Episode: 777
Title: HPR0777: What is Cloud?
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0777/hpr0777.mp3
Transcribed: 2025-10-08 02:21:07

---

You
Hello everybody and thank you for joining us for another episode of Hacker Public Radio.
I am Stank Dog and I am joined this week by Josh Nath and Bullets, two experts in the
field of cloud computing.
A little bit over so you guys too much calling your experts but definitely know a lot more
than me so I am glad to have you on the show to ask you a bunch of questions.
You guys ready to be grilled?
So, cloud computing is certainly a huge buzzword these days.
You see it here about it, read about it everywhere but I have found that there is a whole lot
of confusion, there is a lot of misconceptions, a lot of false allegations and worries and
concerns out there in my opinion in any way.
So I have been doing a lot of research on it and actually we will talk about this later
on the show but we have actually made a switch to the cloud but before we go there let
us kind of back up and let us talk about what is the cloud.
I know I always start when I do these shows, whenever I talk about some presentations let
us start, you know, let us begin at the beginning.
Let us get everybody on the same page.
What is the cloud?
I have seen the commercials so the rooms this cloud is an Amazon, Apple, Microsoft I think
as a cloud, Google I mean they all work together to make this one giant cloud that we all
share and that works.
No, everybody has a different cloud and realistically the definition of a cloud depending on who
you speak to is considerably different.
I know some groups will go off and say that if it is virtualized it is a cloud.
I even know a guy who says all web hosting is a cloud.
It really depends on who you are talking to.
A lot of people accuse Microsoft of thrashing the word cloud all over the place including
calling remote desktop a cloud service and we are all like wait a second guys that is remote
desktop but really depending on who you are talking to you are going to get different
answer and in most cases it is a form of something else that somebody already said what we
believe cloud is a set of technology not just one technology that allows you to have greater
control over resources giving you the ability to split a single server into multiple VMs
or containers depending on the hypervisor that you are using and allow thin provisioning
for services and data.
Well, we are definitely going to come back and talk about hyperbigers and some of those
terms you just threw out but let us back up a little bit and say share resources is not
it.
That is nothing new.
We have been able to throw up a Linux box or a Units box or anything and have multiple
accounts.
They are all sharing a hard drive.
You just give this person a quota, that person a quota, what is different than that versus
the cloud which is another form of shared resources.
The ability to expand that shared resource so if you are on a shared server on a Linux
server and you have 500 gigs of storage space you are only allowed that 500 gigs until
you have to add another hard drive.
In a basis of a cloud you can add additional storage by attaching more virtual storage.
You are not having to wait for the increase of physical storage on that system.
You are able to add it on without having to bring down the system.
Also security is a big shift in the cloud.
One account on your Linux box would be compromised to the point where a root level exploit could
be executed.
Your entire server and everybody on that server would be compromised.
In a cloud platform you can isolate users to the point where if one account, one user,
one virtual machine, one container gets exploited you would only have to deal with that virtual
machine because all the other ones are completely isolated from one another.
It is not just storage or hard drive space.
It could be any hardware resource, more memory, more storage arrays.
Like you said, it could be any of those things can be expanded without taking the system
down.
Basically, it has that ability to be updated dynamically, correct?
Correct.
CPU, memory, storage, you can even go off and restrict the number or amount of CPU that an
account can use.
Say you got somebody that you know, if given the ability, they would go off and run your
clock cycles right through the roof.
You can go off and say you know what, we're only going to give them half the cores on this
physical system and we're going to throttle them so that if somebody else is running another
batch project, this takes a back seat.
You have a lot more control over what a single user or single account can take on a system
without having to worry about it completely crashing the entire node.
Which sounds like that would be a huge benefit when one particular site domain VM, whatever
you want to say, is being attacked by DDoS or anything else.
You can limit and contain the damage done and won't take down the rest of the cloud.
Right.
And one of the other bit I did on this, I used cloud-based virtual machines to mitigate
a DOS attack.
So we're not talking about these things being weak.
They're pretty beefy so for people who are like, well, I don't want to get something
that's going to break or not be able to handle what I do.
Just to give you kind of a standpoint on that, I got five virtual machines from different
providers all around the world and used them to filter a DOS attack.
That was seven gigs per second, I think.
Yeah, it was a beastly attack, but using a mixture of Round Rob and DNS and some programs
that I've written, I was able to filter that traffic and only clean traffic would pass
through those virtual machines.
So customers on the other side were up and running and those virtual machines handled
like a dream.
Now, did you talk about this in another episode of HDR?
I did.
It's actually the first one I did was the DOS, what it is and how to protect yourself from
it.
So if you are listening to this one for the first time and want to hear a little bit
more detail about that, you can go back and find that in the archives, hackerbolebradio.org.
Always, you need to go back and look these things up because we cover so many topics on
the show that it's just, I love going back and listening to stuff or re-listening to
stuff over and over again.
So that's great that we have the ability to do that, especially now that we have a
lot more storage thanks to the cloud, but we'll come back to that later too.
Now, I got to tell you, I can't help but think back, you know, I'm kind of an old dog
these days and I do remember many years ago that initial, I guess, talks, ideas of this
starting to come up.
I know one of the first attempts that, I don't know if you'd call it cloud, but there
was something they tried to start, they tried to create a trend called network computers,
which was just a thin client, is what they would call it, it was just having a computer
on the front end that just had the basic hardware, it didn't even have storage or very
minimal storage in it, and it kind of, I guess, outsourced, for lack of a word, all the
operating system, all the applications, all the, all the work that needed to be done
over to a server to do all the work.
This kind of reminds me, or it looks like it might have been the beginnings of, not maybe
not exactly cloud computing, but the software as a service aspect of cloud computing.
The name cloud, and maybe correct me if I'm wrong, but I'm pretty sure that goes back
to the old days when you would do a network diagram, when you're in a company or a university
of a big network with lots of switches and all that, you do a nice big network diagram,
they would always show the individual components, but then they would eventually show it, leading
off into a cloud icon, just a little way to illustrate that this connects out to some
ethereal network somewhere, or the interwebs itself, and that's where the cloud came in,
is trying to say, you know what, once it gets out there, the details aren't so important
anymore to know exactly how many servers, how much memory, because it's all dynamic.
Is that where the term cloud comes from, or?
The term cloud from back then, I guess, could really relate to the term cloud now, because
back then it was just used when people didn't want to get into all the nuts and bolts that
built that network.
Now it's to try and explain cloud to, from any one perspective to somebody who isn't
intimately knowledgeable on the subject, it becomes a very difficult task, because just
in a little bit that I did earlier, I went over hypervisors, virtual machines, containers,
dynamic storage, thin provisioning, all that kind of stuff makes what cloud is now today.
What you're talking about with the thin clay and the, or dummy terminal and the mainframe
is probably the earliest rendition of what is now becoming to be more common VDI, virtual
desktop, which is actually something we're working on here to be able to present as a service
for customers as well.
That would probably be another episode entirely, just because of how wide of a range of
topics that can reach.
But it does focus on a lot of things that cloud uses, that scalable storage, the ability
to thin provision, users' accounts, and make sure that they're isolated.
Things like that become extremely important, especially now when you start talking about
the security of the end user's data, and who owns that data, and what happens if one
user's data is compromised or is accessible by another user.
I personally wouldn't want any of our buddies to go off and see all my personal financial
data.
They may be my friends, but they don't need to see my bank records.
Sorry about that.
Didn't mean to hack into that box, I didn't know that was your financial information, I'm
kidding.
I'm trying to be careful, it could be dangerous, it could make a five-hour episode if we
go down this road, but there are multiple types of cloud computing.
There's a lot of different things that are referred to as cloud computing, and I kind
of mentioned one you touched on another, I mean we're kind of focusing on what's called
more of a general, I'm trying to stay with general cloud computing ideas, but private cloud.
But there are other things, like you said, the remote desktop, which can be argued that
that that's a type of cloud, I mean that's the Microsoft.
I know Oracle, Ellison from Oracle, he's been outspoken saying that they've been doing
cloud for years, they just never called it cloud, it's the same thing, and it's just a buzz
word.
I mean, it's kind of a controversial phrase to just say that a lot of places are starting
to say their cloud technologies when they're really just client server, but done in such
a way that pretend or make it invisible, I guess this goes back to the cloud idea on
the old network diagrams and just to think, you hide everything behind a cloud, you put
an icon, you say to the user or the person reading it, don't worry about what's going
on behind the curtain, ignore the man behind the curtain, is there anything inherently
wrong with that, Microsoft commercials and Apple say, it's got a little kid, it's in
the cloud, a child can use it, on one hand I can certainly see that makes things easy
for a user, there's really nothing wrong, I guess, with having someone else do that
work for you, especially someone that's knowledgeable, it does allow a lot of people to do that
without knowing so much about what they do, I mean, I don't think people who listen to
this show are more appreciative and want to know the nuts and bolts of it, but a lot
of people don't, so I don't see anything wrong with that, do you?
I don't see a problem with it in the sense that, you know, saying, okay, it's in the cloud,
don't worry about it, but there are people who are paid to worry about it, the people who
are the CTOs, the people who have to make sure that their data is safe and secure, the
people who are required to maintain PCI and SAS 70 and every other industry is standard
out there, you need to make sure that your data is safe and it just becomes one of those
things where you kind of have to take a deeper dive into what each individual is talking
about when you start talking to companies and different things like that, what they see
as cloud, because like I said, I talked to a guy last November and he's like, well, isn't
all web hosting cloud and you hear that thought from a lot of people who aren't really knowledgeable
in server side or what web hosting is or what service hosting or anything like that.
So it really becomes one of those things where you have to understand who you're talking
to and generate a uniform discussion as to what you guys believe cloud is. I've had
to sit down with our sales department and say, okay, this is what we call cloud because
you don't want to go off and compare apples and oranges. It becomes very ugly, very quickly.
Well, you know, and you kind of said something that I want to re-emphasize or clear up what
I was, that you said a little bit better what I was trying to allude to is, you know, as,
again, this is hacker public radio, I'm speaking from a hacker standpoint, I don't really trust
anybody, you know, very few people and those that I do, you only trust them to a certain extent
and that's a very, very important thing that you said. It's okay to not know, it's okay to not
care to a certain extent, especially just the home user. If you trust Apple and their new iCloud
that they just announced recently, which was mobile me before that and whatever, if you do trust them
and I'm not saying you shouldn't, then great, you probably don't want or need or care to know the
details of how they do it behind the scenes. If you trust that they're doing it right,
if you trust that they're doing it securely, if you trust that they have your privacy in mind,
if you do trust, in this case Apple for those things, great, there's nothing wrong with that,
no problem with that. But when you get to other types of cloud technologies or other companies,
you have to handle it on a case-by-case basis. So there's certainly a lot of things that I do
not know, but I absolutely trust you and what you guys have been doing with Ben Redd and what
you've been doing with Hacker Public Radio. So yes, I'm very knowledgeable about it, but I've
certainly no expert on it. So you and I had a long conversations for months of me grilling you
and asking all kinds of questions and information to make sure I was comfortable where we're going,
make sure it worked for us, make sure I was comfortable, and the levels of security and not only
was I comfortable, I was pleasantly surprised. So by being on every single case, you as a user have
to make the decision of whether you trust the people running your cloud. Exactly. And this kind of
is a good segue into a couple of political topics, I guess, that you'd say. I've heard,
I'm going to bring these up even though I've got to tell you this first one to me. It's just
silly, but I've heard it said before, somebody said this to my face that cloud computing was evil.
Just a generic statement like that, that it's this horrible evil technology that's destroying jobs
and destroying data centers, destroying IT professionals. And they were serious about it,
and I'm not sure that I've even, I'm trying to be devil's advocate and see both sides and kind of,
well, I'm not sure I see that. Have you ever heard that before?
I've heard it, but people need to understand this. I think you said it best. Technology is neither
inherently good or evil. It just is. It exists. What you use it for ultimately is going to determine
its purpose. Realistically, IT professionals need to stop fearing it and start looking as a tool,
because cloud is great. It's awesome, but it's not going to replace every single option out there.
