Recently, Cameron Sturdevant and I waded into the world of application whitelisting--a set of products and technologies aimed at ensuring the integrity of Windows clients by enforcing control over which applications are allowed to run.
I think that whitelisting, when combined with diligent paring of user and application privileges, can go a long way toward granting workers leave to worry less about whether they are "security idiots" (to borrow a bit of Jim Rapoza's phraseology) and focus more on getting their jobs done.
However, where Web-based applications are concerned, the client security road map is much less clear, and, as Jim points out in his column this week on clickjacking, there's no shortage of new Web-based routes through which code-wielding ne'er-do-wells can exploit our machines ...
Recently, eWEEK Labs has been putting a handful of high-profilesmartphones through their paces, which has led us to consider what elements would comprise the ideal business smartphone.
While it's easy to get caught up in the physical characteristics of a device, there's more to an effective device than the slimness of its chassis or the thumb-friendliness of its miniature keyboard.
As with any computing device, a smartphone is only as good as its software, and the most suitable smartphones shine not only for their out-of-the-box bits, but for their amenability to expansion through third party applications.
Back in January, I wrote a column, "I want more from Firefox," in which I described how my growing affection for Web applications was coming into conflict with my growing impatience with the immaturity of Web browsers as application hosts.
Isolation between the Web pages or apps running atop my browser is what I sought from Firefox, for the purposes both of security and of reliability. Shortly after I wrote this column, I managed to achieve a measure of the isolation I sought by taking to running Gmail under Prism, a Mozilla Labs project for running individual Web apps in their own processes.
During my recent interview with Red Hat CEO Jim Whitehurst, I was struck by his assertion that if you don't need--and aren't getting--bulletproof uptime from your desktop operating system, then it doesn't make sense to be paying for it.
He has a good point.
The fundamental job of an operating system is running applications and managing hardware. There are both free and for-a-fee operating system options, which, given requisite hardware and application maker support, perform their core go-between task similarly well. If this is the case, and you're paying for a particular client desktop, are you getting your money's worth?
VMware released an alert Aug. 12 to warn customers and partners about problems with an update to the 3.5 version of VMware ESX and ESXi virtualization products. The update is causing disruptions and virtual machines are failing to power on. VMware has posted a temporary fix and is working to fix the update.
Three things about this on-premises outage jump to mind:
1. I just missed it. I downloaded this update last Friday, but I hadn't installed it yet on the ESX Server I use for testing in our lab. I've been holding off on upgrading the ESX box from Version 3.0 of the product because the updated version of the Virtual Infrastructure client that the 3.5 release requires regressed on 64-bit Windows compatibility. That regression had since been fixed.
I'm generally a fan of prompt and even automatic updates--after all, when things go wrong with updates, we can always rely on virtualization to snapshot us back into action. Unless, of course, it's your virtualization platform that gets broken. You win this time, partisans of update conservatism.
2. Whether you believe they're necessary or not, mechanisms designed to lock you out of the software running on your hardware are a major pain in the ass.
These things exist solely to enforce the business models of the companies that implement them, and while that's not necessarily a bad thing, vendors better make double sure that the features they employ to enforce their licenses remain as transparent as possible to users.
General absence of arbitrary lockout mechanisms: another reason to love open-source software.
3. Catastrophic service outages are not the province of the cloud alone. Looking out at the headlines that Google's been grabbing for its recent Gmail outages, you'd think that no one's self-hosted e-mail or other key services ever went down, or that makers of on-premises software never push down far-reaching failures to their customers.
Unless you're hosting your own services, writing your own platforms, designing your own hardware, running your own network cables and generating your own electricity, you're subject to the potential mistakes of your trusted providers. We must remind ourselves to plan accordingly.
Symbian is the popular mobile operating system developed by Nokia and others, the exclusive rights to which Nokia recently purchased from its partners before pledging to release the OS under an open-source license.
Android is the still-unreleased open-source Linux+Java mobile operating system that Google has been assembling to form the guts of the magical, years-salivated-over GPhone.
Hang on, did you notice that both of the sentences above include the phrases "open source" and "mobile operating system"? Oh man, these guys would be CRAZY not to merge, right?
Wrong. Here's why:
1. There's nothing to gain. The overlap between Android and Symbian must be close to 100 percent. How do you merge two completely distinct operating systems? The Android+Symbian chatter is akin to arguing that Windows and OS X could plausibly be merged. The work required in ripping out parts of each system to make way for overlapping bits from the other system would take forever, and what would be the point?
