A reverse situation is possible, too, where someone watching YouTube videos or playing online games on his lunch break would cause callers to have a bad experience. And it would be a real pain if it were necessary to make a company-wide announcement every time the phone rang.

So David Sims talked to officials at VoIP Insider about how to take VoIP calls into account, and they told him, “[Y]ou should calculate the total bandwidth needed to send and receive your calls. You can do this by multiplying the number of anticipated simultaneous calls times the packet size of the voice codec you will be using (like G.722 or G.729).”

Then, depending on how things look, the officials said, “[Y]ou may want to prioritize or even segment your voice traffic.” (This can also serve as a good precaution against unforeseen Internet problems even if the situation seems under control.)

If problems still exist after all this, it may be time to rework the VoIP cost analysis. Specifically, the cost of more bandwidth will have to be weighed against the cost of using traditional phones. It’s possible VoIP won’t represent such a great deal once the added expense is factored in.

The good news is that most organizations with decent Internet connections shouldn’t encounter a lot of problems when using VoIP tech. It’s just best to think about this sort of stuff before going through with any transitions; no one will win if all of a company’s phones are accidentally transformed into little more than paperweights.

The cloud has always been our target. We architected from the beginning to be an open source, web-based development platform.
If we had launched two years ago as a cloud only product, we would have starved before the cloud market started growing. Instead, we launched a version of our product that you could download and run on your own laptop (in your own private cloud). Another huge advantage of having a download was being able to build an open source community, which now numbers over 15,000 registered developers on our forums.

Now we have both a downloadable product as well as a cloud product. Both support 1-click deployment to the Amazon EC2 cloud.

Apparently WaveMaker’s third round was actually used to build sales, to empower its community and to invest in marketing. The Cloud Quick Start Partnership launched last October with IBM, Amazon and RightScale is promising, along with sell-through from SaaS ISVs and systems integration partners.

Talking about open source licensing, recently WaveMaker 5.0 moved from AGPL to Apache, with a light badgeware approach requiring you either to include an ackwlodgment in in the documentation or the “Powered by WaveMaker” logo somewhere in your application.

I asked Chris to tell us more about the reasons behind such shift.

What we found was that community members are very comfortable with the Apache license but were uncomfortable deploying an application with an embedded AGPL license.

Rather than try to educate the market on the AGPL, we just decided to adopt Apache. It helps that most of the components we embed (Spring, Hibernate) are also licensed under Apache.

Decisions around licensing sometimes are subject to change over times. Despite the fact that over the last year AGPL increment rate is bigger than any other copyleft licenses, WaveMaker Rapid Deployment Server went Apache, while WaveMaker Visual Ajax Studio code stayed AGPL. This way ISVs or OEMs are forced either to AGPL their applications or buy an OEM license, and it definitely makes (business) sense.

Comments

Funny Pictures

So here are some of the generic statements (aka “facts”) that I see daily:

• Cloud is not secure
• Application  XYZ failed therefore the cloud is a failure
• You are crazy if you put mission critical applications in the cloud

I could go on and on but you get the point.  So let’s discuss these “facts” one at a time.

Cloud is not secure

This one drives me nuts!  I heard a well respected industry analyst at a well respected conference declare “I just don’t understand how you can put customer data in the cloud.  When you buy Amazon, you don’t buy security”.  I raised my hand and asked, “When you buy a rack of servers from IBM, are you buying security?”.  The point is, you don’t buy security, you architect for it.  Whether you are using a SaaS, IaaS, or PaaS provider, you must understand what security features are addressed, what isn’t, and what the risks are.  Then you must design to mitigate those risks.  It is not different than what you should be doing on-premise.  Understand your requirements, and build (or buy) the appropriate solution.  So to sum it up, the cloud by itself is often not secure enough.  You may outsource your infrastructure but don’t outsource your brain.  There are still things you must do to secure your systems and services in the cloud.

Application XYZ failed therefore the cloud is a failure

Whether it is GMail, Tmobile losing Sidekick data, Ma.gnolia database crashes, or Coghead going out of business, any failure of an off-premise solution seems to feed the myth cloud computing is too risky.  However, we continue to fail miserably each day with our on-premise solutions but we can keep it from the press because it is behind our firewall!  In each one of the above mentioned failures, the issue lies with operational issues on the side of the provider and not issues with the cloud infrastructure itself.  I would argue that GMail, which is free, is at least as reliable than most corporate Microsoft Exchange implementations (at least for the companies that I have worked for in the past).  Also, if you are using SaaS solutions, you should have a mitigation strategy in place for lost data.  Outsource the business processes but not your brain!  You still need business continuity, disaster recovery, record retention policies, etc.  And when did on-premise become so perfect? How many companies do you know keep the lights on by having employees run around with duck tape and bailing wire plugging up the holes in the bottom of the boat.  Let’s face it, most failures are due to issues in architecture, design flaws, missed requirements, human error, weak controls, or poor implementations.

You are crazy if you put mission critical applications in the cloud

This one really drives me nuts.  The problem here is semantics and we really should be careful what we say.  It is one thing to say mission critical apps don’t belong in the public cloud and another to say it doesn’t belong in any cloud (which is how it often gets interpreted).  But even the term mission critical means different things to different businesses.  Even though you and I might not see Twitter as a mission critical application to our business, it is for others.  Some companies exist solely because they leverage Twitter’s APIs to deliver their products and services.  Now we all know Twitter’s track record of reliability.  But their performance and up-time was failing miserably before they moved to the cloud.  It improved once they migrated to Amazon.  Twitter’s problem is a flawed architecture, it is not a cloud computing issue.  I have written in the past about our secure hybrid cloud solution for processing micro-payments.  As a startup, I would argue that I would be crazy not to build this in the cloud.  In an era where it is difficult to raise money, my costs would increase ten-fold had I opted for an on-premise solution.  I would have to build or lease at least two data-centers and staff them accordingly.  Instead I can use a combination of cloud vendors coupled with a sound architecture to secure these transactions and meet all regulatory requirements.  If I already had an existing data-center, I would not have been forced to look beyond the opinions of others and try to solve the security and compliance requirements that my business required.  I just think that many people’s opinions about the cloud are focused primarily on their specific business models or domains.  So what may be true for their world does not necessarily apply across the board. We tend to generalize too much.

Summary

There are many opinions out there about cloud computing and there are many smart people offering them.  Unfortunately, many of these these smart people have not rolled up their sleeves and tried to solve real business problems in the cloud (nor do they need to).  In my case, as a matter of survival, we had to find out for ourself.  By no means, do I consider myself an expert in cloud computing.  But I do believe that spending a year actually working on delivering enterprise solutions in the cloud from scratch does entitle me to challenge the opinions that are deemed facts.  At the end of the day, it all comes down to knowing your business and technical requirements and applying sound architectural practices to provide a secure and compliant solution, whether it is in the cloud, on-premise, or both.

Comments

LinuxQuestions.org came in my help, suggesting simply to delete some network files because apparently those files get corrupted when the battery runs out.

To fix it type the following comand on the command line sudo rm -rf ~/.gconf/system/networking or follow this step by step guide.

1. From the regular Aspire One options page, go to the Files panel

2. Click on the triangle to see more icons

3. Click on MyFiles, which opens a file manager window.

4. In the menu bar, select View->Hidden files, to show a tick in the box. (Sorry, I’m translating from a German display, so the option names may not be spot on.)You should be in the “My Disk:///” directory.

5. Find folder “gconf” and click on that

6. Find folder “system” and click on that

7. You should now see folder “networking” listed as one of the folders.

8. DELETE IT! (Right click on the networking folder, and select option delete.)

Okay, once you have recovered from the fear of deleting goodness-knows-what-file because you are just following some internet instructions, you have to re setup your wireless connection:

1. Shut down all those windows, and go back to the regular Aspire One options page.

2. Click “Settings” on the bottom right.

3. Click icon for “Netwrok Center”. If this works, and a window pops up then it’s going well.

4. Click on “New”, and follow the on screen instructions to connect and re-setup your WLAN or LAN.

Comments

“Here at the amazing HAR2009 hacker conference + camp, I have the pleasure of operating a camp-wide GSM network.