There are definitely some use cases where you need to have a completely physical server,
completely physically contained in a location that you don't want all the other equipment that
goes into making the cloud or the other network access that requires for the cloud to work. So,
keep in mind, cloud is not the end-all-do-all solution, but it does help make your job easier. It
helps cut costs on a lot of things, instead of having a bunch of legacy hardware sitting around
on the shelf, you can get a newer system, virtualize that legacy hardware, put it into a storage system
that is maintained a little bit better, and now you've got a virtualized environment of the old
system, sitting on whatever high-survisor you choose. The storage has now been updated to a point
where you don't have to worry about disk failure, and if you need to expand your resources on that
system, you don't have to worry about, oh crap, I don't have memory for this system anymore because
it's 20 years old. That's a good point. If anything, it probably extends the longevity of this
equipment, because when it dies out, you can't replace it anymore. Okay, time to upgrade to a new
one. It's invisible to the user. You've built your own hardware as long as you could, and taken
advantage of it. So, you've actually extended the longevity of what you had before, as opposed to
after it's 10, 12 years old, and your client or whoever was using that hardware, wherever you're
releasing a tool, whatever leaves your stuck trying to sell that and re-get someone else
to buy or use or at least service and get paid for services from a 12-year-old system, which is
all they are to do. Everybody wants the latest and greatest. But the cloud you can kind of combine
all those together, obviously, that's your mileage may vary on those type of things.
So, but I mean, yeah, I think you refer to something we talked about before we started the show,
and that is hackers have traditionally always believed that technology is inherently neutral.
It is inherently neither good nor evil. So, anybody who would say something like
a technology is evil and is horrible, no, it has to be applied just like everything else. And you
mentioned by applying this, there's a whole lot of positivity, a whole lot of good ways it could
be used. And I think we've seen in the news recently, some bad ways it could be used that,
you know, people have been using cloud and leasing out bandwidth and stuff like that for
DOS attacks and other things that have been in the news. So, it's about how it's used in
technology in another cell. This ridiculous, look at peer to peer. You know, that's been called
evil, but my god, it's got so many wonderful, fantastic uses that you can't just label any technology
that way. So, one of the other things that I've seen brought up, and I'm not sure how I feel,
I'm actually curious what you've say to this. Right now, if any, let's say a site, because I
can't think of a better way to illustrate this, a site or a company has all their information
in a cloud. Let's say they have all their stuff on one private cloud or one cloud they're getting
from anywhere in the world. Let's say Wikipedia, for example. And I don't know how they're
set up, I'm not claiming anything for them, I'm just making up an example. What if a site,
and let's say Wikipedia, because everybody at Leasing knows that, decided that, you know what,
we're going to shut down and lock down our cloud. I mean, they have the potential
to say, you know what, we have decided that we're only going to make Wikipedia available to
the United States and Canada or something like that, and just start locking other countries.
I mean, do we have a danger set up because of the cloud that everything is easier contained,
and therefore easier to jail up from the rest of the world or jail up from other countries or
companies? Is that a valid danger and is it a realistic thing? I think that's a two-part question.
Is it valid and is it, because I think technically it's possible, right?
Right, it definitely is possible, but it's no different than if it were a physical server.
Volt and I were just kind of mumbling to ourselves here. It's no different than if you had a physical
box and you said, you know what, I don't want trying to visit my sites anymore. They've been
trying to hack me and deduce me, just like you would on a physical system, you can go off and say,
I don't want this range of IP addresses accessing or getting a ASA firewall or whatever brand
firewall you want to get, you can set up firewall rules. There is no difference in the outward
security. You can do it the exact same way. With a physical server as you can with a virtual server,
the only thing is with a virtual server, now you are a cloud server, you know, enter into the
realm of where you can have virtual firewalls, virtual enforcers that do that as well and then leave
other portions of it open. So say you have something that you can access here in the United States
and it's perfectly legal, but say you've got information about encryption methods and things
like that, that it's illegal for people in a certain country to view and you've gotten notice
from that country is saying that they've caught people trying to view this information on your website
and they either want you to restrict their internet connectivity to that website or take it down.
Now personally, I don't want to get into a fight with another country. I don't have the means
to go off and get into a legal battle with another country. So my solution would be simple enough
through that portion of the site up on a virtual machine and put that enforcer only onto that
virtual machine instead of doing it for the entire box.
Well, and I think that's to simplify what we're saying here is the cloud itself doesn't have
anything to do with this topic. I mean, it makes it easier for me to administrative standpoint to say,
you know what, I'm blocking off the whole cloud and everything in it instead of if you had I don't
know five, ten server scattered across the country sharing and serving it up in a traditional way,
you could still block them off and just be a little bit harder to do. The cloud makes it easier to
administer that, but it doesn't change the fact that it's possible and exists and can happen just
as easily without the cloud as it would with. Correct. So it's really a non-issue as far as the
clouds. That's just a, you know, a different bigger political issue that someone can do an episode
on separately because that could go on. You could talk about that ad nauseam. Yeah, great firewall
channel. That itself. It's exactly what I'm thinking in my head. I didn't want to say it, but
yeah, that's, you know, the firewall, they're choosing what to block out, but if everything was
clouded, they could block an entire cloud or you could withhold your entire cloud. I mean,
there's a lot of options there, but I can't wait as now. Let them censor what they wanted censor.
Not that I agree with it. I don't want to agree. I don't want to say that at all. I don't believe in
censorship, but if that's what that country does, then that's something that people need to work
out. But I don't think that's our fight to get in front of the neither. Right. But again,
let's go on. That's going off into a political discussion. So we'll rein back in on from that.
Well, the other thing I think is kind of related to that is, you know, and I'm going to,
let's segue a little bit into a little bit deeper here. We've kind of talked about these,
but let's go into them analytically. Let's talk about some security issues and privacy issues
that are brought up all the time when it comes to cloud computing. Let's address these directly
and see what we can come up with on some of these. Is privacy a real threat, an enhanced threat,
and cloud computing versus traditional? A lot of things we've talked about. We said it's no
different. Cloud makes it easier to administer and set up and all that kind of stuff, but it's
really the same overall concept. Well, have we opened up new privacy issues with the cloud, for example?
And we might have to back up and define software as a service before we go down this road. But
other people inside of our cloud or other people that are sharing cloud together,
is there an extra danger that because they're inside of the same cloud that they can have access
to my data and vice versa? In most cases, there's no like platform as a service or, or in this case,
infrastructure as a service is what Benrev has with us. They're completely isolated. No
VM, no user can access the others data because it doesn't even know that that data is there.