2. Symbian is NOT an open-source operating system--at least not yet. Open sourcing an operating system takes a long time. Sun announced plans to open source Solaris in 2004. It took a year for Sun to release some of its code under the OpenSolaris banner, and it wasn't until this year that Sun released the first truly ready-to-use incarnation of OpenSolaris. And even the 2008 incarnation of OpenSolaris isn't billed as production-ready.
Android is already late. There's no way that Google is going to hold up Android for four months, let alone four years, to wait for Nokia to dot and cross its IP i's and t's, and do so for nothing.
Now, just because there's a million to one chance that Symbian and Android might merge doesn't mean that Nokia and Google can't collaborate on the mobile OS front. Both Symbian and Android could greatly benefit from a measure of application platform standardization--different systems that run the same apps, perhaps with Java as a common language between the two systems.
Am I wrong? Does a Symbian/Android merger have a Lloyd Christmas' chance in Aspen of occurring?
Looking out at yesterday's Amazon S3 outage through his Microsoft Watch-colored glasses, my colleague Joe Wilcox views the hosted storage slip-up as a selling point Microsoft's Software Plus Services twist on cloud computing.
The software plus services pitch goes something like this: Rather than jump into cloud-based services with both feet, organizations and individuals should pursue a blended strategy, based on traditional on-premises software, complemented by hosted services where appropriate.
The software plus services strategy makes a lot of sense, and organizations investigating whether to shift vital systems from an on-premises to a hosted model shouldn't allow themselves to get so caught up in cloud excitement that they overlook the relative immaturity of hosted services.
With all that said, however, it's important to keep in mind that the tagline "Software Plus Services" doesn't tell the whole story. Sitting behind that familiar and friendly word, "software," are a chain of significantly more sticky concerns. A more accurately descriptive slogan might be, "Software plus Hardware plus Power plus Bandwidth plus Real Estate plus Management plus Services."
When you take into account everything that's required for a business to host its own software--particularly for a startup out to break into a market, or an established player looking to avoid being bumped out of its place--putting up with a certain amount of downtime can be viewed as a cost of staying in business.
Back in March, when Apple unveiled the details of its eventual iPhone 2.0 upgrade, I opined that the firm was on its way to seizing a slice of an enterprise smart-phone market in which the BlackBerry and the Treo currently reign. Now that I've tested the 2.0 firmware myself, I do still believe that the iPhone will become a popular enterprise device.
However, as with all Apple products, embracing the iPhone means relinquishing to The Steve some of the control and flexibility that organizations are accustomed to expect. Treos and BlackBerry devices come with carrier and device options that mirror the diversity of the PC market, standing in contrast to the locked-down, single-source rigidity that marks the Mac side of the market.
What makes iPhone 2.0 different than the Mac, however, is that while Macs offer up more or less the same functionality as do PCs, only wrapped in a sort of leather bucket seats veneer, the new iPhone balances its locked-down aspects with something unique and worthwhile: the App Store--a software management framework that's absent not just from Treo and BlackBerry devices, but from Macs and Windows PCs as well...
Last week in this space, I criticized Microsoft for continuing to burn cycles on superficial add-ons, such as multi-touch support in Windows Seven, while more significant pain points for Windows customers remain under-addressed.
As I see it, Microsoft is busying itself tacking up fanciful moldings around its flagship product while the Windows through which millions of paying customers access their hardware devices and software applications remain smudged and, in some places, cracked.
The best example of this misplaced focus relates to the undisputed No. 1 reason why organizations and individuals continue to choose Windows above all other platforms: access to Windows' massive software catalog...
When considering alternatives to Microsoft's Office productivity suite, one of the most important issues to evaluate is that of the success with which Office rivals such as OpenOffice.org can handle Microsoft's ubiquitous binary file formats.
While the phrase "small formatting inconsistencies" sums up the situation fairly accurately, organizations and individuals out to bring the open-source suite into their application mix could use a more rigorous means of measuring OpenOffice.org's handling of MS Office formats.
That's why, when Adobe briefed me on Acrobat 9, I was particularly interested in Acrobat's new "compare documents" feature, which analyzes two PDF documents and parses out all of the inconsistencies between them...
