September 27, 2013 4:19 PM
Posted by: Sharon Fisher
You may recall Nirvanix as the company that would send out a press release after each natural disaster, urging people to come use its service. Well, apparently that strategy didn’t work too well, or maybe we just haven’t had enough natural disasters lately, because several publications, including Information Age, reported that its customers had been told they had two weeks to find another repository for their data, presumably before it shuts down its service.
What that means is, “If you used Nirvanix for third or fourth duplicate copies you need assurance that data will be destroyed,” writes Simon Robinson in Computer Weekly. “If you used it for primary data you need that data back, and that is no trivial task right now.”
Consequently, there’s some degree of poetic justice to the fact that other companies are taking the occasion to jump out of the woodwork to issue their own press releases, promising Nirvanix customers that they can be taken care of. Attunity, for example, announced on Monday a migration service from Nirvanix to AWS’ S3 Cloud, using Attunity’s CloudBeam service, which is intended to simplify and accelerate data loading into Amazon S3.
Network administrators are also scrambling to find alternatives and to figure out the logistics of getting copies of their Nirvanix data installed somewhere else, if they hadn’t done it before. Even organizations that didn’t use Nirvanix are taking this as a wake-up call about whatever cloud storage vendor they’re using, while others — those who never cottoned to the idea of cloud storage in the first place — are patting themselves on the back for their prescience.
“When relying on cloud services it is important to have a backup plan–or at least a way out should the service become untenable,” writes Isha Suri in the Silicon Angle blog. “In the wake of the news of Nirvanix shutting down opinions have begun to rise about how to prepare for and handle such an event.”
Analysts such as Forrester’s Henry Baltazar and Gartner’s Kyle Hilgendorf are suggesting that organizations make sure they have an exit strategy when they sign up with a cloud service, but point out the difficulty of getting data out of the cloud once it’s in. “One of the most significant challenges in cloud storage is related to how difficult it is to move large amounts of data from a cloud,” he writes. “While bandwidth has increased significantly over the years, even over large network links it could take days or even weeks to retrieve terabytes or petabytes of data from a cloud.” He also recommends that organizations look for cloud storage vendors that offer direct connect or shipments of portable hard drives.
The company has finally officially announced its demise on its website, saying it was “working hard” to keep the service available until October 15 to give customers a chance to move their data.
September 18, 2013 11:13 PM
Posted by: Sharon Fisher
, data storage
, station wagons
Faithful readers of this blog are aware that we sometimes visit the issue of “what is the bandwidth of a station wagon full of magnetic tapes speeding down the highway” and other ways of putting Really Enormous Amounts of Data in context.
Similarly, this blog recently addressed the issue of how much data the NSA could store.
However, this week Randall Munroe, the author of the geek comic xkcd, came up with a new measurement of data, based on a reader question: “If all digital data were stored on punch cards, how big would Google’s data warehouse be?” Munroe, a physicist who has worked for NASA, in addition to the comic, answers hypothetical reader questions involving physics like this once a week. Other examples include “How fast can you hit a speed bump while driving and live?” and “If you call a random phone number and say ‘God bless you,’ what are the chances that the person who answers just sneezed?”
Anyway, using publicly available data — sources of which were all dutifully footnoted — Munroe went through very much the same sort of back-of-the-envelope calculation that this blog and other sources have gone through, first to calculate the amount of data Google has — in punch card size — and next, to extrapolate from that the amount of data the NSA has.
In the process, there’s several interesting bits. For example:
“To make things worse, given the huge number of drives they manage, Google has a hard drive die every few minutes,” he writes, dutifully footnoting the source of this information. “ This isn’t actually all that expensive a problem, in the grand scheme of things — they just get good at replacing drives — but it’s weird to think that when a Googler runs a piece of code, they know that by the time it finishes executing, one of the machines it was running on will probably have suffered a drive failure.”
Anyway, the figure Munroe came up with for Google’s data store, after a bunch of this calculation, is 15 exabytes. How much is that in punch cards?
