Network Monitoring

I’m in the middle of a rather protracted evaluation of network infrastructure monitoring software. I’ve started looking at Paessler’s PRTG, also SolarWinds Orion product and in January I’ll be looking at Ipswitch’s products.

I also started looking at Nagios and Cacti. That’s where the fun-house mirrors start. The first big hurdle is no cost vs. cost. The commercial products mentioned before are rather pricey while Nagios and Cacti are GPL, and open sourced, principally available for no cost.

With PRTG, it was an engaging evaluation however I ran into one of the first catch-22’s with network monitoring software, that Symantec Endpoint Protection considers network scanning to be provocative, and so the uneducated SEP client blocks the poller because it believes it to be a network scanner. I ran into a bit of a headache with PRTG as the web client didn’t register changes as I expected. One of the things that I have come to understand about the cost-model network products is that each one of them appears to have a custom approach to licensing. Each company approaches it differently. PRTG is based on individual sensor, Orion is based on buckets, and I can’t readily recall Ipswitches design, but I think it was based on nodes.

Many of these products seem to throw darts at the wall when it comes to their products, sometimes hit and sometimes miss. PRTG was okay, it created a bumper crop of useless alarms, Solarwinds Orion has an exceptionally annoying network discovery routine, and I haven’t uncorked Ipswitch’s product yet.

I don’t know if I want to pay for this sort of product. Also, it seems that this is one of those arrangements that if I bite on a particular product, I’ll be on a per-year budget cost treadmill for as long as I use the product unless I try the no-cost options.

This project may launch a new blog series, or not, depending on how things turn out. Looking online didn’t pan out very much. There is somewhat of a religious holy war surrounding these products. Some people champion the GPL products; other people push the solution they went with when they first decided on a product. It’s funny but now that I care about the network, I’m coming to the party rather late. At least, I don’t have to worry about the hot slag of “alpha revision software” and much of the provider space seems quite mature.

I really would like anyone who works in the IT industry to please comment with your thoughts and feelings about this category if you have any recommendations or experiences. I’m keenly aware of what I call “show-stopper” issues.

Trials

A major Fortune 500 company has a world-renowned hiring trial for their new IT staff. There are all the usuals, the resumes, the interviews, but there is also a fully funded practical trial as part of the job application process. The job itself is cherry, practically autonomous, with real challenges and true financial backing so the winner can dig in and achieve serious results.

The trial is rather straightforward, given a property address, you must approach, perform an intake procedure to discover what is required and then plan and execute whatever is needed to solve the IT need.

The property has one person, a newly hired young woman who is sitting at a central desk on the ground floor. She has a folder, within it, a script that she reads to each candidate:

“Welcome to your trial, this building has everything required to run a branch of our company. Every computer, networking component, and server component is placed and wired properly. Your task is to configure all the equipment throughout the branch properly. You will find all the resources you need to complete this task within the building. You have one week to complete this task. Good Luck.”

The young woman then folds her hands together and waits.

Several candidates engage with the trial, hoping to get the cherry job and have learned about the young lady at the reception desk. They pass all the requirements, and they eagerly arrive to try their hand at the trial. They impatiently sit through her canned speech and quickly head off to the basement to start in the server room.

Candidates come and go, some pass and some fail. The trial is to get the branch fully operational and on the last day of the week the branch becomes staffed, and the candidate must ensure that all the preparations are in place and that everyone can work without a technological failure. The trial is winnable but very arduous.

The young lady sitting at the central desk on the ground floor has a secret. She has a shoebox locked in a drawer attached to her desk and around her neck is a key on a golden necklace. She has specific instructions, which if a candidate approaches her and engages pleasantly and shows sincere interest in her role in the branch without being the destination of a last-ditch effort, she is to pause the conversation, unlock the desk and produce the shoebox to the candidate. Within the shoebox is the answer to the trial, it is every specific requirement written in clear, actionable text with a memory stick containing every proper configuration and a full procedure list that will bring the branch to full operation without a single hiccup. Everything from networking configurations to the copier codes for the janitorial staff is covered and once executed virtually guarantees a win.