At that level, it's completely tied down to that user. The other users have no idea that that
data is there, that another user is on the scene. It's completely oblivious to it.
And that's a private cloud. That's a private cloud or public cloud that's using
just about every system out there that I'm aware of. And, lastly, and intentionally,
put this hole in there, every hypervisor that I'm aware of out there,
restricts and prevents people from going off and seeing other data that's attached to a different
VM or a different container because they want to have that security they're built into it.
You can, and there are ways of getting around the security mind you.
And the stuff you need to review, if you have that question, that is something you need to bring
up with your provider. But even in our public cloud environment, we encrypt our customer's data.
So I can't go off and just hijack their hard drive. I have to be forcing my way into their
virtual environment in our cloud to get access to the data. I can't just go off and say,
okay, I'm going to just, oh, they've got something I like. I'm going to just hijack it all.
I'd have to get into this system. I'd have to compromise their system.
Well, we'll have enough to clarify. When you say, I, in this scenario, you're talking about you
as an insider, as a system analyst, as somebody who has access to the system administrator,
you, when you say, I, that's the context you're talking about. Even on the inside, you would
basically have to do something illegal into, you don't have any extra access.
No, I'm using access to forcibly enter a customer's VM unless they provide us with their
password, in which case that isn't hacking that's entering with permission. Right.
So the danger of, I guess, an insider job is minimized because if you don't have, you don't,
necessarily, or require access all the time. Right. These people can administer and do
everything themselves without you having access. Right. The only time it ever comes to be an issue
is if there is a legal document placed at our, in our hands, saying, hey, we need to find out
what's going on here. Right. And at which case, then we are, according to terms of services,
the case with just about every host, if you're doing something illegal and they get a report about
it, they are illegally obligated to go off and investigate it. What if somebody else in the cloud?
Another site is doing something illegal serving up illegal porn of some kind. I'm in the same
cloud as my data at risk. No, because you are completely isolated. Your entire entity of your
virtual environment is stored in a system that your data is encrypted separate from his.
Okay. So if somebody hacked into that site and got complete root level access is my data
and my site's in danger? No, because even at root level compromised for that virtual machine,
it still is completely oblivious to every other system that's in that cloud.
So they could go out and plaster their root name and password all over the place. The data is
going to be confined to what they have access to and what they have pre-allocated. Correct.
Now, okay, I'm going to how about, and this is the other common thing we hear people bring up.
Let's say they gave out the root password. Let's just say they got hacked. Somebody has
root access to that box. Are they now inside of the firewall, inside and bypassed a lot of
your layers of security and protection? And they're now able to attack from inside of the cloud
to other parts of the cloud. Sure, it may be encrypted, but haven't they bypassed some security in
that? I mean, it seems like there's some security that's going to be bypassed by that. They're inside,
but you're still telling me that there are several layers of security after that that they still
have to overcome. Correct. Depending on the hypervisors, security levels are a little bit different.
I can tell you, having worked with some of them, there are applications out for like Microsoft
Hyper-V that actually monitor traffic between virtual machines. And so if you're using Hyper-V,
that tool would actually be able to tell you, hey, wait a second, this guy's traffic's changed.
It's now attempting attacks on stink dogs VM. We should investigate this or we should disable it or
do whatever to ensure the safety of our system. So that's the human element, but on top of that,
there's also the virtual environments involved. And we keep going. When we're talking about security,
a lot of it resides in with the hypervisor and with the virtual environments that you're using.
Storages have additional functions and things like that, but inherently they're not the most
secure point. So you build security around those. Our storages are entirely on a network that
cannot be reached from the outside world. You'd have to have physical access or have access to
the private network via a VPN and multiple other layers of security. I'm not going to get into
just because I don't want to give away too many trade secrets on that. But...
But again, that's kind of what I'm saying is somebody did group their way in and got passed
the first part, the kind of horror on an internal network. Right, but then there's a separate
network from that entirely. So they've gotten in on the public network, public facing network.
Okay, you know what crap, now they can do us attack behind the firewall that we have in place.
But there's also a limit of how much traffic in our environment that we have set up for you guys.
I can see exactly how many kilobytes per second are being used and how much memory everything.
I can even see what processes are running, what cores are being utilized, and tell you what's
out-of-norm for any VM. Right, and I think this is probably a good point to step back
because we've made a reference to this several times. We know the hyperbisers, but for the listeners,
I mean, am I over simplifying a hyperbisering to say that it is the host operating system,
or it's the system that handles the cloud, handles the technologies, the underlying operating system,
not. I'm going to stop trying to say, I'll let you explain it.
A hypervisor is the virtualization layer. I mean, that's the easiest way to explain it.
It's the virtualization layer. It takes the physical hardware of the node and presents it to
the individual virtual machines or containers, depending again, what technology you're using,
and acts as that intermediary. Different hyperbisers perform differently and allow
for different control, for different utilization, different operating systems. Just various things
in there. Your hypervisor should be a selection based on what your needs are.
All right, so then, I guess I think better for illustrating this. So, if you were to, let's say,
that BinRef continued to grow, and we needed an extra two gigs of memory,
you've already got it hardware-wise behind the scenes, and you would have to go into the hypervisor,
into that software layer, into that virtualization layer, and say, allocate two more gigs of memory
to this client or this account. It does that sort of thing, more hard drive space,
or adding scripts, adding monitoring, things like that behind the scenes,
or also obviously creating new accounts, creating new virtualizations, new virtual machines,
and so on. Exactly. All right, so that kind of makes sense to me,
helps me understand it. But, yes, then, based on everything we've just said there and talking
about privacy, I don't see... Obviously, there's a lot of other layers of security in there.
Are there standards? Are there minimum requirements that people have? I mean, you said that your
network's forage is on a whole separate network. Is that common, or is that something that only
you guys do because you are very secure and take this seriously? Do all of the top providers do
that? Is that a standard? Is it a case-by-case, like you said earlier, do your homework and trust
the people you're working with? It really becomes a case-by-case. I've worked with multiple providers
when we were building out our cloud initially. I looked at some of our other competitors,
looked at some of the other people that were doing it already. I saw things I liked,
and I saw things that I didn't like, and the things I didn't like, I intentionally built
things differently. Things I like to try to model after. I can say for a fact that there are some
out there that your private data goes over public networks, and that's a scary thought to me.