“15 exabytes of punch cards would be enough to cover my home region, New England, to a depth of about 4.5 kilometers,” Munroe writes. To put that into perspective (which is something he’s very good at), “That’s three times deeper than the ice sheets that covered the region during the last advance of the glaciers.”
Going on to the NSA, Munroe also pokes fun at some of the more breathless of the speculation. “A few headlines, rather than going with one estimate or the other, announced that the facility could hold ‘between an exabyte and a yottabyte’ of data … which is a little like saying ‘eyewitnesses report that the snake was between 1 millimeter and 1 kilometer long.’”
Munroe concludes with how to find out where the seekrit Google data centers are — like CNN’s Wolf Blitzer advises, it’s “Monitor the pizzas.” “Google has created what might be the most sophisticated information-gathering apparatus in the history of the Earth … and the only people with information about them are the pizza delivery drivers,” he writes.
September 7, 2013 2:26 PM
Posted by: Sharon Fisher
, law enforcement
Prosecutors have dropped attempts to force a suspect to give up the encryption key for his hard drives. Unfortunately, they dropped the attempts not because it was the right thing to do, but because they succeeded in breaking into his hard drives another way and getting the information they wanted.
As you may recall, this all started when Jeffrey Feldman was suspected of having child pornography, based on the names of files he allegedly exchanged on a file-sharing site. However, of his 16 hard drives, 9 were encrypted, and he refused to provide law enforcement with the decryption key. In April, a judge ruled at first that Feldman was not required to give up the decryption key, but then reversed himself in May after law enforcement succeeded in decrypting one drive, which linked the drive to Feldman. However, in June, a different judge granted a stay on that order.
As we noted in May, when the judge reversed himself, this is part of a continuing process where courts are trying to figure out what an encryption key is, legally speaking. Is it a physical thing, like a key to a lockbox, which is not protected by the Fifth Amendment? Or is it like the combination to a safe — the “expression of the contents of an individual’s mind” — which is protected? In some countries, people have even been jailed for refusing to reveal an encryption key.
This case, like most of the other ones regarding revealing encryption keys, has to do with child pornography, which adds another nuance to the issue. Are law enforcement and the legal profession more likely to push the envelope of legal search because they so badly want to catch child pornographers? Or because they think people will be less likely to criticize their methods because the crime is so heinous? (Or as Mike Wheatley put in his blog, Silicon Angle, about the original case, “Data Encryption Makes Perverts Untouchable.“)
“That’s also the whole point of the Bill of Rights: ‘mere suspicion’ is not enough to let the government search your premises and invade your privacy; the government needs actual evidence of wrongdoing before it can interfere with your life,” countered Jennifer Abel, in the Daily Dot, about the April case. “Nowhere in the text of the U.S. Constitution does it say ‘All rights listed herein may be suspended, if cops suspect you did something really really bad.’”
In July, the Electronic Frontier Foundation filed an amicus brief in the case, which laid out all the various reasons and legal precedents why it believes that forcing someone to reveal a decryption key violates the Fifth Amendment protection against self-incrimination. Increasingly, the EFF noted, people and businesses are encrypting their data for their own protection, not because they’re doing anything untoward.
In addition, Feldman’s attorneys contended in July that the prosecution had written its case in such a way as to make it sound like his encryption method and computer system was more sophisticated than that of the average person, with the intent to mislead the court. Examples it cited included describing Feldman’s drives having an “intricate electronic folder structure with thousands of files” when even Windows itself has such a folder structure.
In any event, Feldman was formally charged in August, based on evidence obtained when two of the hard drives were decrypted and sufficient evidence was found to charge him with the crimes. At that point, the prosecution dropped its efforts to force him to decrypt the drives.
Prosecution was under the gun here; the arrest happened the day before the prosecution was due to submit a brief explaining why its request would not violate Feldman’s Fifth Amendment rights, the Milwaukee-Wisconsin Journal Sentinel notes.
The upshot is that we’re no closer to a definitive ruling on whether people will be required to give up decryption keys based on law enforcement suspicions. Because of the varying rulings by lower courts, it is believed by experts that we will need a Supreme Court ruling before we get a definitive answer.