How many people would simply ignore the receptionist and get cracking on the trial and how many would take their time to get to know everyone and their roles in that particular branch? Either kind of candidate can win, either through a sheer act of will or simply being kind, careful, and honestly interested in the welfare of each of their coworkers. Nobody knows about the secret key, but sometimes the answer you need comes from a place you would never expect.

Peer to Peer File Transfer, Reep.io

I recently needed to move about ten gigabytes of data from me to a friend and we used a new website service called reep.io. It’s quite a neat solution. It relies on a technology that has exists in many modern browsers, like Chrome, Firefox, and Opera called WebRTC.

The usual way to move such a large set of data from one place to another would probably best be mailing a USB memory stick or waiting to get together and then just sneaker-net the files from one place to another. The issue with a lot of online services that enable people to transfer files like this is that many of them are limited. Most of the online offerings cap out at around two gigabytes and then ask you to register either for a paid or free account to transfer more data. Services like Dropbox exist, but you need the storage space to create that public link to hand to your friend so they can download the data, plus it occupies the limited space in your Dropbox. With reep.io, there is no middleman. There are no limits. It’s browser to browser and secured by TLS. Is that a good thing? It’s better than nothing. The reason I don’t like any of the other services, even the free-to-use-please-register sites is because there is always this middleman irritation in the way, it’s inconvenient. Always having to be careful not to blow the limit on the transfer, or if it’s a large transfer like ten gigabytes, chopping up the data into whatever bite-sized chunk the service arbitrarily demands is very annoying.

To use this site, it’s dead simple. Visit reep.io, and then either click and drag the file you want to share or click on the File Add icon area to bring up a file open dialog box and find the file you want to share. Once set, the site generates a link that you can then send to anyone you wish to engage with a peer-to-peer file exchange. As long as you leave your browser running, the exchange will always work with that particular link. You don’t need any extra applications, and it works across platforms, so a Windows peer can send a file to a Mac client, for example. That there is no size limit is a huge value right there.

If you have a folder you want to share, you can ZIP it up and share that file. It’s easy to use, and because there are no middlemen, there aren’t any accounts to create, and thanks to TLS, nobody peeping over your shoulder.

Weak Certificates

I’ve got an odd little problem at work. I’ve got a Ricoh copier in the Traverse City office that I apparently now can no longer manage remotely due to an error in SSL. The error that Firefox throws is ssl_error_weak_server_cert_key and in Google Chrome it’s ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY. In both situations I understand what the issue is, that the SSL layer is weak because the Diffie-Hellman key is not big enough.

I’ve run into this issue before, mostly with self-signed certs and the browsers have usually allowed me to click on an exception and get on with my day. Except for Firefox and Chrome now, that is no longer the case. The browsers just refuse to display the webpage. I understand the logic behind it, everyone wants a more secure web, but sometimes what we are really after isn’t privacy or security, but rather just getting our work done.

I still need to connect to this copier and manage it, and frankly my dear, I don’t really care that much that the transactions be secure. In a way, this security is irrelevant. The traffic on our WAN is flowing over a Meraki VPN site-to-site link, so it’s already secure. This is security on top of security, and it’s in the way.

So I thought about using the awful Internet Explorer for this and I chafe at even considering using one more wretched bit of Microsoft technology – there has to be a better solution. So when you run into little bits like this the best way forward is to pursue my favorite solution, heterogenous computing! There’s more than one way to get what you are after. So if Firefox and Chrome won’t work, and Internet Explorer is unthinkable, how about Opera?

So I downloaded Opera and installed it. Then browsed to my copier in Traverse City. Opera told me about the error, but it also provided me with an exception button and then once I clicked that, the error was bypassed and my copiers remote management screen appeared.

So now I’ll add Opera to all the other browsers I have on my computers. The answer is competition. I wonder sometimes if there isn’t a special browser out there for IT type people like me. They’ll render anything, ignore any “privacy or security” type errors, all so people like me can get our jobs done. For now, Opera seems to lead the pack, at least for this. Thank you Opera!

