Sunday, August 30, 2015

Cloud Computing Now

First posted on:

I wrote briefly about cloud computing before here. Back then, cloud computing in the Philippines was not that popular. Actually, even globally. Hence, I thought I have to update my knowledge about this concept, just in case somebody asks me.

Cloud computing as a term only became popular then, with people promoting it emphasizing economy and allowing the business to focus on its core functions rather than get bogged down with setting up their IT requirements (which big companies usually require of their supply chain partners). Those against it emphasize (just like in the paragraph before) security and location of data. Since then (about five years past), a lot of developments have happened. The Wikipedia article is a testament to that.

On September 10, 2009, the Wikipedia article on cloud computing described the concept as a “paradigm of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.” If you would access the same article today (August 30, 2015), it says that “Cloud computing is a model for enabling ubiquitous network access to a shared pool of configurable computing resources.” I agree with both, actually, but the latter definition has some terms which are highly technical, so I prefer the former.

As I said in my blog post in 2009, for me, it is just a way of computing (or doing your work with your computer) with your data or your applications--or both--on the Internet. To make the concept tangible, look at Google Drive or Zoho, both of which allow you to create documents (i.e., text, spreadsheets, presentations) on the web. Their online system constantly saves your work, so you don't need to manually save every few minutes or so.

Also, previously, when one thinks of a website, you use either your Notepad or Microsoft Frontpage to create your web pages on your computer, then upload them to your server (either your own server where you or your business is located, or to some webhosting provider). Now, you can create websites with Google Sites, which, among others, reduces your need to learn HTML or similar languages and hosts your webpages in their server. I will stop for now about the benefits of using Google Sites and talk about this later when I go to the Benefits part.

So we have an idea now what it is. What is it not? For example, is email a part of cloud computing?

In its previous form of POP3, email was not cloud computing. In the Philippines, however, we were introduced to its cloud-based form – the webmail. We used to access Yahoo! Mail and Google Mail from the web browser. Those email services, which you can access using your browser from any computer instead of an email client installed in your own computer with the settings preconfigured, are cloud-based.

Chatting, again, in its previous form of Internet Relay Chat (IRC), was not cloud-based, because there is a central server that moderates communication of messages among different users that access the chat through a preconfigured client. However, recent chat services through your web-browser (e.g., Google Hangouts and Yahoo! Mail's chat) would be considered cloud-based.

I am briefly delineating the difference between cloud and non-cloud computing to emphasize how cloud computing delivers its supposed benefits.

Cloud computing has a lot of benefits, and technical papers can list a lot. However, for us mere mortals (i.e., non-IT people), I will focus on what you may need to know.
  • Mobility and device independence (borrowed from the Wikipedia article) – You can access your data (e.g., download your data, make changes, create new file or record) from any device or location so long as you have internet connection and maybe a browser. 
  • Cost – Particularly if you use public clouds (we will define what a public cloud is later). Creating information systems that will give you the intended benefit would be costly both in monetary and experiential terms. Adopting cloud computing avoids the experience cost and as well as capital costs associated with systems development, as well as leveraging on the learning of other users that have used the system (and provided feedback to the cloud service provider).
  • Focus on your core function – For small businesses, public organizations or educational institutions, all of which may not have very big capital budget for information technology, cloud computing allows them to use technology available to support their core function without the need to develop (and spend on) their own systems. Looking back at my previous example of Google Sites, it allows collaboration in creating a website; multiple types of access (down to the page level), and easy addition of content. An additional feature of creating websites with Google Sites is that Google takes care of converting the website to a form that is mobile- and tablet-friendly. As it is Google-hosted, it allows you to also integrate other Google services to the website, like adding a calendar that will display information based on the person's Google account.  Imagine if you will have to write all these in code, and you are not a computer science graduate.
  • Security in data redundancy – While anti-cloud computing individuals say that it is risky, it can actually give IT people peace of mind as they know their data is stored and backed up in an off-site location (i.e. not in the place where the business is located). In the eventuality of disaster in the organization's area of operation, the  company knows that their data is backed up at a place where the disaster is not likely to have taken place as well. Of course, this requires [and does not take off the organization's or its delegated responsible person's responsibility to conduct due] diligence in determining where the cloud service provider actually stores your data. 
  • Collaboration – This feature of Google Docs (an example of a cloud-based software) ensured me buying into the idea. Google Docs (and its sister services, Google Sheets and Google Presentation), allowed multiple users to edit a file at the same time from different computers. Instead of sending back and forth different versions of a file, cloud computing allowed us to work on ONE file instead of sending back and forth different versions, which confused everyone which should they be using. Imagine if you have a web-based project management software, so that different project staff can update their responsibilities in the system, and the project manager can have near realtime update on how the project is doing. 
  • Maintenance – Cloud computing also allows IT administrators (if they use private clouds) to update just the back end (maintained by system administrators) of a computer system without tinkering the software on the front end (used by the end-users). They can simply update everything and the front end will update as they (usually) access the system through a web interface. 
  • Security in maintenance – As mentioned above, cloud computing allows system administrators to update the system without worrying about the end-users' client software. As most of the protocols are in the backend, cloud computing reduces the risk of a non-compliant end-user not updating his/her client software. 
Of course, cloud computing, like any HUMAN ACTIVITY, has its costs and risks. Here are some of the most commonly cited ones:
  • You need an internet connection. For you to access your data, you need to have internet connection. Most of the cloud storage services, like Dropbox and Google Drive, however, allow offline access by downloading your data on your computer and synchronizing it with your online account when you get online. 
  • You don't know where your data is located. As mentioned before, this requires you to conduct due diligence if your data is sensitive (e.g., related to national security or politics). Let me point out, however, that this is not limited to cloud computing. You could store your data in your USB flash drives. But if you are not careful, you could save your data to a virus- or malware-affected storage device, which may either corrupt the data or send it to an unknown person without your knowledge. Again, due diligence is required. 
  • Virus affecting all data in a cloud or networked system. Even if cloud-based systems are inter-connected, it does not mean that anyone (including a virus or piece of malware) can access data to another system without proper credentials (which is one of the foundation principles of information security). So even if a virus finds itself in a cloud storage device, being there does not mean (most of the time, if your system is designed right) will not mean corruption of everything in it. Another way of mitigating this is actually to ensure that you have your data backed up. 
Relatedly, if you are considering of outsourcing some of your information system processes, you should note what the contract says about ownership of the data.