August 31, 2013 9:18 AM
Posted by: Sharon Fisher
The virtual world was made real this week, as anybody who was anybody was in San Francisco, the site of this year’s VMworld conference for VMware. But there were more clouds in the air than the city’s traditional summer fog.
As always, such conferences feature a lot of new products, which you can read about more. But what many found more interesting was what it all meant for VMware itself, in a year marked by technology and leadership changes. The company became famous for helping organizations use their servers more efficiently, but in a time when server sales are going down and users are moving to the cloud, VMware is in the classic “innovator’s dilemma,” trying to catch up with newer, nimbler competition without alienating its traditional base.
No less a presence than the New York Times (the Times knows from virtualization? Who knew?) writes,
“VMware’s main product, virtualization software, allows one computer server to do the work of many, and for complex tasks to be shared across several machines. That disrupted the old computer server business, and helped usher in the current model of big data centers and cloud computing. But now, as other companies offer both proprietary and open source virtualization, VMware has to move on from the world it helped destroy.”
In the same way that VMware virtualized servers, it and other vendors have virtualized other aspects of computing, such as storage. VMware is looking to extend that to the network itself, through NSX, a product family based on its purchase a year ago of Nicira. And certainly there was a slide full of company logos ready of vendors that said they will support it — though some of them were complaining that the new APIs gave them less functionality than they had had.
On the other hand, one big name was missing: Cisco, which went on later in that week to criticize the whole idea of software-based networking. Of course, to a certain extent, Cisco is in the same dilemma as VMware – having to defend its turf against new, innovative technologies. “It’s hard to be a partner with someone when you’re on a collision course with them,” writes Barb Darrow for GigaOm.
All of this is happening against a backdrop of executives leaving the company in the past year — really, starting with Paul Maritz leaving as CEO to become chief strategy officer at EMC a year ago, and then heading up the Pivotal effort of “everything VMware had that wasn’t virtualization.” And current VMware CEO Pat Gelsinger has been talked about as a potential CEO for EMC once Joe Tucci decides to retire for good. But there’s been more, notes Darrow:
“Maritz took some people with him so they’re still under the umbrella held by parent company EMC. Others left as VMware de-emphasized or sold off ”non-core” technologies like Zimbra, Sliderocket and Wavemaker etc. But the departure of other top executives — CTO Stephen Herrod, and especially former cloud infrastructure head Bogomil Balkansky, definitely contributed — right or wrong — to a perception of brain drain.”
On the other hand, she notes that VMware this week brought in former Microsoft CIO Tony Scott as CIO, and also recently named former SAP mobile guy Sanjay Poonen aboard to lead its end-user computing effort.
It all creates a perception of a company that doesn’t quite know where it’s going, in contrast to the well-oiled machine that VMware has typically been thought of til now. As recently as March, VMware was predicting up to 20 percent revenue growth, because the formation of Pivotal was going to let it focus on its virtualization business. It will be interesting to see whether that prediction comes true.
August 22, 2013 10:36 PM
Posted by: Sharon Fisher
Time to get out your Disaster Recovery binder. Skip past the sections on “Earthquakes,” “Tornadoes,” “Hurricanes,” “Forest Fires,” “Zombies,” and “Floods,” and stop at the one called “When the Sun Flips Magnetic Poles.”
What do you mean, you don’t have one? Better hurry up. You’re going to need it.
In case you’ve somehow missed the news, our sun is expected to flip its magnetic poles in the next few months. That is, the North Pole will be the South Pole, and vice versa. The sun itself doesn’t move — just the magnetic fields.
While this might sound surprising, it’s actually something the sun does every eleven years or so.
That’s fine, but what does that mean to you? It depends on whom you ask. It ranges from “Well, maybe nothing much, really” to “OMG, WE’RE ALL GONNA DIE!” And nobody really knows.
First of all, we don’t know how severe the associated magnetic shifts are going to be — just like we don’t know ahead of time what hurricane season will be like. Second, we’ve all acquired a lot more electronics in the past eleven years, and nobody really knows what effects the magnetic changes could have on them.
The “nothing much, really” contingent points out that the sun has flipped three times since 1976 and we haven’t had any tragedies yet and there’s no real reason to believe it’s going to be anything different this time.