Better Credit Card Security

While talking with a friend, who is enduring some unpleasantness the conversation turned to issues with using credit cards to buy things, like food for example. That got me thinking, how would I design a really strong way to prevent data breaches?

Encrypt everything!

Well, perhaps not that, but hash everything. Here’s what I talked myself into, of course none of this is rational because nobody will effect a planetwide shift in payment processing based on what this yokel has to say, but still, here goes.

Issuing Bank sets up credit account, there are four key fields that are important for the classic transaction, name, number, expiration date, and CVV2. I think one could also establish a timebased one-time-password secret as well, it would operate like Google Authenticator functions. So you’d need a secret that the bank generated for their systems and the physical card too. You’d need a smart chip on the card so it could forward the TOTP code to the credit terminal at the point of sale.

The bank sets up a TOTP secret, so it’s named JQP Credit Card (or account number or whatever) and the secret is: 6B57078FB88A4DD73E447D2647DCEC7D04C3D887951BA6A2D8DBA294E0B60579. This number is forwarded to the credit card terminal. Right now it’s 726995, but in thirty seconds it’ll be something else. Since the credit card terminal and the bank share sync’ed time via time.nist.gov, there is no risk that there would be some sort of mismatch between the two.

The customer goes to the credit card terminal and swipes, a value is entered and a timestamp is recorded, all of this is already parts of a credit transaction. The terminal can read the name, expiration, CVV2, whatever from the magnetic stripe and the smart chip forwards the TOTP code, then the terminal assembles this into a EDI transaction:

JOHN/Q/PUBLIC#1111222233334444#1015#170#726995 and applies SHA256 to it, to create:

621d3dd5a66277a7ab3737f306728e3c4bc5f3cd20c8730c37cc61c6575de0ba

This is stored in a database and then forwarded to the bank with the timestamp, so it’ll look like this:

987654321#621d3dd5a66277a7ab3737f306728e3c4bc5f3cd20c8730c37cc61c6575de0ba#15.09#1426615839

So the bank will be presented with a Customer ID, SHA-256, they’ll have the total dollar amount, and they’ll have Epoch time, or the number of seconds from 00:00:00 UTC, January 1, 1970. This could be easily done by a Linux kernel by the output of date -j -f “%a %b %d %T %Z %Y” “date” “+%s”

The bank would then have everything they need, they’d have the secret key, which with the Epoch time from the transaction would give them the TOTP calculation, which would generate the answer 726995. Then they’d have the card details from the customer ID, the SHA-256, and the amount. They could then calculate the hash on their own:

621d3dd5a66277a7ab3737f306728e3c4bc5f3cd20c8730c37cc61c6575de0ba

And authorize the transaction.

Even if the card details were stolen by someone copying the numbers off the card, they wouldn’t get the TOTP secret. Plus the TOTP secret is changing every 30 seconds. If someone tried to run this transaction and guessed at the TOTP code, they’d generate this:
987654321#a1b714fba988632200c78a5b9021bca5b48f149b036aa901c03173f0f2de5399#15.09#14266158 and the bank would instantly detect this incorrect SHA hash and cancel the card and ship a new one.

This is rather involved but the practical upshot is, if a vendor kept these transactions in a database and someone stole the database to use for their own nefarious needs, the presence of the TOTP and SHA-256 would make the data in the database worthless because the TOTP has no predictable pattern if you don’t know the secret, and SHA-256 is very sensitive to even the smallest change in the input data that it’s hashing. This would free vendors, banks, and customers from risking PII leakage or identity theft.

I’ve also thought that this would be a great way to secure SSN’s as well for use with the government, they know your SSN and you know your SSN, so when communicating over a possibly compromised channel you can authenticate not with your SSN, but with the hash of your SSN.

