Objectivity is falsifiability, subjectivity is individuality

A Tale of Two Architectures

There are just two architectures in ICT:

1. client/server architecture (centralized)-

  • Wi-Fi (client to access point)
  • Web (browser to web server)
  • SMS (client to telco server)
  • Dropbox (client to Dropbox server)

2. peer-to-peer architecture (client is also a server, decentralized)

  • Mesh networking
  • gnutella
  • Skype
  • AeroFS (P2P Dropbox clone)

 

Of course, there is a hybrid architecture (client/server and P2P in one) but that’s just a composite view

Use Dropbox to Transfer over a Large Queue of Files – courtesy of LifeHacker.

Dropbox is everywhere, but not, apparently, on most servers – courtesy of ZDNet.

For an overview of network plumbing, ZeroMQ has an excellent guide.

IT View to a Kill

Here is a funny but profound view of IT, courtesy of gar1t.

KVM on SmartOS

Courtesy:  LWN.net

On August 15, at the KVM forum 2011, Bryan Cantrill, VP Engineering at Joyent, gave a presentation entitled “Experiences Porting KVM to SmartOS.” The SmartOS in the title is Joyent’s illumos-based operating system that is the foundation of its public cloud and its SmartDataCenter product. With this talk, Cantrill essentially announced that Joyent has ported KVM to the illumos (Solaris) kernel.

Thanks to its illumos base, Joyent’s SmartOS already had several key features for a cloud operating system, such as the ZFS file system, the dynamic tracing possibilities of DTrace, network virtualization with Crossbow, and operating system-level virtualization (Zones) to isolate virtual operating systems, all running on the same kernel. However, one essential piece was missing in this puzzle of enterprise technologies: hardware virtualization. Granted, a few years ago OpenSolaris had Xen Dom0 support (called xVM), even with hardware virtualization, but the project was abandoned even before Oracle walked away from OpenSolaris.

Joyent (which is a member of the Open Virtualization Alliance dedicated to the awareness and adoption of KVM) believes in the thesis that the best hypervisor is the host operating system itself, because anyone attempting to implement a thin hypervisor would end up retracing the history of operating systems. This is exactly the vision of KVM, so when Joyent decided in the fall of last year that it needed to port KVM to SmartOS, this was a natural (but not trivial) choice.

Because its resources were constrained, Joyent decided to focus exclusively on KVM support for Intel processors. More specifically, a machine running KVM on illumos needs an Intel processor with VT-x and EPT (Extended Page Tables), such as the Nehalem Core i3/i5/i7. However, the developers made sure that they didn’t make decisions that would impede later AMD support. Also, only x86-64 hosts and x86 and x86-64 guests are supported. Apart from these constraints, one of the design goals was that the KVM port to illumos would maintain compatibility with the QEMU/KVM interface as much as possible.

Scalability Architecture

Courtesy of Will Larson.

Alan Kay on Java

Courtesy of ACM.

CSRF

Courtesy: Freedom to Tinker blog

CSRF vulnerabilities occur when a website allows an authenticated user to perform a sensitive action but does not verify that the user herself is invoking that action. The key to understanding CSRF attacks is to recognize that websites typically don’t verify that a request came from an authorized user. Instead they verify only that the request came from the browser of an authorized user. Because browsers run code sent by multiple sites, there is a danger that one site will (unbeknownst to the user) send a request to a second site, and the second site will mistakenly think that the user authorized the request.

If a user visits an attacker’s website, the attacker can force the user’s browser to send a request to a page that performs a sensitive action on behalf of the user. The target website sees a request coming from an authenticated user and happily performs some action, whether it was invoked by the user or not. CSRF attacks have been confused with Cross-Site Scripting (XSS) attacks, but they are very different. A site completely protected from XSS is still vulnerable to CSRF attacks if no protections are taken. For more background on CSRF, see Shiflett, Grossman, Wikipedia, or OWASP.

In short, session cookie is to browser while csrf token is to form submission. That is to say, every form submission (or AJAX data post) must have a corresponding CSRF ticket or token.

Tag Cloud

Follow

Get every new post delivered to your Inbox.