The OMG contingent says it has the potential of blowing out all our electronics for months or years. “The big fear is what might happen to the electrical grid, since power surges caused by solar particles could blow out giant transformers,” reports National Geographic. “Such transformers can take a long time to replace, especially if hundreds are destroyed at once, said [the] co-author of a National Research Council report on solar-storm risks…The eastern half of the U.S. is particularly vulnerable, because the power infrastructure is highly interconnected, so failures could easily cascade like chains of dominoes. ‘Imagine large cities without power for a week, a month, or a year,’ [he] said. ‘The losses could be $1 to $2 trillion, and the effects could be felt for years.’”
GPSes and satellite systems are also vulnerable. As NASA notes, how’d you like to be coming in for a plane landing or a ship docking by GPS at that time?
A less severe event in 1989 caused power failures in Canada, and almost brought down the power grid on the East Coast. Scientists who studied an even more powerful storm in 1921 in the context of systems today found that a similar event now could cause cascading failures that could even affect the water system.
In addition, the OMG contingent is speculating that the flip could cause another “Carrington Event.” “The biggest solar storm on record happened in 1859, during a solar maximum about the same size as the one we’re entering,” writes National Geographic. It was discovered by a Scottish guy named Richard Carrington, who just happened to be looking at the sun at the same time it emitted a Coronal Mass Ejection (CME), which acted like a giant magnetic fart. So he knew it was coming. When the fart reached the Earth, all sorts of interesting things reportedly happened.
“Just before dawn the next day, skies all over planet Earth erupted in red, green, and purple auroras so brilliant that newspapers could be read as easily as in daylight. Indeed, stunning auroras pulsated even at near tropical latitudes over Cuba, the Bahamas, Jamaica, El Salvador, and Hawaii,” writes NASA. “Even more disconcerting, telegraph systems worldwide went haywire. Spark discharges shocked telegraph operators and set the telegraph paper on fire. Even when telegraphers disconnected the batteries powering the lines, aurora-induced electric currents in the wires still allowed messages to be transmitted.”
What do you think that’s going to do to your iPod? Not to mention your data center? It could give “flash drive” a whole new meaning.
“In 2008 solar scientists predicted that a Carrington scale solar event today could cause blackouts effecting 130 million people and result in economic losses of ‘$1 trillion to $2 trillion during the first year alone…with recovery times of 4 to 10 years,’” writes Data Center Pro. In fact, the article continues, one scientist predicts a 12 percent chance of a Carrington event in the next decade. It’s serious enough that even Homeland Security is looking into it.
“At the time of the Carrington Event, only the 125,000 miles of wire set up for the nascent telegraph network had the correct properties for the induction of auroral currents,” wrote Eric Gallant, one of the primary experts on the phenomenon with respect to data centers, in 2009. “In 2009, there are many more targets for a geomagnetic storm, including transcontinental pipelines, communication lines and power transmission lines. In addition, our vulnerability to geomagnetic storms is increased because modern infrastructure networks are vastly larger than the simple systems of Carrington’s day. In particular, the electrical properties and extent of our national electric grid has led industry professionals to compare it to a continent-wide antenna for geomagnetic energy.”
Needless to say, if the OMG contingent is right, or if we have another Carrington Event, chances are it doesn’t make much difference what you do; we’ll all be hosed anyway. But if it’s simply going to be a heavier-than-usual sunspot day, here’s some precautions to take before the magnetic storms reach their predicted peak in 2015:
- Have backup generators of some sort handy — preferably the kind that don’t require electronics to operate.
- Get UPSes, surge protectors, and so on, and make sure all your equipment is plugged into them. If the situation is severe enough, it won’t help, but it can’t hurt.
- Gallant recommends locating data centers near the lower latitudes, away from the poles.
- Pay attention to the news. The nice thing about the sun being so far away from the Earth — aside from the fact that if it weren’t, we’d, like, die — is that we have some warning. While it takes around eight minutes for light to get to the earth, it can actually take several days for a CME to get here, so you have time to, if necessary, unplug things in hopes there’ll still be a grid to plug them back into afterwards.