John Q. Public, 123-45-6789 -> 01a54629efb952287e554eb23ef69c52097a75aecc0e3a93ca0855ab6d7a31a0

Geek Excursions: BitMessage

Along with my curiosity surrounding Bitcoin, there is a similar technology that has been released for public use called BitMessage. This system is a really neat way to securely communicate in a secure method that involves absolutely no trust whatsoever. It’s a completely decentralized email infrastructure and has captured a lot of my spare attention. BitMessage works a lot like how Bitcoin does, you can create email addresses on the fly, they are a long sequence of random characters that your system can display because you have both a public key and a private key. In a lot of ways BitMessage deals with the biggest problem surrounding PGP/GPG, which is key management. Nobody really wants to manage keys or use the system because it’s extra work. Plus even with PGP/GPG, your identity is written on your keys for everyone to see.

Getting started with BitMessage is a snap. First you need to download the BitMessage client, and you can get that at bitmessage.org. There’s a Windows and Mac client available, you can start it and be instantly attached to the BitMessage network, ready to create new “BitMessage Addresses” and throw them away just as easily. So, for example, you could reach me by sending me a BitMessage to this address: BM-2cWAk99gBxdAQAKYQGC5Gbskon21GdT29X. When you send a message using BitMessage, its to this address and from an address that your client makes, so the conversation occurs securely and since every node has a copy of the data it’s impossible to tell who is getting what information. I think an even more secure method would be to cross BitMessage with a PGP/GPG key. The only problem with a key like that is that classically PGP/GPG keys require that you include your email address as a subkey so that you can be identified by a human-readable email address when looking for your public key or when someone else is looking for it, to verify a signature for example. The PGP/GPG system doesn’t require an email address, you can of course create a public and private keypair using PGP/GPG and make the email address up from whole cloth, and instead just let people know the key ID that you want them to use. So technically if Alice wanted to secretly communicate with me, we could give each other our public keys to start and then use BitMessage as the messaging mule. I don’t see how any eavesdropper could make sense out of any of that data flow. It’s unclear what the contents are, the PGP/GPG encryption keeps the contents of the message secure, and BitMessage itself seriously obfuscates if not outright eliminates being able to tell where the messages are ultimately going to or coming from.

I have to admit that BitMessage is very user friendly and very handy to have. My only issue with it is that I don’t know anyone who uses it, but perhaps this blog post will change that. If you are interested in this bleeding-edge crypto/privacy software, I encourage you to chat me up on BitMessage for serious matters or for fun.

Apple Watch

On September 9th, 2014 Apple unveiled their iPhone 6, iPhone 6 Plus, Apple Pay and Apple Watch to the world. It was a really poorly kept secret that Apple was working on a wristwatch, so nobody was really surprised when Apple came out with their new designs. All we didn’t know what to what extent Apple was going to go with the technology.

They released more details on Apple Watch. The more I learned about the device the less I found myself thinking it was a good idea. There are so many places where this new watch is a problem.

Humans Have Limited Attention

We haven’t learned how to properly cope with the iPhone and now Apple is going to release an even more disruptive and attention-stealing device on the population. I’ve heard stories of crackdowns in Chicago where the police were pulling over people who were using their mobile devices while they should be driving their motor vehicles, and then learn that on the heels of the crackdown that the police recorded nearly everyone was breaking the law. Pulling over those people would have effectively shut down the entire highway! We just do not have the proper respect for all the technology in our lives, we cannot cope with these bright shiny attention-stealing devices while we are in command of an even larger device that requires our undivided attention at all times. So now Apple is going to put something even brighter and shinier on our wrists and we’re going to have what little attention that is left between our vehicles and our mobile devices divided again by this cleverness strapped to our wrists.

The tight integration between iPhones and Apple Watch will make our addictions to these devices even more challenging to master as well. Many people I know have a very hard time disconnecting from their devices anyways, now that there is an intimate extension of that device that we wear? I can only see this getting worse for those people who want others attention when we are all physically together. I’ve heard anecdotal stories where entire families sit in one room but nobody talks to anyone else because they are all besotted with their technology. What will this mean when the technology is always with us and on our wrists?

