IOPS and latency are not related – HDD performance explored

Recently came across this interesting and thought provoking post around IOPS and Latency.

We all know we need to consider IOPS as well as and often more critically than overall storage volume – 10TB of storage can effectively be saturated from a performance perspective but under 1TB of data that is read / written to at a high rate.  This is a message that many people don’t consider when they just say project X or application Y just needs xx GB of storage.

However even with the understanding of the need to assess IOPS required by a solution it is still possible to get caught out if you don’t consider the profile of these IOPS, and the impact of random reads and writes on the actual performance of the drives / array.  Add to this the fact that many manufacturers’ figures for their products are somewhat on the optimistic side and it is very easy to deploy a solution that at first glance appears to meet the performance requirements, but turns out to be very inadequate in practice.

So; of course consider your storage volume requirements, but make sure you pay great attention to the IOPS and latency requirements along with the usage profile. Then carefully design and test the storage solution to make sure it works as expected.

Post can be found here, interesting reading;

http://blog.richardelling.com/2012/03/iops-and-latency-are-not-related-hdd.html

K

Malware everywhere, even on Apples..

Various sources have been reporting on the recent Java hole that enabled malicious individuals to infect upwards of 600,000 Apple Macs that were running the latest, fully patched version of the O/S.

This Java vulnerability was actually known about sometime last year and has been patched on other systems.  Apple in it’s continued, and frankly misguided, belief that it’s systems are safe and don’t need protection like anti-virus software chose not to patch the hole until 100s of thousands of it’s customers had been infected.

The reality is that all consumer computer systems have vulnerabilities and it should be the expected duty of vendors to patch these as quickly as possible to protect their customers and their privacy.

We have all knocked companies like Microsoft for the amount of vulnerabilities and attacks that have occurred against their software, but the reality is that over the last few years Microsoft has made huge progress in producing more secure software, patching in a very timely manner, providing free tools like anti-virus, and working with law enforcement to bring down criminal bot nets.

Apple has avoided many exploits being created as it has historically been such a niche player.  Why create an exploit for a few machines when you can create one for orders of magnitude more?  As Apple has become more successful and there has been an increased uptake of it’s products in office it has become a more interesting and valuable target for criminals to try and exploit any vulnerabilities.

It is time for Apple to pull it’s socks up from a security stand point, and to become both more proactive and transparent in how it deals with issues and helps protect it’s customers.

For us users of any operating system it’s yet another reminder that we should keep our systems patched and run software to protect us from viruses etc.  Oh and not to trust vendors when then tell us their systems are safe and don’t need further protection.

Some detail and commentary on this issue can be found here at the links below;

http://nakedsecurity.sophos.com/2012/04/04/apple-patches-java-hole-that-was-being-used-to-compromise-mac-users/?utm_source=Naked+Security+-+Sophos+List&utm_medium=email&utm_campaign=a6d16b7680-naked%252Bsecurity

http://news.cnet.com/8301-13579_3-57410476-37/apples-security-code-of-silence-a-big-problem/?part=rss&subj=news&tag=2547-1_3-0-20&tag=nl.e703

K

Firefox to use Google secure search by default

Now that the Google secure search offering has matured in terms of scale and performance Firefox is moving to use Google secure search as it’s default search provider.

From a privacy / security perspective this is great news as it makes it much more difficult for people to view your searches / search terms.  As always, the solution is not foolproof and Google breaks the ‘security’ for paid advertiser links etc.  However this is a good step in the right direction for improving security / privacy and specifically search security / privacy online.

More details can be found here;

http://searchengineland.com/firefox-to-use-google-secure-search-by-default-116231

If you want to use Google secure search yourself, just replace http with https in the address bar when you use Google search.

K

Trust requires transparency

I came across this excellent post via Bruce Schneier’s blog;

http://newschoolsecurity.com/2012/02/dear-verisign-trust-requires-transparency/

The post highlights that while Verisign has publicly claimed that they have dealt with the recent breach of their systems and that the Domain Name System (DNS) has not been compromised, they are still very light on details of what actually happened and how the DNS system was protected and has in fact not been compromised.

The point of the post is that for us to truly trust them and the systems the own and run again they must be open and transparent.

This is an excellent point and one well worth remembering.  While it may appear that the most secretive systems or organisations may be the most secure, actually it is likely we can place the most trust in those that are most open where we can clearly see and verify the security of their systems and processes.

Read the post and Verisign’s statement and make up your mind on whether you think you would be more ready to trust them if they were more open and transparent.

Be secure, open and trustworthy..

K

Joke of the day..

The below is of course hypothetical and similarity to any real people or situations is purely coincidental..

Hi can you design solutions for our environment?

Sure, could you provide me with details of the environment, ideally some sort of architecture document covering what it comprises of and how it’s configured?

No we don’t have that.

OK, could you provide me with access to the environment so I can understand it, how it’s configured and any capacity constraints etc.

No

Erm OK.. I’m off to buy a magic 8 ball then.

Dilbert couldn’t do better

Back to more serious posts next!

K

Project suggestions..

So I am currently working on what my MSc project should cover.  As the overall title of the MSc is Distributed Systems and Networks the project should likely incorporate some sort of networked / distributed system.  Given my continued interest in IT Security and the fact one of my favourite modules was actually titled ‘Distributed Systems Security’ I’d also like to incorporate a strong security focus into the project as well.
As I am also working on some cloud security related work for the Cloud Security Alliance I am thinking something ‘cloud’ related would be good as this would bring together aspects of security, obviously distributed systems along with being a very current topic.
The purpose of this post is to garner ideas and suggestions for project content and/or possible titles as I am struggling a little to decide the best and most interesting / useful option.  Likely especially relevant to the guys I am working with on CSA projects, but obviously open to anyone – what areas would you like to see further research in, where could my MSc project and value and insight?
Please feel free to post here or email me with any ideas and suggestions. Many of you have my email, however if you need it; it’s on my LinkedIn profile.  I’ll keep this blog updated with my topic decision and also link to the project once it is complete.
Thanks for your interest – looks like this is going to be an interesting and busy year!
K

The Internet of Things

Intel has created a graphical representation of all the different devices connected to the internet along with some key milestones throughout the development of the internet.

These include;

– the first connected computer in 1960

– the birth of what we now know as the internet / world wide web from 1989 through the ’90s

– the Sega Dreamcast which was the first connected games console

– through to current devices such as the iPad.

The graphic also predicts the future, estimating 4 billion people connected with 31 billion devices by 2020!

The graphic can be found in various sizes here;

http://newsroom.intel.com/docs/DOC-2297

K