I'm not going to name names. I don't want to get my in trouble, but I've come across some
providers that do that. Some providers don't even use network-based storage. It's all direct
attached, so it becomes an issue of, okay, if that server fails, now you've lost some of your
redundancy. You have to do a restore to get that data back. All clouds are not created equal.
Correct. I guess I want to be careful here, because we kind of debunked some myths earlier.
We talked about this isn't such a huge worry. This isn't such a big deal. This is no different than
traditional, but to be clear what it comes down to is cloud computing is not necessarily any more
vulnerable, but it is just like any other scenario, a case-by-case basis. You have to trust and
know the people you're doing business with, so some fly-by-night people that are offering cloud
technology. You cannot assume that your data is private. You can't assume that it's encrypted.
You can't assume that if somebody rooted one of the other boxes, they would not easily have access,
because it all depends on how they've implemented all of those layers. Levels of security.
Exactly.
So do your homework. Can cloud computing have a lot of security front? Absolutely. Privacy,
absolutely. But I think I could safely say I feel comfortable saying most of the time is secure,
but you have to check and make sure the people go in. You know what? If you're looking for hosting,
forget about cloud. If you're just going out to find a regular host, you're in the same
bow. You need to find if you're going to use some fly-by-night, there's been somebody spamming
our forums over at bidireb.com, over at the forums. For some off-site, out of country hosting,
and they don't provide a domain name, they don't find a phone number, to contact, then they have
no references, no anything. Yeah, I'm not going to do business with you or trust you to take
here in my kingdom or any of that kind of stuff. Those same rules apply in cloud computing as I
guess what the moral of the story is. I would agree. All right, well, there are a couple other
privacy things I want to talk about before I move on, and I think I said we might really want to
back up and talk about software as a service or SaaS, which is another buzzword you hear a lot
these days because it's kind of related to cloud computing the same way we talked about earlier.
It's not so much that you are paying for a system and hosting and memory and stuff like that.
It's more that you are allowing the, I'm not sure what the proper term is, the host or the cloud
computing company that you're dealing with to run the software on their machines in their private
cloud. And I think the biggest example of the biggest success story of this is a company called
ServiceNow, which is a help desk type company as a ticketing system. And what they do is they have
all of their system running on their servers in their cloud. I don't go to specs with all their stuff.
I'm sorry. Sales force is a big one too. Yeah, sales force is another huge one, absolutely
good one. We don't know what their clouds are. I don't know if they publish that specs. I just
don't know what I'll pay and maybe they post some of that information, but they're not really selling
you hosting services or a private cloud for you to host your websites like we've kind of been talking
about with us. They are offering you software as a service or SaaS, meaning you pay them monthly fee
and you get access to their software that they maintain, they run it, they handle the security,
the underlying system administration and I'll take that headache off of you. So you can just use
the application remotely. Kind of like Google Apps or I think Microsoft Office works remotely now.
You're just using the front end usually through a web browser, not necessarily, but usually through
a web browser to use their software and they're handling all the processing and all the work on
the backend of it. That is commonly tied to the cloud because like I said, they're running
the cloud on the backend and if they can, I think this is where we get to some of the benefits you
mentioned earlier about and I think we want to go into some more detail. That is about utilization.
We all know that websites spike at different times of the day. We know that sites get slashed
dotted and traffic may increase or decrease depending on what's going on. Well, by combining all
these together, you won't have as much waste to CPU cycles as much wasted memory because
you're all sharing it and you can monitor it more closely and see where it's going and if somebody
has some downtime and is not using as much memory or hard drive space or whatever the case may be,
someone else can because it's available and you're sharing, you're working together and you can
all get better efficiency and utilization from your system. Is that correct? Yeah. It's beneficial
for people who are in a cloud environment who have that occasional burst that get slashed dotted
what not. It becomes the ability for them to not only scale a single VM but have the ability
in a lot of cases to clone and do load balancing and things that are normally something that would
take weeks to do or at least a few hours. We have a couple of our customers that I can bring up a
new virtual machine if they get really hammered and have it up and running within a few minutes,
have a fleet of ten of them up within probably 45 minutes and add that into their load balancer
and all of a sudden their sites now running across 20 virtual machines with four cores each,
six gigs of RAM I mean and these are virtual machines that weren't there prior to them getting
slashed dotted and there's no it's not at the cost to anybody else in that cloud or anybody else
you're not the person using those resources and causing harm or slowing someone else down like it
is in traditional hosting right exactly so you take out some of the administration time that comes
with having to sync up the data get everything configured to get server up and running and then
you have the advantage of they're only getting billed for the time that they have those if they
don't already have the hardware up and running if they don't have that extra space there they're
only paying for the time that they burst over their allotment so now you're not getting this
oh I've got this huge amount of bill because I get slashed out twice a month they're only paying
for the amount of resources that they use and and in a traditional hosting environment like
another thing is even if you're not billed for a band with or something like that like I had a friend
who was who did from some shared hosting companies simply because he would have spikes in a
database somebody would make a big query to the database or a bunch of small queries and overloaded
well you're overloading this equals the mySQL server and that's actually the entire box suffers
from that load so you're slowing down all the other customers that are on there so I've had
friends that got shut down and kicked off for doing that because land nowadays I think they
found ways to throttle back stuff a lot more but if you go over certain amount you're actually
causing harm to other people that you're using on the same physical box right so that again
is another benefit so and that's where platform as a service has become really popular too
platform as a service provides like mySQL PHP rubies are real common one actually for platform as a
service Rendooku I think you're one of those guys they're huge sales works actually bought one
so they actually do do platform as a service now too not just software as a service but
those types of things for people who are having this issue of well I'm using more resources I'm
causing these people to go down now they can go off and say okay I want to pay only up to this
amount of CPU memory process time queries whatever you want to do it it becomes a little bit easier
for people to manage and they don't get this lovely little nose and the mail saying you've
used too much resource we've been forced to suspend your account because of this
right and it also in this and let's tie it back as I we're talking about software as a service
and Salesforce and service now and others similar things not only are they selling software
we're explaining why it's in their best interest because it's much more efficient for them to run
a local town like that and let them deal with it so that to you as a user you don't care about those
sort of things but what it allows them to do is not only to charge you a monthly fee or whatever