To address the commonly raised concern on security and privacy, organizations may consider a private cloud facility. A private cloud facility harnesses the technical benefits of a public cloud (e.g., doing transactions on the server instead of installing applications in the end-users' computers) while ensuring that their data is in a facility they own. However, private clouds may not be able to leverage the economic benefits of public clouds as the organization will have to operate just as they have with a client-server system (i.e., maintaining a data center with its required supporting facilities, such as an airconditioned and secured room, back-up data storage facility, back-up power source, among others).

Personally, I am looking into the idea of getting a Network Attached Storage (NAS) with cloud capability, such as Western Digital's My Cloud Mirror or Synology's BeyondCloud Mirror. While we do have external hard disk drives, moving them makes the ports prone to wear and tear. I previously had to throw a 500GB external hard disk drive because I cannot access the data anymore (and I didn't know of any other way to get my data). With a NAS with cloud capability, my team can share files in a network environment (only those allowed through a username can access it) and access the same files when I am away through the internet.

Considering the benefits and the risks, and given due diligence in selecting the service provider or the facility, and being reminded of the supposed responsibility of ensuring security in designing ALL TYPES of information systems, I think cloud computing presents a real business case that executives should consider.

Encoded using LibreOffice

Wikipedia, "Cloud Computing," accessed on 30 August 2015.
University of North Carolina, "Cloud Computing," accessed on 30 August 2015.

Saturday, September 14, 2013

Google Calendar: A User's Introduction

Originally posted on:

For this post, I will not talk about Philippine energy. I will briefly introduce Google Calendar, with the hope that you (I hope you understand who you are) will use it to increase productivity and collaboration.

Google Calendar is (obviously) Google's take on calendar and task management. As far as I remember, Yahoo! has calendar also in their Yahoo! Mail, but it was not as integrated to their other products, and did not have a lot of collaborative functionalities (why does Google say that 'functionalities' is incorrectly spelled?) that Google Calendar introduced.

Google Calendar is a simple take and presentation on how we see dates vis-a-vis tasks, activities, sharing and communication. If you have a Gmail account, just look up, at the gray ribbon of Google services available, and you will see Calendar on the right-middle part. Click it, and that's almost it. (You will probably need to agree to the terms of services.)

There are a number of features in Google Calendar that I like, such as:

  1. Sharing of Calendar - By sharing calendar, this means you share one of your calendars. As people, we have different aspects of our lives. For example, we live as an employee, a part of a circle of friends, and member of a volunteer organization. For each of these circles, we can have a calendar, which we can share. And there are many ways of sharing: Allow certain people to see your calendar, edit existing appointments, create new ones, or manage the calendar, which means they can re-share your calendar to those who need access to your schedule. Of course, there is also the option of making your calendar public. When another user adds an appointment in your shared calendar, you get notified (via email or SMS, to be discussed next).
  2. Mobile Notifications - For me, I configured my Google Calendar to send me SMS to remind of in advance of my schedules  (many times for each event/schedule). This is, of course, in addition to notifications via the email. As discussed in the previous number, you also get be notified if a shared calendar is changed (someone requested an appointment or added a schedule, or edited an existing appointment, among others)
  3. Integration with other Google services - If you use Google Sites, for example, for managing a project or a team dashboard, you can (and I did) integrate the Google Calendar gadget so that it displays your calendar there. If your Google Sites is login-based, it would display your own Google Calendar.

