Looking beyond the awe that Google OS announcement has created, Information Week writeup takes a look at the challenges ahead before Chrome OS wins it all
For long, video has remained a blackbox.
Think about “text” as an expression medium, it could be mixed with other text and it could evolve in interesting & powerful ways, could same be done with Video?
Going by Wikimedia Foundation’s plans, it can soon be a reality. For more visit this interesting story on Readwriteweb.
Is Google Chrome OS a game changer? Undoubtedly yes. Instead of going gaga over the game changing potential, here is ADPS team’s attempt to decipher how it affects future of your business and how should you position your IT Initiatives to leverage this game changing event in years to come.
1. Platform Compatibility Issue is Dead – Long Live Browser
How many of us still remember the war between Netscape and IE? Microsoft fought tooth and nail not because it loved Internet, MS just was smart enough to realize the future potential of browser as an application container, a platform that can make any application Windows independent.
If you have been betting on hosted applications as a server side paradigm of choice and browser as a client you are already on the right side of the equation, if you have been waiting, it’s time you considered that golden move. If you are a provider, the hosted application market space just got a whole lot bigger, and its a good news.
2. Arrival of a Killer Cloud App
Rhyme of “work from any where any time” has been there for some time now. Things didn’t seem so obvious until the cloud arrived, web became faster and applications & data became detached from PC.
Arrival of free OS to drive the applications & a free Cloud to host them can just be the killer app the cloud computing has been waiting for.
3. Risk of Open source & Cloud Adoption just got Smaller
As an adopter of hosted application and open source paradigm, now you need not answer plethora of business continuity risks that you finally find a big brother in Google supporting your plans.
Nobody ever got fired for hiring IBM and may we add — No body will ever get fired for choosing Google Cloud.
4. Whats in it for YOU?
If you are an IT Services provider, it just makes plain future sense to focus on hosted open source application space and particularly on Cloud based applications.
As an adopter of open source, there couldn’t have been a better news. It means a future that attracts more credible service providers and increasing lower total life cycle cost for your future IT initiatives.
• Intel has just released the first beta of Moblin v2.0. Moblin is Intel’s open source operating system for netbooks, and is essentially another distribution of Linux, Fedora based. Moblin is built for Intel’s Atom chips which are found in many netbooks, and is an internet and multimedia focused OS. Moblin is open source and free.
• PostgreSQL has released version 8.4 of the popular open source database. Features include faster recovery from backups, per column permissions for more granular control of data, faster upgrades from v8.3 and semi-joins and anti-joins, among others.
• Mozilla has launched Firefox 3.5. It’s faster, and has features of IE8 and Chrome.
• Red Hat is offering the Premier Cloud Provider Certification and Partner Program, designed to simplify and expand the adoption of cloud computing by enterprise customers. It enables industry leaders in cloud computing to become certified to offer Red Hat technology solutions. Amazon Web Services became the first Red Hat Premier Cloud Provide Partner.
• In a survey of 104 Global 2000 companies, 30% of respondents said they were already using the cloud, and another 20% said that they would be moving their applications to the cloud in the next year. However, the remaining half said that they had no plans of using the cloud in the near future, citing lack of awareness, security concerns, cost, and not enough technical expertise.
There are many PHP frameworks currently in use, with Zend and CakePHP being the most common, followed by Symfony and CodeIgniter. Why should frameworks be so popular? Why should you invest time in understanding and using them?
PHP frameworks follow the MVC architecture, which means that the presentation is separated from the database and business layers, resulting is neat, clean and understandable code modules.
You are forced to stick to certain coding rules, ensuring good coding standards, which means that the code is written as it is supposed to be written and you do not run into unreadable code later on.
Most frameworks have built in checks to ensure that urls are clean. This is particularly important when you consider SEO.
Access to service APIs makes expanding connecting to other applications like Facebook and Google Maps very easy
Access to plugins means that many commonly used components need not be developed.
Automatic includes mean that you never have to worry about forgetting to manually include common files ever again.
Validation of forms and error flagging are made easy with built-in objects.
Strictly followed coding standards and code modules makes it easier to reuse code.
You may be tempted to create just one or two controllers, which, if done, defeats one of the purposes of using MVC. So, keep your controllers small and as close to the view as possible.
Although the learning curve can be steep when it comes to understanding frameworks, the effort pays off in the end – applications are a lot easier, and quicker, to develop using frameworks.
Sources: http://joshsharp.com.au/blog/view/why_you_should_be_using_a_framework, http://toys.lerdorf.com/archives/38-The-no-framework-PHP-MVC-framework.html, http://www.workoninternet.com/article_26808.html
Website security is a burning issue these days. We read about hackers gaining illegal access to government websites and banking and other secure sites almost every day. With this in mind, this is the first of a series of articles where we intend to explain various forms of website security threats.
This article takes a look at Cross Site Request Forgery (XSRF or CSRF), and what you, as a user or as an application owner, can do to avoid it.
CSRF is an attack from that enables an attacker to send HTTP requests from a victim’s computer without his/her knowledge. To elaborate: Assume that you checked the ‘Keep me signed in’ box when you logged in to your blog. This means that your security credentials are stored on your computer and sent by the browser to the site every time you make a request. You trust that the website will not impinge on your privacy and security, while the website trusts that any request coming with your credentials embedded in it actually comes from you. With this being the situation, it is very easy for an attacker to make unauthorized actions on the website while pretending to be you. Let’s see how.
