Clever Cloud Computing

I’m still somewhat sceptical about many of the claims made for cloud computing as I’ve written before. However, I have recently come across some genuinely innovative and useful implementations of what could be called cloud technology. My favourite so far is Web Performance’s Load Tester 4. As the name suggests, this a product you can use to load test your web application. It’s been around for many years and is one of the easier load test packages to use.

One of the problems with all load testing software is that your testing infrastructure needs to be sufficiently powerful to simulate the load. If you are trying to simulate 1000 users from a single machine, it’s likely that system will itself become stressed and will fail to deliver an accurate simulation. The solution is to have multiple engines to share the load simulation which many packages already have. The next issue is bandwidth, as if you run your load engines in your office to test your production web application that is in a data centre, it is likely that your local internet connection will saturate and again the simulation is inaccurate. Hence you need to also locate your load engines in a data centre. Such a setup will work but there is a large cost and time overhead as you need dedicated hardware and data centre space.

Web Performance’s solution to this problem is to make available preconfigured load engines in Amazon’s EC2 cloud architecture. When you wish to carry out a test, you connect up to an EC2 load engine and run your load from the cloud. You can connect up to multiple engines if required, and although I’ve not tested it, you can select load engines at different locations, which could be useful for assessing user experience from different parts of the world. You pay for each engine by the hour.

I had a little trouble getting my first engine to work but this was probably due to me not reading the instructions properly.

Top 25 Most Dangerous Programming Errors 2010

The Common Weakness Enumeration project has published its 2010 list of the 25 most dangerous programming errors. The project is sponsored amongst others by the Mitre Corporation, the NSA and the Department of Homeland Security. The list is compiled by canvassing the opinion of industry experts.

The weaknesses are grouped into categories that consist of:

• Insecure Interaction Between Components
• Risky Resource Management
• Porous Defences

Although I would agree with the complete list, it was a surprise to see that none of the weaknesses are really new with some having existed since programming began. The site also includes a high level action plan of how to mitigate against the top 25 which seems to provide a good starting point for securing any application.

Microsoft Techdays 2010 - Day 2

A big surprise at Techdays 2010 was Microsoft promoting Terminal Server as part of their virtualisation strategy. The technology was most prominent towards the end of the 1990s with Citrix leading the way. The idea is to have a thin client on your PC to access applications that run on a powerful central server, more or less like a mainframe and a terminal. Although terminal server never went away, indeed is has been integrated into Windows Server since the 2000 edition, it was never quite as successful as expected. A variant of course is used as the principle remote administration method for Windows Server products.

Back in the 90s using Citrix or Terminal Server would normally have been for performance reasons allowing low specification clients to access resource hungry applications even over poor network links. It of course makes perfect sense to use this technology for security as you can run applications that pose a risk to the PC, (e.g. anything that requires IE6) in an isolated locked down session. The reverse is true as well. For example, you could run a sensitive application in a terminal session and reduce the risk of damage if the end PC is infected with malware.

After a couple of sessions on IIS 7, I do wonder if Microsoft have made a mistake here. On the surface, it looks great, but even a couple of the experienced Microsoft IIS7 support team seemed to have trouble getting it do what they wanted. Their frequent use of IISRESET after an unexpected error did not inspire confidence.

Microsoft Techdays 2010 - Day 1 AM

I attended Microsoft Techdays 2010 today and not surprisingly the keynote speech concentrated on Azure, Microsoft’s cloud offering. The most impressive part was how well the presenter coped with the “unknown application error” that repeatedly popped up as he tried to publish an application from Visual Studio to Azure. The low point was undoubtedly an exclusive view of a new Intel multi-core processor which was made moderately more exciting when they removed the heat sync so we could see the processor itself.

A personal favourite was the virtualisation demo that showed how it is possible to run Windows XP nodes with IE 6 in your data centre accessible for your user base via a browser. The advantage of such a setup is of course that you can upgrade your PC base to Windows 7 and IE8 without loosing access to all your legacy applications. Unquestionably impressive, but if Microsoft had tried a bit harder to stick to standards a few years ago, those old applications wouldn’t require virtualising in the first place.

I then attended a session on Internet Explorer 9, which although interesting was actually mainly about IE 8 as someone higher up the command chain had decided that IE9 was not yet ready for public viewing, at least not at Techdays 2010. Surprisingly, there was very little said about security other than the anti-phishing functionality. The main thrust of the session was an admission that when it came to the Java Script engine, IE was far behind its rivals and this is where a lot of the work on IE 9 is going. Most encouragingly, the presenter also admitted that Microsoft failure to stick to standards in the past had been a mistake and this wouldn’t be the approach in future.

Another IPad Review

Every man and his dog already seems to have commented on the IPad so I thought I might as well throw in my two pennies worth. I probably can’t compete with Charlie Brooker who managed to mention masturbation during a prison visit in his review or even Hitler’s rant about Apple’s latest offering, but what the hell.

Does the IPad indicate a shift back to client server technology? Obviously it wouldn’t be called that, but as the iPhone has shown, there is a drift to using individual applications to access a particular service, e.g the New York Times iPhone app, just as we have got using to the idea of doing everything through a web browser.

Will the biggest uptake of the IPad eventually be at the corporate level? This seems a strange idea at first but for many system administrators the idea of having a locked down network enabled device when software can only be installed via an app store where all applications are pre-approved is a dream come true. Apple would need to release an intermediate app store for corporations, but this isn’t particularly difficult.