contract for the software which you know that could be who knows what but also if you need more
you can add more that pay as you go that other card system where if you need more bandwidth one
month later expecting a lot more sales I don't know what's I don't know who's Salesforce but
you're expecting a lot more bandwidth that you're going to be using a lot more disk space that
you're going to be uploading a bunch of stuff whatever the case may be they have that flexibility
that for you charge you on a case by case the decent support so they can kind of gauge for
I don't know if I'd say the platform as a service but sort of they can they can kind of merge
the two together charger for software licensing fees and how much disk space or resource
you think so kind of an interesting scenario yeah they definitely have a very interesting model
it becomes one that you start wondering about the security those on those things and I think
you mentioned that earlier with them like who ends up owning the data when they're in a system
like that right and that's actually exactly what I was going to say next I mean
we talked about the privacy aspects of kind of know if your user inside of a cloud get access to
your data well the reason I wanted to pay up software's a service at that point is for this exact
reason in the scenario you described it with platform as a service one VM separate from another
you guys had your storage section off somewhere completely different sounds like the steps are
there to protect that but in a software as a service you're at the mercy of the software
not the platform the software itself so how did they implement security obviously we can't
speak to this so we're just thinking out loud here but you know I don't think we can speak to
whether that's safe or unsafe without knowing a lot more detail did they encrypt the traffic
are they sharing the same database are they sharing are it isn't just different tables
are you using fine grain access control and sharing the same database for crying out loud I mean
there's often a lot of questions there's a lot of questions on that and especially with all
the hacks that we've been seeing lately you you'd like to think that company is largest sales force
or as large as service now or any of those guys would have these fine grain controls and
use separate databases for each user and things like that but you look at the recent hacks like
with Sony Sony was an epic fail to me the fact that they had that much data I compromised and they
didn't mention anything until you know they kind of got caught with their hand in the jar and another
one would be city bank another really bad one in my mind these are companies that are huge
like you would think they'd have a full-time security team there and from what I hear Sony actually
fired their security team prior to this whole mess happening so it just you got to be really careful
who you trust your data with yeah for those who listen to me for years and years I would
I would simply say that Sony has been a complete nutter epic fail as a company since the
conception of the company but that's also a different topic altogether and I got to say
I'm probably crossing a line in the politics here and going somewhere I shouldn't but I think
Sony's paid for geo hot that's what you get for fuck with geo hot but anyway I digress
privacy and the software service aspect there's too many questions for us to go into that or talk
about but I think one question and maybe we can kind of talk about between us just opinion here is
are there some things this should not go in the cloud I mean yet a cloud's got a lot of good things
going forward it's good technology good efficiency easier to maintain administer all these positive
things but it doesn't make it the solution for everything I'm not sure what I would am I comfortable
with putting my websites the stuff shared out my cloud sure no problem what I want let's go back
to Apple Apple in their iCloud you can put all your contact information your photos are shared
up in their music I guess music I wouldn't carry too much about but do I want my family's phone
numbers and birth dates and stuff like that in a cloud I mean I'd have to be pretty damn confident
and comfortable with it yeah well google was trying to do a medical cloud and that's
scared the living daylights on me they're like oh well we'll put your medical data in our servers
and I'm just thinking to myself you got to be crazy I'm not letting you guys have a database of
all my you know ailments or allergies of things that come up in my mind are you know the movie
anti-trust where they've got this massive database about all these programmers and what they're
allergic to and different things like that scares me I may be paranoid but it does scare me
oh I know it's a that's a little skying at for me too I mean I it's exactly what I was thinking
I'm glad you said it because yeah I get I get late book of conspiracy you know I'm very
uh google already has a little bit too much of my data I think I try to minimize how much I give
them but yeah the idea of the medical data uh did not like that at all I don't want any part of that
financial I don't think I'd ever put my bank records I don't even like for example I
kind of been and putting a little bit of time lately into um trying to go back and fill in some
gaps in my family tree that I've had for years I haven't touched I brought it back up and was
trying to fill in some stuff and in doing so in doing some research I see all these people that
have shared their family trees out there on the interwebs it's just a general bad idea for privacy
to me cloud or otherwise so there are certain things I don't want online therefore not in the cloud
so I think I guess each individual person has to make that decision themselves I mean
well so you and me on this one are am I alone here no I agree with you I mean I I can't really
disagree with you in a sense saying you know having everything shared I mean you know like you
said you having you know your family's contacts in there well that's basically the same you know
one precaution you might want to have is say if you have your your your family's phone numbers
in your phone you might not want to even say hey this is my whole phone number because somebody
finds out that home's phone number finds out more information I mean this is a little bit of
digging can get you anywhere right what and Josh here knows that I can't stand like
following and I get that damn Google voice I don't like the fact that Google has my number logged
in there and who knows what they're doing with that or what they're joining the other databases so
phone numbers definitely out personal family information um I don't mind that my sex
state was out there being shared that's fine oh you both have seen it I can tell
so that all right so that's again everybody's gonna have to make their own decision on how far they
want to go with that but again for my aspect I just think the cloud is great technology for
the way we're using it it's tremendously helpful it's effective easier to maintain so from
uh from uh I guess platform as a service from us just having all our hosting done that they
gives us a lot of flexibility um we talked about who owns data already in next again case by case
basis with software as a service uh just kind of looking at a couple notes I have here I want to
make sure I covered any questions or any things that I heard brought up uh what about well and I
guess this is just all we can do about this this thing out loud too is with these software as a
service companies if you do use them for a year two years five years um and you uh put your
data or information out there let's say iCloud on a personal example or service now or something
in a professional environment what do you do after a year when your contract is up do they have
your data hostage as i sound going to what are they going to do with the data if I don't renew it
do I get to at least download it back to my laptop or my iphone or whatever the case may be or
are they holding hostage i mean that's a realistic danger isn't it well in the case of iCloud
it's actually um closer to Dropbox where it's syncing your data it sure keeps some of your data
in the cloud but it's syncing it to multiple devices that was kind of one the major focuses
with iCloud was it wasn't strictly like the google music streaming service where once I put my
music up there i can't pull it back down so if I were to put my entire music library up there