And get out your binoculars. The aurorae could be spectacular.
August 9, 2013 6:45 PM
Posted by: Sharon Fisher
, big data
, data center
, federal government
, station wagons
You know how people periodically like to figure out the bandwidth of a station wagon loaded with storage media? Now we have a new one: How much storage will the NSA data center in Utah actually have?
“Much has been written about just how much data that facility might hold, with estimates ranging from ‘yottabytes’ (inWired) to ’5 zettabytes’ (on NPR), a.k.a. words that you probably can’t pronounce that translate to ‘a lot,’” writes Kashmir Hill in Forbes. “For some sense of scale, you would need just 400 terabytes to hold all of the books ever written in any language.”
However, Hill obtained what she said were actual blueprints for the data center that belied such figures.
“Within those data halls, an area in the middle of the room – marked ‘MR – machine room/data center’ on the blueprints – is the juicy center of the information Tootsie pop, where the digital dirt will reside. It’s surrounded by cooling and power equipment, which take up a goodly part of the floor space, leaving just over 25,000 square feet per building for data storage, or 100,000 square feet for all four buildings, which is the equivalent of a Wal-Mart superstore.”
Hill went to Brewster Kahle, who invented the precursor of the World Wide Web called WAIS, and who went on to found the Internet Archive.
“Kahle estimates that a space of that size could hold 10,000 racks of servers(assuming each rack takes up 10 square feet).’One of these racks cost about $100,000,’ says Kahle. ‘So we are talking $1 billion in machines.’
Kahle estimates each rack would be capable of storing 1.2 petabytes of data. Kahle says that voice recordings of all the phone calls made in the U.S. in a year would take up about 272 petabytes, or just over 200 of those 10,000 racks.
If Kahle’s estimations and assumptions are correct, the facility could hold up to 12,000 petabytes, or 12 exabytes – which is a lot of information(!) – but is not of the scale previously reported. Previous estimates would allow the data center to easily hold hypothetical 24-hour video and audio recordings of every person in the United States for a full year. “
Other experts, such as Paul Vixie, had even lower numbers. “Assuming larger 13 square feet racks would be used, factoring in space between the racks, and assuming a lower amount of data storage per rack, he came up with an estimate of less than 3 exabytes of data capacity for the facility,” Forbes writes.
Hill isn’t the only one who’s been thinking about the storage capacity of that Utah data center.
“To put this into perspective, a yottabyte would require about a trillion 1tb hard drives and data centers the size of both Rhode Island and Delaware,” writes security consultant Mark Burnett. “Further, a trillion hard drives is more than a thousand times the number of hard drives produced each year. In other words, at current manufacturing rates it would take more than a thousand years to produce that many drives. Not to mention that the price of buying those hard drives would cost up to 80 trillion dollars–greater than the GDP of all countries on Earth.”
Even looking at a zettabyte, or .1 percent of a yottabyte, is unrealistic, Burnett continues. “Let’s assume that if you buy 250 million hard cheap consumer-grade drives you get a discount, so they get them at $150 each which would come to a $37.5 billion for the bare hard drives alone (well, and a billion tiny screws).”
That might sound familiar. You may recall that Backblaze powers its backup service (disclaimer: I use it) with commodity drives in that way. You may also recall that it occasionally has a hell of a time finding enough drives.
As it turns out, Backblaze has also examined the NSA claims — and it did so back in 2009:
“The cost per GB has dropped consistently 4% per month for the last 30 years. Assume the trend continues for the next 5 years, by when the NSA needs their yottabyte of storage. The costs in 2015 then would be:
* $8 trillion for the raw drives
*$80 trillion for a storage system
Well, that’s getting closer – a bit less than today’s global GDP.
Per historical metrics, a drive should hold 10 TB by 2015. The NSA would require:
* 100 billion hard drives
* 2 billion Backblaze storage pods
And of course, they would probably want this data backed up. That might really test our offer of $5 for unlimited storage.”