Google Calendar is a very useful productivity tool that I hope you would use to increase productivity (of course) and enhance collaboration in shared activities.

For more information on how to do the things I listed here, you can go to the Google Calendar Help site

No, I am not a Google advertiser or stockholder. Just a Google Fan. :D

I may update this as soon as I have the time and realize its other exciting features.

Wednesday, November 14, 2012

Trying and Installing Drupal on an Ubuntu Linux Laptop

I underwent Drupal training two times, and so I can say that I have experience in configuring and organizing a  college website using Drupal. But I have yet to install Drupal on a machine by myself - the whole thing, I mean.

So last weekend, as I set for myself, I tried doing it on my own, in my own Ubuntu Linux  laptop. I installed LAMP server using tasksel. (I encountered an almost 2-hour struggle with that particular part, because I could not make Apache web server work. After about 5 to 6 times uninstalling and purging and reinstalling, it finally reactivated.)

Then, I followed the installation video (I will link the Youtube video soon), and also an Ubuntu guide on installing drupal. I used one distro in particular, Open Enterprise, because I was led to believe that all the capabilities I want (rotating banner, social integration, blogs, SEO tools, etc.) are already there and just needs activation. I was wrong.

After installing (of course, I had to create a database first with MySQL, download the package and decompress it to the /var/www directory of my Ubuntu), it worked, but the apps are not yet there, and when I tried to install (download the package and install), there were some problems.

I could not actually figure out what the problem was. I am not sure if I don't know the username and password, or I have not configured it right (I did a few more steps apparently to allow clean-url to work), or the software was not configured for FTP, or something.

I installed additional packages (vsftpd I think). Still didn't work, after that, but I tried a different username and password (my computer login and password), and the FTP installation for the additional App (rotating banner, SEO tools, social integration) finally installed.

And yes, besides installing, they did work!

So now, the next stage is to try what I did on a laptop machine on a real server environment. I hope I will be successful, because if I am, I will do the same for our CAS website. It will be cleaner, easier to maintain, and more integrated to the UP Manila website that IMS is planning to develop.

Friday, August 17, 2012

IT Developments at CAS

With the eUP of the UP System, and the OpenERP of UP Manila, what can CAS offer?

DPSM has started the Faculty Information System (FIS), which the IT Office hopes to improve. In the meeting yesterday, the Dean of the College of Dentistry, Dr Medina, mentioned the frustrating data collection done by the UP System - Forms 15 to 23. I wanted to answer that the CAS is doing that, but I could not. I don't want to. Not yet. I have to wait until the FIS is improved.

Also, the Office of the Dean has purchased wireless routers for deployment at CAS (and SSWC) to improve the coverage of the wireless (obviously) network. I simply hope our internet gets better for the students and faculty to appreciate the development our College is doing.

On my own level, as practice of my training in database, I will make an equipment / property information system. The aim of this system is for the College (through the Supply Officer) to track maintenance activities, purchases, expenses and utilization related to the various equipment of the College.

I wanted to type "What else?" but I had to erase that. I am not even an information technology or information system officer, so these things are not actually within my responsibility. I want to help, but I want to make sure I can help well. So I will limit my effort to the smaller things for now.

For the AAC meeting, I hope I can communicate effectively the desire of the College - a comprehensive academic institutional information system (educational ERP?) that can answer their information needs so that they can manage effectively and efficiently. It will be slow, but this is a start.

I know we can do it. We just need to have the will and engage.

Monday, June 4, 2012

Flame malware targets Microsoft Update system: Patch now (Security)

Original Post:

Takeaway: Microsoft released a security alert and patch due to the disturbing news that the hugely complex Flame malware has spoofed MS-signed certificates, potentially making Microsoft Update a malware delivery mechanism. Yikes and double yikes.

In what security researcher Mikko Hypponen calls the “Holy Grail” of malware writers, the massive and complex Flame malware, linked to state-sponsored espionage and information-gathering, has managed to spoof Microsoft-signed digital certificates, creating the potential for man-in-the-middle attacks on the Microsoft Update system.

Clearly, as Hypponen points out, successfully exploiting this vast delivery mechanism for malware could be disastrous. If the Flame module successfully performs a man-in-the-middle attack, it drops a file called  WUSETUPV.EXE on to the target computer. As of now, however, Hypponen says, “…It has not been used in large-scale attacks. Most likely this function was used to spread further inside an organization or to drop the initial infection on a specific system.”

Microsoft’s warning and patch are located on its support page. The full Technet Security Advisory is linked here:

Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:

Microsoft Enforced Licensing Intermediate PCA (2 certificates)
Microsoft Enforced Licensing Registration Authority CA (SHA1)
The investigation into the incident is ongoing, but the main takeaway for now is to patch immediately!