which mind you um i think it quoted it out for like a week to put all my music up there i wasn't
too thrilled about that um but we're looking at the ability to have your data synced across multiple
devices with apples iCloud versus another service like google music where that data is
up there and who knows what's going to happen to it after you say well i'm not i'm done with
that i didn't like it i want my music back um in case for like service now i don't know how they
get you your data or if they get me what if you want what if a competitor comes up and you decide
to switch i mean you've got to read the fine frame they might have some fee in there that says
that yeah you can get it but it cost you ten thousand dollar buy out or something ridiculous i
don't know but these are again i'm just throwing out questions that people should ask themselves
when it comes to these things think when it comes to cloud computing these are thoughts you need
to address and think about upfront before you go committing to the clouds or the software is a
service that that type of cloud anyway yeah services owns that data i mean there are some wasn't
there some controversy with um was it facebook or was it was it live journal it was one of those
sites that um tried to make the claim that anything that you typed and uploaded became their
intellectual property that's basically that what i mean are you kidding me they can now if you
don't tell them no they can use your pictures for any ads so if you have pictures up there if you
didn't go in on the all you can still do it but like on the day that they announced that that
option was in there i logged in and checked the box saying don't use my photos for ads or anything
of facebook is the one that was going off and saying well you put it here it's ours
yeah that but that wasn't it wasn't that way all along right didn't it something they tried to
change the terms of service ongoing i mean was it also another facebook controversy where
they just decided to take out the privacy like when they're waiting i don't have Facebook so
forgive me here um wasn't there a way that they marked it so that you had your account set to
private and then they just one day changed and said oh everybody's not public you don't can't
said it to private anymore yeah they did that and then gotten big trouble for it too yeah that's
what i'm saying like you suddenly you could have been private you could have followed the rules you
could have done it and they just changed their mind and midstream i mean that's a huge blow to
their credibility and trust level to me i would never try and i i don't trust Facebook that's why
i don't have an account yeah they can just change the terms of service it will google did the same
thing to me with their ad words and ad sense um granted they didn't like me anyway after presenting
adept on about that topic but um even so i was playing with it they would change the terms of
service all the time and say you have to accept these new terms of service to continue you have
no choice in the matter right so i mean they can change the rule book as the game is playing and
that's just a little bit wrong to me so you have to be careful and read all the fine print
warnings and in every one of these scenarios right and that's ultimately you have to
go based on what you're comfortable with a lot of people you know what they don't care
and it's kind of bit them on the high end we could do an entire segment about Facebook and some of
the stuff that they've done and how it's impacted people's lives one girl got fired over a
comment she posted on Facebook about her boss but um just to plug up open source project that
i think should get a lot more notice uh diaspora have you heard of that one uh yeah so
uh it's uh open source social network that you control what is shared and what isn't and with
whom you want to share it with all right and you host down your own system it's really cool to
an alpha phase now remember yes so i look forward to seeing more from things like that not necessarily
them but i think that's probably the furthest one along so far well we probably yeah that's
probably a different show let's not go too far although if anybody who's related to that project
would like to come on episode i would love to hear that so if anybody's involved in that project
please do an hbrf7 listen to it um but to bring it back um let let's wrap up with a couple of
i think we've kind of hit around them here and there as they came up but let's kind of wrap up
and talk about some of the big benefits uh going to a private cloud such as we have done with
pin rev we have moved all of pin rev into a private cloud which um without going into details of
the hardware behind it we have let's just say we have plenty of hardware and because of the nature
of the cloud we have the ability to upgrade it increase it as needed and whenever we want to
power we want to we have that flexibility so there's that there's obviously from my standpoint as
they and i'm going to i'm going to make a clear delineation here um i'm going to refer to you
as the system administrator uh you and i kind of share that responsibility although you're 90%
of it easily um so i'm going to think of you as the system administrator uh the service provider
i'm going to think of myself simply as the webmaster in this scenario so from my standpoint
i don't have to worry about uptime or system maintenance anymore that's your job right so that's
a huge benefit i have been using uh as better as grew and grew over the years it got to the point
where i and i've said many times i'm not a systemic i can crumble my way through and i can get the
job done but not as well as somebody who knows it so we got to a point where we grew too big and i
had to say you know what it's time for me to have to pay the extra money to get hosted services
but traditional hosted services simply meant i lease a box from a hosting company with whatever
specs that we agree on those specs aren't dynamic if i outgrow the box we have to get another box
pay the difference pay the money to increase do the migration and move over to said box
it's a nightmare and we've done that over the years manage hosting simply man i paid extra to have
somebody answer tickets and fix the box when it's broken with the cloud with the way we're set up
now we have one system to maintain and what i say we i mean you yeah you know it may be multiple
physical boxes but it's one hypervisor i guess and all the VMs inside of it right so that also
means i don't have to worry about backups and just ask the first one is disaster recovery
that's your baby to deal with too and backups and stuff like that from a webmaster standpoint
i can do them just because i'm paranoid and like with the currency but you guys can take care of that
you can back it up to the NAS servers take snapshots every i think you're telling me that not all VMs
not all hypervisors have this capacity but some do where they'll take snapshots and just store
the deltas so that it's quicker and easier to restore in case of problems exactly that's what we run
with you guys it's just an automatic system that goes off okay it's that magic time make a snapshot
just take the deltas i think a snapshot on average takes about a minute and a half
depending on what changes it could take as much as two and a half minutes but to have a backup
that i can restore and push you guys back to that state at that exact moment it's well worth you
know the minute where it's doing that yeah and and all of those things that i just talked about are
the main reasons that i looked into making the switch and making the change but the other one
that surprised me and i don't and i can't believe i didn't realize how awesome this was until you
and i talked about it um the context was about consolidate mail service but the point that i was
getting at is these are all now virtual machines and you can split them up or share them anyway
you want to i know we have some dedicated to a certain site or two for the big ones and other
ones we still shared on a virtual machine but i can start to create as many virtual machines as
i want inside of that private cloud so i can finally i used to register silly domain names and stuff
as sandboxes just to play it and just to hack away and install cmss and just you know write code
and teach myself and learn stuff will hack for food was one of our funniest ones i registered that
as a joke we use that as a project to make it disposable email system and it worked and it