Haptics

The Apple Watch, a wearable device includes technology that includes haptics, or the sense of motion or vibration, both in the user interface with the light tap versus the deep press and the vibrating device buried deep into the watch itself. This will only worsen our abilities to control our attention and in itself is a place where we are going to have trouble. The watch can be paired to another watch and send heartbeats across the network, it’s Apple’s romantic notion of intimate communication. I can foresee a paired watch between a married couple and the husband feels his wifes pulse quicken, he worries that she’s having a stroke or a heart attack and rushes home to find a strange car in his driveway and a strange man in his bed. Cheating spouses is just the tip of the iceberg, this watch could be used to cheat in so many other places – cheat at the Casino with a complicated card-counting or odds-calculating routine piped into the players Apple Watch, or exam cheating by looking at the watch and seeing the letters for the answers appear as drawings on the Apple Watches screen.

How will these situations play out? For cheating spouses, there are the courts, so that’s rather a dull thing, but for the others I could see a new no-watch policy being extended to driving vehicles, entry into a casino, and standardized testing events like the SAT.

Nothing for the Sinister

The one thing that I noticed after discussing the Apple Watch with someone I know who is left-handed, that the device completely abandons functionality for the left-handed amongst us. It’s a hard choice Apple has made. Either you build a right-handed watch and a left-handed watch, or include handedness configurability in your design. It’s obvious after looking at the demo pieces that Apple has nothing set aside for the left-handed of us and have left a significant part of the population out in the cold. They could still use the device, but it will be much more awkward for them to actually use the device. I can see the detraction of non-handedness to be a compelling reason to not go ahead and purchase an Apple Watch.

Another Power Hungry Device

The Apple Watch is power hungry. It needs to charge nightly in order to continue to function. I find myself looking at the function of my wristwatch, a Seiko 5 Analog Automatic and immediately find what I have on the end of my arm, this watch, to be much more useful and compelling than this Apple Watch. My Seiko, if I care for it properly will never need winding as the mechanical automatic winder will never wear down or degrade or stop working. My motions feed the watch, and as long as I wear it every day, just living my life means that my watch will continue to count out seconds and sweep out the minutes and hours. My Seiko cannot do all the things that the Apple Watch can, but it can do the one thing a wristwatch should do very well and that is keep track of time. So far my Seiko has retained proper time for the few months I’ve had it. There is no technology in there that is synchronizing it to atomic time, and there is no need for that precision in my life. A watch that is bound to the power grid seems to be a risk to me, and since the most recent power outage, which for me was last night, the idea that my fancy Apple Watch could run down and just be a chunk of expensive metal and glass really concerns me.

Welcome to the Apple Silo, Penthouse Level

The Apple Watch creates an entire new floor to the Apple lifestyle silo. People are usually drawn in with a consumer device, like an iPod Nano or an iPhone, and then they are buying Macs and now the Apple Watch. I have to admit that Apple has a very good compelling company story, and they are leveraging this story magnificently well. They know that one Apple device usually turns into another, and before you know it you are knee-deep in the Apple Digital Lifestyle. The watch requires the iPhone to function, this is a very bold and possibly hazardous step for Apple to take. All the rest of their devices are independent devices, but this one, this Watch, is utterly dependent on an iPhone to function. I think this is the first fundamental break with the legacy of Steve Jobs and represents a really dangerous case for Apple. They are betting sales on pre-existing devices. That is either very ballsy or really stupid. This will only reinforce the cultural divide between people who flaunt this luxury versus people who do not. If you have an Apple Watch, then you necessarily have an iPhone. I can see this becoming a new and really upsetting hazard in big cities. Before it was a mystery what was plugged into a pair of headphones, it could have been anything from a cheap transistor radio, to a cassette Walkman to an iPod or iPhone. Now it’s really something quite different. If you see someone with an Apple Watch, you know that their iPhone isn’t far away. You are advertising that you have an iPhone to everyone who notices your watch. In small communities where theft and robbery isn’t a problem this won’t even show up on the map, but I foresee in bigger cities like Chicago and New York, that this will take on a new life all its own. A new spate of “Apple Watch” theft events. People getting mugged because of what they have on their wrists marks them out as being ripe for the plucking.