Backblaze isn’t the only vendor doing back-of-the-envelope calculations (perhaps practicing for an RFP?) NetApp technologist Larry Freeman is as well:
“Assuming that 40% of the 25,000 sq ft floor space in each of the 4 data halls would be used to house storage, 2,500 storage racks could be housed on a single floor (with accommodations for front and rear service areas). Each rack could contain about 450 high capacity 4TB HDDs which would mean that 1,125,000 disk drives could be housed on a single data center floor, with 4.5 Exabytes of raw storage capacity.”
And that’s not even getting into the power consumption aspect. The Utah data center is reportedly slated to use up to 65 megawatts of power, or as much as the entire city of Salt Lake itself. Forbes quoted Kahle’s estimate of $70 million a year for 70 megawatts, while Wired reportedly estimated $40 million a year for 65 megawatts. (And recall that Utah passed a law earlier this year that would enable it to add a new 6% tax to the power used, which could tack on up to $2.4 million annually on to $40 million.)
Burnett’s power calculation is even higher. “250 million hard drives would require 6.25 gigawatts of power (great Scott!). Of course, drives need servers and servers need switches and routers; they’re going to need a dedicated nuclear power plant. They’re going to need some fans too, 4.25 billion btu definitely would be uncomfortable.” Of course, there are other options, he notes. “Another option that would use much less electricity and far less space would be 128 GB microSDXC cards. Except that you would need 9,444,732,965,739,290 of them. At $150 each.”
Freeman’s power calculation is high as well.
“HOWEVER, each storage rack consumes about 5 Kilowatts of power, meaning the storage equipment alone would require 12.5 Megawatts. On the other hand, servers consume much more power per rack. Up to 35 Kilowatts. Assuming an equivalent number of server racks (2,500), servers would eat up 87.5 Megawatts, for a total of 100 Megawatts. Also, cooling this equipment would require another 100 Megawatts of power, making the 65 Megawatt power substation severely underpowered — and so far we’ve only populated a single floor. Think that the NSA can simply replace all those HDDs with Flash SSDs to save power? Think again, an 800GB SSD (3 watts) actually consumes more power per GB than a 4TB HDD (7.8 watts).
Something I haven’t seen anyone address is what buying that much storage would do to the revenues of the lucky hardware vendor — or vendors. How in the world would Seagate, or any of the component vendors, be able to keep a purchase of that size secret?
Moreover, with many hard drive component manufacturers located outside the U.S., and with there already being concern that computer components might have malware baked in, how would the NSA guarantee the integrity of non-U.S. components? (For that matter, with so many NSA whistleblowers wandering around, could it trust the integrity of U.S.-built components?)
Meanwhile, Datacenter Dynamics notes that, in this case, “size doesn’t matter,” particularly since the NSA is likely to be using state-of-the-art deduplication and compression technologies to reduce the amount of data stored. “The capacity for storing data is not nearly as important as being able to process data and derive valuable information from it,” writes Yevgeniy Sverdlik. “Making sense out of data is a lot harder than storing it, so the NSA’s compute capacity, in terms of processor cores, and the analytics methods its data-miners use are much more interesting questions.”
Incidentally, the NSA recently responded to a Freedom of Information Act request by saying it didn’t have the capability to search its own employees’ email in bulk.
July 31, 2013 10:47 PM
Posted by: Sharon Fisher
, digital government
, disaster recovery
A large number of Oregonians looking for state services — including 63,000 unemployed people expecting checks for a total of $18 million in benefits — were left high and dry for a day recently due to problems with a Hitachi storage upgrade.
Hitachi contractors were doing what was supposed to be a routine upgrade to the State Data Center in Salem when a connectivity issue caused the system to go down, KGW News reported state spokesman Matt Shelby as saying. “Hitachi worked overnight to fix the problem. All state agency websites were affected, but no data was lost,” the station said. The outage started at 7 p.m. Monday and was repaired by Tuesday morning, while state services were restored by midday.
Up to 90 percent of the weekly unemployment benefits are normally processed on Monday nights, according to an AP story in The Columbian.
