I regularly get asked by businesses - often start-ups - how to approach information security. This has become an increasingly frequent question for those looking for some kind of formal recognition, usually certification. Everyone knows that these will take time and cost money. At the end of the day, is it worth it?
Jack Dorsey, famous for co-founding Twitter, is in the news currently as his Twitter account was hijacked. Most stories have been pains to point out that Twitter wasn’t directly attacked: instead, they went for his mobile phone. This raises the question: if you use your phone for authentication, how secure is it?
The Libra Association de-cloaked today. With Facebook amongst the initial backers, this is being seen – fairly or not – as the Facebook cryptocurrency. The reputation of the system, and potentially the take-up, may end up being harmed by that alliance. However, I’m slightly more interested in another question: is it likely to be any good as a digital currency?
For at least a couple of days, climate change has been back on the agenda with the protests happening in London by Extinction Rebellion. The coverage has fallen into the usual “adversarial” pattern: weighing the protestors’ points against the need for people to travel, or asking whether it is hypocritical that some protestors arrived by car / train / plane. Fundamentally, the point has been somewhat lost, but it makes me think anyway.
Many of us deal with personal and sensitive data these days. Best practice in computing circles is to make use of “encryption at rest”: ensuring data remains secure by encrypting it on a device (whether it’s a laptop, mobile phone or USB key). Some researchers at Radboud University in the Netherlands have discovered that widely used data storage devices with self-encrypting drives don’t do the job very well. Worse, they weaken the security of the popular Bitlocker solution.
For those who aren’t from the UK, the “High Street” is what we call the shopping parade in a typical town or city. It lies at the heart of the town, quite different to a mall, and is more of a European concept. “Cascade failure” is what we say when one part of a system causes another part of the system to fail, often like a set of dominoes falling. Putting two and two together: I believe that the UK High St is in such a failure mode right now, and that over the next five years we’re going to see some very rapid changes.
No doubt many people will have read the story about how an error in a piece of software has prevented a number of women being invited to a standard screening. The current estimate is that this could have led to as many as 270 lives being lost or curtailed, although it will be difficult to say for some time. As a ex-CTO in a healthcare business, this is the type of problem that used to keep me awake at nights – a small mistake leading to tragic results. How did this happen?
My estimable Twitter-pal Paul Johnson has put together a very reasonable thread about his thinking on serverless costs (ie. AWS Lambda, in this case). He makes a great case for the design of functions being done in such a way as to allow cost efficiency improvements, and I think the point on architecture is generally well-made. However, there are a few aspects of this which I think are generally not well understood, and Twitter is much too short a form to get them in. Hence this post.
Steven Sinofsky of a16z (previously Microsoft) probably first coined the phrase, “Don’t ship the org chart”. I think there’s a new variant of this worth discussing: shipping the microservices. I’ve been reviewing a few products in depth recently for different reaasons, and once you see it, it actually becomes really obvious.
There are few options in the cloud that are really worth investing time in. Amazon (AWS) is clearly important as the market leader, and Google Cloud (GCP) offers a variety of very interesting technology. Microsoft (Azure) has some remarkable technology, especially for Windows-oriented shops. After that, options are much smaller scale: there are big names like IBM (BlueMix) to much newer startups (such as Digital Ocean). None of them are very distinct. However, if we’re willing to take a slightly less western-centric approach, there is another: AliCloud.