stuffed and we we kept it well with this new environment not only can i create VMs on demand
to test end of the play into the have a sandbox they won't destroy or hurt anything i'm not
going to misconfigure anything or take another site down because i screwed up my sql or php or
anything like that but i can have i can put any OS in there that i want right run a windows
seven server i don't know windows seven i don't use one those seven i can run a windows
environment next to a good to next to a red hat next to a devian next to a slackware all i
got to do is create the VM image for it and i can have anything i want inside of this cloud
right i don't have to have a separate box no and that's it's one of the things that a lot of people
they don't think about because and vault will go off and say i've said this a million times before
but every operating system out there has its purpose has a function it wouldn't exist it wouldn't
be a living breathing project if it didn't have a function i know some people argue i know
later as things bsd's the only way to go but uh i mean there there's a function for just
about every os out there if there wasn't it wouldn't still be a living project
so it only works on certain oss and stuff too so that's another factor if there's something
you need it's only made for one os it sucks but it's a reality
yes it is i know there's a story there we'll leave that alone
um so we can put up a um we can fire up a uh a box dedicated to uh counter strike or i don't
know what's the game of the day fructive nukum 3d got more new stuff yeah that's the funny thing is
that i just i i wasn't thinking about that i was just thinking of ease of use using my burden
using the load workload on me i wasn't looking at gaining benefits and when i found out that i
could have create other VMs and very easily and run them alongside still in the same security
infrastructure still sharing the same resources i get that just made me so happy that i kind of
since we've done that and you know this we've started getting back into into hacking to be honest
i've been kind of retired and i still some some i am i'm actually finding time again now that my burden
has been lifted with administrative duties and i have to say thanks to the cloud but also thanks
to you guys personally and lunar pages you guys have done too long this thing too just tremendous
workload lifted off of me which i appreciate um i'm actually able to get back into doing things
we're actually i've been talking to not there for the past week or two we got a couple projects
that we are going to work on again we're going to throw some VMs up we're going to start
axoring again that's a great feeling i finally can do that and i really feel to be like i have
that ability because of the cloud and the nice thing is is if you guys do compromise and
completely destroy the virtual machine you guys can have that snapshot okay let's look back we
maintain the one that you guys compromised turn that into a data mining system and we bring up
another system that's identical to it before it got compromised well and you know there's another
little thing too that we've never had the luxury of it's it's probably minor but it's it's more
professional to do this um our forum software which is envision board great piece of software
but every time a patch or an update comes out we've kind of had to do it in line we've had to
do the update right there on a live machine which is obviously dangerous now it's pretty much
always worked we've had a few bugs here and there and i'd have to sit down and work for them
yeah volts is over here shaking his head i'm sorry volts is over here shaking his head
i guess he doesn't like a vision he likes it i like envision i go more with the both and even
those usually resource hog but i've had quite my you know share of problems with envision having
having the inline going in there for patches yeah and it's you know what we did is we
did a whole separate installation under a different account and anytime we have to do one of
those we would try to do it in the other account and test it there see if it worked but every time
we do them we have to clone over the database copy over the tree all that kind of stuff it's just
a lot of work now in this new environment whether it's envisioned people's interp in the
number of sports and route there um you can simply clone over your live system and
just and it's all from there if it works great you go do it on your live box if it doesn't you
have the luxury of taking your time to figure out what went wrong etc etc so that was another
unexpected pleasant surprise that i have so we can take a snack of anyone needs it anytime
and fire it up is a new VM from so we know you don't have to have an image to build from
i don't have to go to an install process i clone one that's already run
you know it's like ghost imaging they do that most most big companies now they're not installing
everything every time they take an image of one machine and they blow it out to thousands
what's the same thing we take an image of what we want and we can blow it out quickly and
be open running i mean technology is wonderful i'm a weird voter right now
that was a little bit too much i'm not known i think that's a good way to wrap up the show um
let's see i think yeah i think we've talked about everything i wanted to bring up i mean
but again i can't speak kiley enough of the cloud if it's done well done properly and you
understand what's going on with it to reiterate you have to know and ask the right questions
and hopefully on this episode of the show we've given you a lot of those questions a lot of
things to think about write them down listen show again if you have to and go and if you're looking
for cloud computing go to your provider go to the company you're considering and ask these questions
and make sure you understand what you're getting into and it will hopefully make life a lot
easier for you or you know you're probably going to hear at the end of this episode we finally
have a new outro reported that we're going to put in the end of every show and as that will say
i'll say now um go to the guys here at lunar pages they will do the job right they have done a
great job by us and i cannot endorse them anymore than i do um i think that then great work with
us and i am very satisfied with them obviously i'm biased so just ask the right questions of whoever
wherever you do go and um i don't know guys is there anything else you guys want to bring up
anything i missed or overstated i think you hit the nail in the head i mean it's been a
pretty good journey through uh what cloud is i just hope people if they have questions feel
free to hit us up because this is what i do all day my official title with the company is cloud
specialist so yeah actually you've written a lot of that custom i mean you've written the system
almost right um a lot of the underlying scripts i didn't write the hypervisor but the scripts that
make use of the hypervisor of the storage of the backup stuff that's that was all stuff that i
built together so they can come to acropublicradio.org of course at the site and um you can
find just about any contact information there you can also go to binrev.com and the forums there
there is a forums thread for every episode of acropublic radio when this gets added to the feed
there is a thread created in the hacker media forum and you are more than welcome to go there and
post any questions or and follow up any corrections if i misspoke anything like that you can head
over to binrev.com and post it there and we will do our best to get back to you and um i think
that is it so um Josh votes thank you both very much for being on the show with me and um i think
we've already talked about some ideas for future episodes so we will hopefully be hearing from
you guys again very soon. All right thanks everybody and thanks for listening to acropublicradio.
Thank you. You have been listening to hacker public radio and we hope you enjoyed the episode.
hacker public radio is a community project by hackers for hackers from the binary revolution
at binrev.com. hpr and all binrev projects are proudly sponsored by lunar pages from shared
hosting the custom private clouds but lunar pages.com for all of your hosting needs.
Thanks for listening and we look forward to your contribution.
Thank you for listening to hacker public radio for more information on the show
and how to contribute your own shows visit hackerpublicradio.org