Under license of the Dutch regulatory authority, we operate two BTS with two TRX each, forming the network 204-42. The BTS are positioned on the top of a hill, with the antennas mounted back to back on a tree, each covering about half of the HAR2009 camp site. Every transceiver runs at 100mW transmit power, which is the maximum output as per our license.

From that tree, we run AC power and a single E1 line down to the GSM tent, where it runs into the Linux PC that runs our OpenBSC software. “

For those of us who aren’t mobile phone networking experts, BTS stands for Base Transceiver Stations, TRX stands for transceivers and BSC stands for Base Station Controller.

OpenBSC is a GPL implementation of major components of a GSM network. Welte is one of the key developers behind OpenBSC, which aims to:

• provide a basis for experimentation and security research with GSM from the network side
• document, publicized and point out any security related issues that we find as part of that
• learn more about GSM networks on a lower level, particularly the practical aspects with real-world equipment

Unfortunately, the project is not interested in:

• building a stable/reliable BSC/MSC for deployment in actual networks
• building something that follows the GSM spec to the last detail
• disrupting actual commercial GSM network

Since a government issued network bandwidth license is required to run a GSM network in most countries, few of us will never run our own open source GSM networks.  Although it seems that countries like Russia allow the use of licensed frequencies for low-power indoor use.  So the title of this blog is squarely targeted at readers in Russia.  Kidding aside, I wonder while Welte and team aren’t interested in building a distribution that does fully implement the GSM specification.  The use of OpenBSC on Linux could be targeted at telecom operators in emerging markets.  Considering the growth in mobile phone usage in emerging markets, and network operator’s constant search for cost reduction, there could very well be a business here.

Any takers?

*Well, if you can get a government issued bandwidth license

Comments

http://help.benm.at/tethering.php
From the list that shows select your country (I chose UK), and your network provider (for most this would be O2). I installed the profile when prompted – do this at your own risk. Saying that, it’s just a bunch of network profile settings so you can’t really break anything much on your phone. But still, don’t blame me, it’s your phone.

Now that the network settings are updated you need to pair your phone with your computer via Bluetooth. To use the iPhone as a modem with a Mac, it must be running Mac OS X version 10.5.7 or later. I used my old Macbook Pro for this and the steps were as follows:

1) Enable bluetooth on the Macbook and the iPhone. On the iPhone this can be found under General > Bluetooth.
2) Pair the devices. After turning on Bluetooth on both my iPhone and Macbook I went into the Bluetooh preferences on the computer and chose Devices > Set up new device.
The Bluetooth Assistamt took me through the required steps and even though it showed an error for a few seconds it then found my iPhone. After being prompted for a code to pair the devices I was done.

3) Enable tethering on the phone. Go to Settings > General > Network > Internet Tethering and turn it on.

4) Back on the Macbook, make sure that the little Bluetooth icon shows in your menu bar (you can enable it in Bluetooth preferences if not), click it and select ‘Join network on [name_of_your_iPhone]‘

If everything goes to plan you can now open a web browser on your computer (make sure WIFI is off so you know that the tethering is what gives you net access) and browse the web. The iPhone will show a blue ‘Internet Tethering’ bar. Note that this setup works for me without having signed up or paid for a tethering add-on with O2 and I would expect this ‘feature’ to stop working at some point unless I pay for it. Which I won’t. Because the proposed charges are a rip-off They may want to send me a bill – who knows, only time will tell.

Note: This guide is using O2 here in the UK, your mileage with other carriers may vary.

