The “invisible infrastructure” of VMware cloud is a vision that emphasizes freedom from boundaries

The Virtual Distributed Switch abstracts the data center fabric and provides a sea of ports. vCloud Director (VCD) creates an Org Virtual Data Center (VDC), including allocating compute and storage resources. Tenants/orgs can now provision their own logical network to connect these resources. VCD delegates networking/security control to the vShield Manager, which in turn creates a VDS port group backed by a VXLAN, maps the tenant id to the VXLAN segment id, and connects org VMs to the respective ports in the port group. Additionally, vShield Edge provides multicast services, and maps tenant broadcasts into provider multicasts (using PIM). We now have VXLAN backed logical networks, which are elastic (add/delete vNics/ports on an as-needed basis).

With networking constraints out of the way, VDCs can now span cluster, pod and subnet boundaries, removing one of the major limitations in the data center.

I covered this in my VMworld 2011 sessions on Penetration Testing the Cloud relative to the concerns around segmentation. Risk analysis or threat maps will help refine the topic but in most cases the best security is one that does not impede the ability of the business to operate freely. The ultimate security objective, in other words, should be to create freedom from interference.

While removal of the limitations might sound scary at face value there are many ways to transparently validate segmentation and controls are still effective, even in a multi-tenant environment. I will be presenting on this again several times in the next few months, and then publishing a book early next year with a toolkit and scripts to help.

Once again libraries are under threat of closure. It seems strange that a place of privacy protection and learning could lose support at a time when they are more relevant than ever.

Take the Netflix model of paying a nominal monthly fee in order to check out a movie, for example. Who wants a Netflix account when they could give the same amount to their local library and get far more in return? Libraries do information dissemination without the burden of trying to make a profit for their investors, which has come to mean they don’t have any incentive to track, collect and sell your identity information. They also end up allowing people to share access to a single license but, unlike Netflix, the license is technically owned by the viewers who share access.

Even more interesting is an idea that the notion of a library, as an exchange of information for public access, could be protected by law.

The Act says a local authority which is a library authority must “provide a comprehensive and efficient library service for all persons . . . whose residence or place of work is within the library area of the authority or who are undergoing full-time education within that area”. Its stock of “books and other printed matter, and pictures, gramophone records, films and other materials”, must be “sufficient in number, range and quality to meet the general requirements and any special requirements both of adults and children”.

That sounds like the library is the school. It might seem crazy to try and legislate the quality of information until you read how Isaac Asmiov described the library in a letter to new patrons of one in Troy, Michigan:

An updated version is on YouTube from Piers Cawley, who wrote and performed a song called “Child of the Library” at OSCON 2011 and then received a standing ovation:

Funny intro in the README

Is this tool for me ?
———————

[…]

As a script kiddie, you may have found a piece of code you don’t understand on the internet, but are nonetheless decided to go to jail.

In all those cases, and surely many others, Pmcma was probably made for you.

I think they mean that if you run Pmcma on code without authorization and get caught you will go to jail. The decision to go to jail? That sounds like a protest. I don’t think that fits with the motive of someone who wants to run scripts in the sense of a “kiddie”. Perhaps it could be translated into French like this:

En tant que pirate adolescent vous voulez tester le logiciel sur Internet et ne se soucient pas d’aller en prison.

Ok, that’s my attempt at Canadian French, but still…I put the emphasis on being unaware of consequences rather than making it a decision to go to jail.

Anyway, Pmcma offers to automatically write exploits for flaws it finds in software (given it has root privilege) without the need for sourcecode.