Price

The Apple Watch comes in three editions. There is the plain edition, the sports edition, and the luxury edition. The different editions put an embarrassing irony to the features that the phones are sold around, the replaceable wristbands most specifically. Why couldn’t it have just been one watch with different bands for different editions? Make the initial purchase for the core device and then let people swap out wristbands for the luxury components of the deal, if you want a canvas strap, a rubber one or a gold one, let those be options. Instead of that, there are three distinct Apple Watch varieties.

Then there is the price. $349 for the Apple Watch! In our society, what middle-class person would dangle such an expensive bit of technology on their wrists? Again I’m drawn back to my Seiko 5. The comparison of prices for what I need in a watch is all the reason enough to turn my back on the Apple Watch. My Seiko 5 cost me $70, that’s five times cheaper than the Apple Watch for a device that will never run out of power for as long as I don’t run out of power! It blew my mind, when I saw the price tag on the Apple Watch. I figured this could have been a jubilee celebration from Apple, they have billions of dollars buried in their company treasury, they could have made the Apple Watch a loss-leader for their iPhones, priced it at $70 and it would fly out the doors. Apple would lose money on each unit, but they’d make it up on the back side with all the cultural silo’ing that comes with using a device like an Apple Watch which necessitates an iPhone to go along with it.

Apple is betting that their Apple Watch will play as much as their iPads and iPhones did, selling millions of units. It may sell, and it very well may sell well, but I don’t think that $349 is worth this sort of technology. If it could do more, or if it was independent of the iPhone that might have helped, but it’s expensive, hazardous, and risky. I can’t see it really shining in sales numbers like the other devices did. Apple should have set it’s very lofty estimates for sales of the Apple Watch much lower. It’ll likely have the same sales numbers as the iPod Touch or iPod Nano.

I won’t be buying the Apple Watch. I have everything that I need already. The iPhone I have is enough, and my Seiko 5 does a magnificent job and you can’t beat the features or the price. I can’t imagine anyone I know actually going ahead and buying this thing, but we will see how that all pans out next year when it’s available for sale. This is going to be a hurdle that Apple doesn’t jump over gracefully.

Alternatives to Clouds

I’ve been toying around with a wonderful free utility from BitTorrent Labs called BTSync. You can find it here: http://www.bittorrent.com/sync.

What really drew my attention was the lack of centralized service that stands at the core of BitTorrent technology. It’s distributed, without any company or cloud provider dwelling in the background. All the hardware is owned by you, the “secret” code you use to share that identifies your sync experience also forms the encryption key so that the data that is flowing across the network is secure from prying eyes. Because you own all the hardware and encryption covers the data exchange, you can store whatever you like in your BTSync’ed folder and not have to worry about anyone else peeping over your shoulder or removing material from your storage without your knowledge or permission.

This free system has clients for workstations and mobile devices, so it really can be a drop-in replacement for services like Box, Dropbox, Google Drive, and SkyDrive. You can share the secret with anyone you like and anything you place on the folder set up with BTSync will synchronize across all the connected devices. You can also send “Read Only” secrets to sync your folders to people who you want to have your files but don’t want them deleting or changing your files and since this uses BitTorrent technology you won’t have to pay hosting fees and the more people share the data, the faster the system sends updates and changes and new data to all the subscribers.

I’ve created a Work folder, a Sync folder and have them set up on my work machine, my work laptop, my Mac Mini at home, and my iPhone and iPad. Since I own all the hardware, the maximum storage that I can store on this system is only limited by the smallest storage unit amongst all the shared machines. The folder lives on a 1TB USB HD at home, at work I have hundreds of GB’s available and the same as on the laptop. The storage in Mobile isn’t the same as a full workstation as the BTSync app doesn’t actually download data to store on the mobile devices directly but rather downloads a file list making it possible for you to pick and choose what you need on mobile when you need it. If you need security in the storage components you could leverage Encrypted Disk Images in Mac systems and TrueCrypt Encrypted Volumes on Windows machines. For Linux clients, you could likely use loop filesystems set with EncFS or something like that.