Other issues, according to Oregon Public Radio and The Oregonian, included:
- Inability for the state’s more than 90 agencies to communicate directly with each other via email
- Any jobs that needed to pull data from the data center couldn’t run
- The Department of Transportation TripCheck was down
- The Department of Forestry, which was fighting a fire in Prineville (ironically, where Facebook has one of its data centers) didn’t have access to email or database forms
- 35 applications for food stamps scheduled for overnight processing were delayed
Ironically, to a certain extent Oregon brought this on itself by planning to consolidate its various state data centers into the single State Data Center in 2004. “The State Data Center was authorized in July 2004 to consolidate the computer operations of the 12 largest agencies,” notes the Statesman-Journal. “A $20 million building on Airport Road SE houses the center, which opened in fall 2005. Lawmakers in 2005 approved $43.6 million for the consolidation process.” But in July, 2008 — almost exactly five years ago — the state’s plan for consolidating data centers was sharply criticized for not adequately consolidating the servers themselves.
The system has also been plagued by crashes. In October, 2009, a network failure on the State Data Center system caused an overload on the unemployment system, shutting it down for 12 hours. In October, 2011, unemployment payments were delayed a day because a computer upgrade had “unintended consequences.” Then in May, 2012, a number of state websites were down for most of a day due to problems in a Texas data center that stored their content.
That was just two months after the Secretary of State’s office performed an audit of the department, noting that it needed improvement in the area of disaster recovery. That letter referenced the Federal Information Systems Controls Audit Manual, which notes, among other things, that “Spare or backup hardware is used to provide a high level of system availability for critical and sensitive applications.”
And, a month ago, three senior officials in the Department of Employment lost their jobs due in part to problems with the department’s computer systems. “Audit after audit exposed leadership problems that festered as they agency wasted as much as $30 million on computer software programs that didn’t work,” reported The Oregonian. “IT employees ‘are appointed to positions that they may or may not be suitable for, they are not coached and then their job duties were significantly changed.’ It said that the IT division needed “leadership, governance, priority setting, methodology, contract administration and appropriate HR practices.”
State officials pointed out that no data was lost in the recent incident, and that it was simply a matter of access to the systems that was lost for a day.
This is not to pick on Oregon; as IEEE Spectrum pointed out, the state government computer systems of New Mexico, Kansas, North Carolina, New Jersey, and Iowa all ran into problems that same week. These incidents do demonstrate, though, the challenges for citizens needing services — who tend to be the less computer-savvy ones — when the increasingly computerized state computer systems run into problems.
“Just who in their right mind upgrades a live system?” noted one commenter.
Analyst Greg Schulz of Storage I/O agrees, calling it “CYA 101.” “Anytime there is a person involved — regardless of if it’s hardware, cables, software, firmware, configurations or physical environments –something can happen,” he writes. “If the vendor drops the ball or a cable or card or something else and causes an outage or downtime, it is their responsibility to discuss those issues. However, it is also the customer’s responsibility to discuss why they let the vendor do something during that time without taking adequate precautions. Likewise, if the storage system was a single point of failure for an important system, then there is the responsibility to discuss the cost cutting concerns of others and have them justify why a redundant solution is not needed.”
July 30, 2013 11:38 AM
Posted by: Sharon Fisher
We’re always into the geekly here at Yottabytes, like data under glass and so on. Naturally, we were fascinated to read about “freezing” light and its implications for data storage.
If you missed it, a detailed description comes from the BBC:
“The team fired a light beam called a signal pulse through a sealed glass cylinder containing a hot gas containing atoms of the element rubidium, illuminated by a strong ray of light known as a control beam. While the pulse was travelling through the rubidium gas, the researchers switched off the control beam, creating a holographic imprint of the signal pulse on the rubidium atoms,” the BBC reports. “Earlier experimental methods had then switched on a single control beam to recreate the signal pulse, which then continued on its way. However, in this latest study, researchers switched on two control beams which created an interference pattern that behaves like a stack of mirrors. As the regenerated signal pulse tries to continue on its way through the glass cylinder, the photons bounce back and forth, but the overall signal pulse remains stationary. The light beam was essentially frozen.”
The light was frozen for an entire minute. While this may not seem like long, it’s enough time for 20 round trips to the moon.
Another version was also printed in i09 (though in the process they said light traveled at 300 mps; hilarity ensued).