Comments

The hack injects php code into the settings file, and will then proceed to try to inject the malware into as many other files as possible. The key names that the hacker uses is Krisbarteo and MagicOPromotion so if your SMF system has either of those accounts, you need to head on over to the simple machines forum and read this thread. Patches are on the way, but in the mean time, there is little you can do to keep from becoming infected sort of changing file permissions and trying to clean up the mess before you get banned in Google as a malware site, that is a completely separate issue.

April Russo over on FriendFeed is hat tipped for posting the alert for everyone to see, and she also posted a quick Google hack to find out how many sites Google see’s as having the Krisbarteo user, with over 300 of them in the Google index. While not a lot, the potential for mayhem is here. It is also good to see that SMF is actively working with the community of users and being completely transparent on how this hack works. Kudos to SMF for working hard to fix the issues, and address the community.

What is interesting is that the hacker is using an older 2008 method for taking over the system, a masked file with PHP code, that has the extension JPG or GIF. This is one of the reasons why you want to make sure that systems do not execute code that is coming in from another direction. This is a classic hacker trick, and has been used successfully for years. In the mean time, follow the thread and follow the cleaning instructions on the SMF forum.

Comments

Unfortunately for all the hope I might have for these roadblocks of change being removed or for more hurdles of authority being removed the scary part is that for every one we remove two are replacing it. For every story we hear about how social media services have done some good thing we hear ten stories of some new way those in power seek to extend their control. Whether it be the English government passing a law to make photographing the police illegal through to the RIAA encouraging ISPs to remove peoples access to the net we are seeing a rise of repressive policies. While our freedoms on the Internet might appear to be growing there is also an obvious move in our offline lives to take away our freedoms. Source: WinExtra

I have spent the better part of 22 years in industry as an information security person, and I know exactly how easy it is to bypass many of the restrictions that are put in place already. If you take a look at Cuba, people have been silently bypassing authority there in the few ways that they can, the same holds true in China, the Middle East and even in England, no matter what hurdles are put up, there are ways around them.

Systems like TOR, Proxy Systems, even hopping the local non-encrypted wireless connection carelessly left open by your next door neighbor all leave open the possibility of bypassing authority. Server jumping, dynamic DNS, free hosting, drive by propaganda dropping, private video systems, long forgotten bittorrent servers, insecure networks, all these open the door to bypassing the regime. I spent the better part of my working career trying to convince people to fix these things, along with just about every other information security professional out there. Fortunately for people who need to dodge government controls, these systems exist by the hundreds of thousands on the global network. Satellite phone systems, disposable cell phones, SIM cards, all make hiding and evasion easier. The more disposable the easier it is to hide your message in the noise.

People every day bypass firewalls, even the great firewall of China cannot keep up with the internet. People every day bypass corporate controls on their networks, every day we see malware that uses DNS shifting techniques making it harder to hunt down the primary servers that control the botnet. These same techniques are used for people to spread their message or their propaganda worldwide. Even under the Taliban in Afghanistan, people worked out some very clever ways of getting information out of the country when the entire network was controlled by a “repressive regime”. What works for people bent on destruction can work in the same way for people whose intent is to get the word out and do good or spread a message.

Social networking is about the message and the ability to fire back and start a conversation, some messages will get out no matter what and start conversations if not on line, in darkened living rooms because people live in fear. We have not hit the bottom of what people will try, and it worries me to think that when we were at Waterloo Station, I took pictures of the local police services responding to an incident when they shut down Waterloo station. If there had been a real issue, those pictures would have been news worthy, if England passes the law, I would be arrested rather than having the scoop of the century. I was the only one there with a camera when they shut down the station. That worries me, but there are ways around that, I don’t even need to look like I have a camera on me. Taking a look at the current state of investigative reporting and hidden cameras, things will always get out, things will always be taped, recorded, viewed, shared, commented, and otherwise distributed on the internet.

Do the laws matter, yes, but humans have been very clever in working out ways around laws they do not like or agree with. I would expect no different in the future, based on 4000+ of recorded years of human history.

Comments