masturbating] we downloaded several hundred gigabytes of private information about his company’s customers. God bless his hairy palms, Amen!”, it seemingly answers that he might keep it on a corporate computer, or he uses his private computer for company stuff. Yet in that same light the hacker should not be allowed any anonymity, we all get to see who the hacker is. If there is something to be learned it is see with “Hackers are now actually searching the data for information that can be weaponised. If they find anything that is incriminating or embarrassing, they’ll use it to leverage a larger pay-out. These incidents are no longer simply cyber-attacks about data, they are full-out extortion attempts” There are two sides

  1. The station of ALWAYS ONLINE needs to change, there needs to be an evolving gateway of anti hack procedures and a stage of evolving anti hack routers and monitoring software. You think that Zoom is an option?
    Tom’s Guide gave us less than 2 weeks ago “More than a dozen security and privacy problems have been found in Zoom”, as well as “Zoom’s ease of use has made it easy for troublemakers to “bomb” open Zoom meetings. Information-security professionals say Zoom’s security has had a lot of holes, although most have been fixed over the past few year”, so whilst you contemplate ‘most have been fixed’, consider that not all are fixed and that is where the problem goes from somewhat to enormous. Well over 20% of the workforce works at home, has zoom meetings and that is how cyber criminals get the upper hand (as well as through disgruntled employees), a change in mindset is only a first station.
  2. Remember that Australian? (Julian Assange) We were told that soon there would be some leaks on issues on banks (Wall Street) then it suddenly became silent, now some will say that it is a bluff, but in light of the meltdown in 2008, I am not so certain, I reckon that some have ways to show the hackers who they are and they profit by not doing that. Can I prove this? Absolutely not. It is speculation, but when you look at the timeline, my speculation makes sense. 
  3. The third side is optionally the second side as the second side might not be a real side. When we see “Hackers are now actually searching the data for information that can be weaponised. If they find anything that is incriminating or embarrassing, they’ll use it to leverage a larger pay-out. These incidents are no longer simply cyber-attacks about data, they are full-out extortion attempts”, the underlying station is ‘information that can be weaponised’ and the IT sector is helping them.

How did I get there? The cloud is not as secure as some state, and the salespeople need to take notice. Business Insider gave us about 6 months ago “70% of Companies Storing Data With Cloud Companies Hacked or Breached”, see the link we are now slowly getting presented? 

In the OSI model, we see layers 3-7 (layer 8 is the user). So as some have seen the issues from Cisco, Microsoft and optionally Zoom, we see a link of issues from layer 3 through to layer 7 ALL setting a dangerous stage. Individually there is no real blame and their lawyers will happily confirm that, but when we see security flaw upon security flaw, there is a larger stage of dangers and we need to take notice. And here the dangers become a lot more interesting when we consider the Guardian yesterday when we saw “Intelligence value of SolarWinds hacking of then acting secretary Chad Wolf is not publicly known”, what else is not publicly known? How many media outlets ignored the Cisco matter, how come ZDNet is one of the few giving us “it’s not releasing patches for some of the affected devices that reached end of life” less than 8 weeks ago. Again I say Cisco did the right thing by informing its customers close to immediately, yet when we see “More than 247,000 Microsoft Exchange servers are yet to be patched against the CVE-2020-0688 post-auth remote code execution (RCE) vulnerability impacting all Exchange Server versions under support” (source: bleepingcomputers.com) as far as I can see, a lot of the media ignored it, but they will shout and repeat the dangers of Huawei, without being shown actual evidence, and I state here, that unless we make larger changes, the extortion path will evolve and become a lot larger. With 70% of cloud systems getting hacked or breached, a large chunk of the Fortune 500 will pay too much to keep quiet and who gets to pay for that? There is a rough 99.867765% chance that its board members will not, it might be speculatively, so please prove me wrong.

A stage where the needs of the consumers changes in a stage where the corporations are not ready to adjust and all whilst the IT salespeople have that golden calf that does everything and make you coffee as well. Adjustments are needed, massive adjustments are needed and we need to make them now before the cybercriminals are in control of our IT needs and that is not mere speculation, when you see flaw after flaw and too little is done as too many are the victim of its impact is a serious breach and it has been going on for some time, but now it is seemingly out in the light and too many are doing too little and as we laugh at “God bless his hairy palms, Amen!” Consider that stage, and now consider that they invade a financial institution, these are clever criminals, they do not empty your account, they merely take $1, perhaps $1 every other month, this implies that they are looking at a $16,000,000 every two months. And this is merely one bank, one in a thousand banks, some a lot bigger than the Australian Commonwealth bank and lets face it, the fact that layer 3 to layer 7 is leaky in hundreds of thousands of customers, do you really think that banks are off-limits? Do you really think that this is a simple hick-up or that the scenery is changing this quickly by people claiming that it will be fixed in no-time? 

We need massive changes and we need them a lot sooner than we think.

1 Comment

Filed under IT, Law, Media, Science

Tagged as , , , , , , , , , , , , , , , , , , , ,