The applications for BTSync are amazing. Freed from middlemen companies I can store anything I like without having to worry about some company evaluating what I’m storing or even being able to respond to warrants to reveal what I’m storing on the service. Something like this could be a great benefit to companies that need to share files without having to worry about “buying into the Cloud” since everything is free. You can run a BTSync on a server, host a folder and share the secret out to all your employees and have a very handy share drive and even if your central server fails, copies of your data are stored on all the connected workstations so to recover the data all you would need to do is download the small BTSync client again, re-establish the shared secret code, identify a folder and watch as all your connected clients swarm and return all your data back to the “central depot” server.

Another wonderful option is to host a family shared folder, where you can store anything you like, securely and backed up amongst all the connected workstations. Alternatively, if you were an aspiring artist you could place a folder with all your work and establish a read-only secret and publish it on your social networks. Not only would all your fans be able to have your work, but you’d also be able to cleverly transform them into a swarm of willing backup sources for your work. If an artist has their secret code and a copy of BTSync client and they lose their primary system and all their data, they can just get a new system, re-establish the client and secret and smile as all their work comes back home as it was stored on all your fans computers. That’s amazing to me!

Getting started using this utility is a snap. Download the client and install it on your system. Then on whatever storage medium you like create a new folder. In the BTSync application itself you can create a new shared folder with a single click, there is a “Generate” button which creates the shared secret for you, you can then determine if you want it to be full-sync or read-only sync and then point the app to the folder you want to share, then minimize the app and you’re all set. Send the shared secret code to anyone you want to share with and your data will immediately be sent to their systems according to your preferences.

BTSync is the best of all worlds. You have a secure cloud infrastructure without anyone in your way, judging you or risking any intrusions from companies or governments.

Microsoft in the Cloud

A good question comes to mind, will companies like Microsoft, unhappy with individual flashes of purchasing, like 10,000 units of Windows XP, would rather migrate their users into a cloud infrastructure that replaced these discrete purchases into a steady stream of what amounts to being rental income? It’s starting with Azure and the new CEO has said cloud is the future. This may be where they are heading.

Microsoft might try to corner their own hardware market eventually, shepherding their customers into a cloud model, where you pay for a Windows 9 experience, connecting to Microsoft’s own hardware over the Internet. It would eliminate a huge sector of headaches for Microsoft, as they have never been truly able to strictly control the hardware their operating system runs on, unlike Apple. With a VM of Windows 9 that is remote controllable, Microsoft could provide a channel for their customers to use their suite of applications, achieving a silo lock-in. Instead of selling a license to use Windows 9, Microsoft could simply sell a $50 per month lease to computing resources within Microsoft. The sales pitch and marketing could be incredibly lucrative for Microsoft. Having a virtual OS canned with every application Microsoft makes available for a certain low per-month price, and altering that price based on the performance specifications of the VM ordered, so that clerical staff who need a basic interface can come in at $20 per month and developers who need more can come in at $200 per month.

That would eliminate many hurdles for IT administrators, the client machines could be thin clients, cookie cutter boxes with very little technology in them beyond the human interface components and the network connection. Storage, the VM instances, security, antivirus, the entire ball of wax could be handled by Microsoft itself, playing host to their customers and transforming their entire model from that of a classic production model to a new cloud-based leasing model. It would likely lower their profits for a short time, but the curve would not be so choppy, it would be smooth as leasing models, while working, are steady streams of money.

The risk to this possibility comes from the shift of importance from the local hardware to remote hardware. The weak link is the network itself. Virtual machine technology plays a part in this shift of risk, when you start putting more than one egg in a basket, you really have to concentrate on making sure your basket never fails. In this case, if the network link goes down, the entire affair disappears as if it wasn’t even there. This risk could be mitigated by establishing redundant network connections or having some sort of stop-gap measure devised where a host machine is shipped and installed to perform as a surrogate until the primary system returns to function. I don’t see this being a huge risk, as the Internet was designed to be very resilient to link failures as it is. It would come down to the last-mile service provider and the electrical grid maintaining service.

It’s something that is interesting to think about. Microsoft could do this, and it could revolutionize their business model and perhaps give them an edge in the enterprise level market. Only time will tell.