(You can also read the actual abstract.)
Research into the stopping-light area has been going on for some time, reports New Scientist. “Physicists managed to slow it down to just 17 metres per second in 1999 and then halt it completely two years later, though only for a fraction of a second. Earlier this year, researchers kept it still for 16 seconds using cold atoms.” In this particular experiment, the light-freezing was also enhanced using magnetism.
Where the storage comes in was part of the demonstration. “And they proved the accomplishment by storing — and then successfully retrieving — information in the form of a 100-micrometer-long picture with three horizontal stripes on it.” The one-minute storage time is about six orders of magnitude longer than previous experiments, notes the American Physical Society. Moreover, the fact that the storage time can be manipulated based on the use of magnetism means that storage could be “spatially multiplexed, i.e., can store different quantum bits as different pixels,” they write.
Of course, nobody’s talking yet about when this might actually be usable for storage. “The efficiency of the storage (<1% in the present scheme) will have to be significantly increased for applications,” the American Physical Society admits. However, the researchers are planning to try different substances to increase the duration of information storage. Tens of seconds of light storage are needed for a device called a quantum repeater, which would stop and then re-emit photons used in secure communications, to preserve their quantum state over long distances, New Scientist says.
There are also implications for security, the BBC adds. “Quantum cryptography might provide very secure forms of electronic encryption, because the process of eavesdropping on an electronic message would introduce errors in the message, garbling it.” How Heisenberg of it.
July 24, 2013 10:16 PM
Posted by: Sharon Fisher
If you — or, more likely, your boss — are having conniptions about the alleged Seekrit Backdoors in HP storage hardware, you can relax. Sort of. On the other hand, you may have a bigger problem.
To recap — a blogger discovered an administrative account with an easily-guessed password in HP’s StoreOnce storage hardware. HP has reportedly done this before, in other hardware. In response, a number of publications have leapt to claim that “HP is putting back doors into its equipment!”
Part of the problem is the whole term “back door,” which implies something nefarious the vendor put in on purpose to be able to have access to the data on the system. And that’s not what this is. If HP is “guilty” of anything, it’s guilty of something a whole lot of vendors also do: That is, putting in a set of administrative logins, default passwords, or features — typically to allow the administrator, or the vendor, or the support organization, to recover the system from some sort of user screwup. It happens with all sorts of networking hardware, not just storage, and certainly not just HP.
It’s like the way I left a spare house key in the freezer in my garage. If I was stupid and locked myself out, it was a way to get in without having to call a locksmith or break a window.
Now, if burglars found out I did this, that would be bad, because they could all go fishing around in the freezer and find my spare key. Similarly, what makes this issue a problem in computers is when it becomes known that, psst, all of the boxes from Vendor Y ship with an account called “admin” and a default password of “password.” That makes it a security vulnerability, because, you know, this doesn’t always get changed the way it should and, you know, hackers share this sort of information with each other. Then we have a problem.
One of the standard things administrators are supposed to do when they get in a new piece of equipment is to look for these standard admin accounts, and either get rid of them, change the default password they ship with, or whatever. A lot of these details get documented, either in the manual or on the support forums.
Sadly, not every administrator reads the manual and does research on what vulnerabilities are baked in to a new piece of equipment. This is why, every few months, there’s a new warning about this kind of thing. This time, it just happened to be storage hardware, and from HP.
As recently as late June, the Computer Emergency Response Team (CERT) issued a warning about default passwords in new equipment. Chances are, before the year is out, there’ll be yet another incident based on the fact that administrators don’t always do the work they should before they connect the new hardware to the network. It’s just one of those Things.
And it’s been going on a long time. If you read any of the “Eek! HP Backdoor!” articles, check out the comments, where the graybeards are rolling their eyes and patiently pointing out all the other systems that have built-in admin accounts and default passwords.
Yes, it’s an issue, but not just for HP, and not just for storage hardware. So go check your equipment — all of it — read the manuals, and make sure all the default passwords are changed, and you can tell your boss you’ve taken care of all the scary “back doors.”
Incidentally, I have a new place to stash my spare house key.