Let’s assume that Jane generally uses the website examplestocks.com to trade in stocks. Since she uses the website quite frequently, she clicks on the ‘Keep me signed in’ box while logging in the first time to avoid having to key in her credentials every time she wants to look at the stock price. A malicious attacker wants to make use of this fact to sell some of Jane’s shares without Jane knowing about it. The attacker knows that the request to buy/sell is sent to the website in the form ‘http://examplestocks.com/sell.php?uid=Jane&symbol=XYZ&sharestosell=100’.
Before we proceed, some background of how a webpage is generated by a browser: When a browser makes a request, it receives a bunch of HTML code, which it then parses to render the page to the user. Attackers commonly use the tags that are used to include images on a webpage. The image tag is as follows: <img src=”http://examplestocks.com/stock.gif”> . When the browser comes across this tag, it sends a request to the server, and uses a standard ‘Get’ request to do so. It is impossible for the browser to differentiate between requests for different resources.
The attacker embeds the sell request within a blank image, i.e., the image tag will look like this: <img src=” http://examplestocks.com/sell.php?uid=Jane&symbol=XYZ&sharestosell=100″>, and makes the image part of, for example, an email. When Jane opens the email to read it, the html in it is parsed, and the request embedded in the email is sent to the website examplestocks.com, and the 100 stocks belonging to Jane in company XYZ are sold, all without Jane being aware of it. Since the browser automatically supplies the required credentials (remember, Jane is logged in), the server has no way to validate whether the request has, in fact, come from Jane.
You, as a user, do not really have any control over this, since security is defined by the application; however, it may make sense to not keep yourself signed into important accounts like the one in the example above.
You, as an application owner, can take some precautions to ensure that your website is not prone to such attacks. One simple way of doing this is to append user session tokens, which expire after a set time, with each request. The malicious attacker will have no way to replicate this token, thus ensuring that there is no simple way for a non-user to access the site. For example, if you do your bank transaction over the Internet, you may see a ‘Session Expired, Please Login Again’ message if you take too long to input the wire transfer details after logging in. This does not offer complete protection, since an attacker could use complex Cross Site Scripting (XSS) or make use of browser vulnerabilities to perpetrate the attack. The only way to avoid such attacks on your application is by following rigorous coding and security processes to ensure that there are no loopholes in the code that can be exploited.
Source: http://shiflett.org/articles/cross-site-request-forgeries, http://www.cgisecurity.com/csrf-faq.html, http://www.owasp.org/index.php/Cross-Site_Request_Forgery, http://www.debian-administration.org/article/Improving_website_security
You have heard of cloud computing, but how can it be useful to you? Read on.
Cloud computing is, simply put, using information technology as a service over the network. These services could relate to computing – for example, running complex calculations on multiple rented powerful servers on the network – or storage – for example, storing the results of the calculations on a virtual server and accessing it whenever necessary. This system also has the ability to scale dynamically as needed. You may start a new service, giving you new clients and 10 times your existing documentation, and you would still be able to store them on the Cloud without having to spend a lot of money.
Cloud computing can reduce the cost of delivery of services, while increasing the speed and agility with which services are deployed. It incorporates virtualization, on-demand deployment, Internet delivery of services, and open source software. The self-service nature of cloud computing can enable companies, especially small ones without the resources of their larger counterparts, create elastic environments that can contract or expand based on need. Its pay-by-use nature means that companies do not have to shell out large amounts of money for something that they cannot make full use of. So, basically, you can build applications, test them, and deploy them on a virtual machine, increasing your use of the cloud resources based on need.
Open source software plays an important part in cloud computing by allowing its basic elements to be created with easily and freely available components.
There are primarily two types of clouds:
Public Clouds: These are run by third parties and applications from different customers will be mixed together, although with security and data locality aspects in place, this should be transparent to the end user. Larger portions of the cloud can also be let out to individual customers as virtual datacenters. This gives customer greater visibility into its infrastructure, and greater manipulative capacity.
Private Clouds: These are built for the exclusive use of one customer, providing utmost control over data, security and quality of service. These can be managed either by a company’s IT organization or by a third party provider.
A third type, the Hybrid Cloud, is a mixture of these two models, primarily by augmenting a private cloud with the resources of a public cloud.
Cloud computing makes use of three basic service models:
Software as a Service (SaaS): Software as a service features a complete application offered as a service on demand. A single instance of the software runs on the cloud and services multiple end users or client organizations.
Platform as a Service (PaaS): Platform as a service encapsulates a layer of software and provides it as a service that can be used to build higher-level services. (e.g.: Google Apps engine)
Infrastructure as a Service (IaaS): Infrastructure as a service delivers basic storage and compute capabilities as standardized services over the network. Servers, storage systems, switches, routers, and other systems are pooled and made available to handle workloads that range from application components to high-performance computing applications.
The benefits of cloud computing are many. Some of them are:
Reduce run time and response time – use multiple servers instead of just one to run your calculations
Minimize infrastructure risk – you own lesser infrastructure
Lower cost of entry – infrastructure is rented, and applications are ‘assembled’
Increased pace of innovation – deploy quickly and at low cost, freeing resources
So, cloud computing is available, scalable, flexible, reliable, secure and efficient. Do you want more reasons to start evaluating your existing infrastructure?
Source: Introduction to Cloud Computing Architecture, White Paper, Sun Microsystems, 1st Edition, June 2009
