Cloud Security

Secure your Virtual Machines in the cloud by doing the following:

  1. Reduce your open ports to as few as possible.
  2. Do NOT allow any process serving as a TCP/IP listener to run as root.
  3. Change your SSH port from 22 to something other than 22.
    1. Change this every day if you are paranoid.
    2. Change this every hour if your are crazy paranoid.
  4. Use only Public Key Encryption for SSH access.
    1. Change your Public Keys every day if you are paranoid.
    2. Change your Public Keys every hour if you are crazy paranoid.
    3. Use only 2048 bit keys whether paranoid or not.
  5. Deny root level access for all users other than via the console and ensure the console requires physical access in a secure building.
    1. Deny root level access completely if paranoid.
  6. Encrypt your disks – this keeps those who may steal your VM Image from being able to use it.

Hackers will exploit those details you have neglected !!!

Leave too many ports open with root level access and YOU will be hacked !!!

Make things too convenient for your own use and YOU will be hacked !!!

Remain ignorant of how hackers work and YOU will be hacked !!!

Be lazy and stupid and YOU will be hacked !!!

 

 

 

Advertisements

Node.js Achilles Heel

The good thing about Node.js is all that JavaScript running on my server !!!

The bad thing about Node.js is all that JavaScript running on my server !!!

Hey, if you love JavaScript then by all means use the heck out of Node.js; you may come to realize why Node.js is so weak as a server-side technology.  Heck, almost nobody even cares why Ruby on Rails is so weak and it’s got millions of followers.

Node.js lacks a threading model !!!

So who cares, Ruby lacks a useful threading model too and nobody cares about it at-all.

Ok, to be fair, Ruby 1.9.x does use multiple-threads but Ruby 1.8.x does not. (See also: this)

Node.js has no threading support at-all because JavaScript has no threading support.

As a casual user, or typical Manager, you will never even know or care about the lack of a threading model… none of your developers will either, for that matter.

On the other hand, if you ever try to develop some swift Node.js gizmo that could benefit from a threading model, well let’s just say you will be stuck with a slow service.

The good news is, even without a threading model Node,js could be used effectively but sadly few of your under 30 coders will probably know anything about how to engineer around the lack of a threading model.

Enjoy the lack of threads… Ruby lovers have for a number of years and you don’t hear anything from them about this either way.

Addendum – threading model

So there kind-of is a threading model for Node.js but only in the grossest manner – so you can fork or spawn a process – big deal !!!   This is not the same thing as spinning-up a thread by any stretch of the imagination.

Node.js is too immature for prime time

You should be able to see the break-out Node.js Web Framework on-par with Django for Python but there only seem to be a ton of choices with no clear winner.

The bottom line is, Node.js is all the rage, this year.  But will Node.js be there next year and the year after with the same strong following once people figure-out just how Node.js works ?!?

Here’s what you can look forward to with Node.js

You will look at Node.js and fall madly in love, no doubt.

Node.js can be very fast but only when you use it sparingly and then only for lightweight processes.

Node.js cannot do any heavy lifting because it lacks a threading model which means you will be spinning-up Processes not Threads and as we all should know a Process object is very heavy, much heavier than a Thread object.

Node.js will be a bit more of a pain to scale unless you want to buy/rent/lease a single server for each Node.js process and then you can go ahead and throw all your money into Node.js servers with my blessing; I will be spending much less on my Python servers and not only because I can pile more services on each Python server…

Node.js is this year’s Ruby on Rails.  *yawn*  So what else is new ?!?

Node.js appeals to non-techies and so does Ruby.

Node.js can be useful but only for those who know how to leverage it properly.

Use Node.js for simple one-off web services and keep Python around for the heavy lifting.

The bottom line

JavaScript is JavaScript no matter how much lipstick you pile on.  JavaScript was designed for the browser.  Get over it already !!!  Yes, you can run JavaScript on your servers – big deal !!!  I can run the Chrome browser on my servers too, does this automatically mean I should be using Google Chrome for my web services ?  I mean really !!!

What’s next ?  Let’s run Adobe AIR servers ?!?   Oh, no, I forgot everybody is supposed to hate Adobe, right ?!?

Let’s keep JavaScript running in our browsers…  Servers are for serious system-level work and this is why god made Python and Stackless Python anyway.

%d bloggers like this: