Telly in the Cloud with Google TV

Today at the Google I/O developer conference in San Francisco, leading industry players announced the development of Google TV—an open platform that adds the power of the web to the television viewing experience, ushering in a new category of devices for the living room.

Intel CEO Paul Otellini joined representatives from Sony, and Logitech, together with Best Buy, DISH Network and Adobe, joined Google on stage to announce their support for Google TV.

Over the past decade, the Internet has created unprecedented opportunity for innovation and development across the world, but so far the web has largely been absent from living rooms. With Google TV, consumers will now be able to search and watch an expanded universe of content available from a variety of sources including TV providers, the web, their personal content libraries, and mobile applications.

Google TV is based on the Android platform and runs the Google Chrome web browser. Users can access all of their usual TV channels as well as a world of Internet and cloud-based information and applications, including rich Adobe® Flash based content – all from the comfort of their own living room and with the same simplicity as browsing the web. When coupled with the Intel® Atom™ processor CE4100, Intel’s latest system-on-a-chip designed specifically for consumer electronics, the new platform will offer home theatre quality A/V performance. Sony and Logitech said they would be delivering products based on the new Intel Atom processor and running Google TV later this year. While Google TV is designed to work with any TV operator, at launch the user experience will be fully optimized when paired with DISH Network.

Read the complete news release

Legal implications of Cloud Computing

To say that cloud computing is trendy would be an understatement: the topic is almost inescapable in the world of computing these days. I've written about it from the viewpoint of open source several times, because there are a number of important issues arising out of clouds: much of their infrastructure is based on free software, and there are interesting questions to do with licensing that clouds pose for applications. But one aspect almost never considered is even higher up the stack: the legal side of their use.

That's surprising, since clouds make already complex issues even more complicated - perfect material for lawyers. Indeed, I predict that this will ultimately prove a very rich vein for them and legal theorists in general. Meanwhile, we have a very useful first sketch of what the legal landscape of cloud computing will look like from Miranda Mowbray, who is Technical Contributor, HP Labs Bristol, UK (and “Not a lawyer” as she points out.)

Her article “The Fog over the Grimpen Mire: Cloud Computing and the Law” draws on a neat trope first used by a fellow journo, Bill Thompson:

In the real world national borders, commercial rivalries and political imperatives all come into play, turning the cloud into a miasma as heavy with menace as the fog over the Grimpen Mire that concealed the Hound of the Baskervilles in Arthur Conan Doyle’s story

Following this theme, Mowbray prefaces each section of her article with apposite quotations from the Conan Doyle story, which leavens the potentially heavy subject matter.

Some stuff is important, but pretty obvious:

A company using cloud computing may well find itself using hardware and software that are in different countries from its own physical location and the physical location of its customers. We are likely to see legal disputes arising from geopolitical and jurisdictional issues to do with these cases. There is also a potential market for geographically-restricted cloud computing services, where part of the service offering is an assurance that (for instance) the service will only process data in Europe, so as to conform with European privacy laws, or will only store data in Switzerland, so as to conform with Swiss data protection laws. Indeed, Amazon’s computing and storage services have an option for processing and storing in Europe rather than the US. Amazon added this option partly to reduce latency for European customers, but also because of data protection issues.

Other points are more subtle:

A cloud service provider may subcontract parts of the services, and this subcontracting will usually be invisible to the buyer. This raises issues and potential disputes that are also a problem of complex subcontracting agreements in other industries. These concerns include contracting and auditing requirements and questions of the distribution of payment if all goes well – and of liability if it does not. For instance, a problem may arise if two cloud computing subcontractors provide micro-services that are of good quality in themselves but do not integrate properly.

There are two factors in cloud computing that make these problems more acute than in other industries. The first is that the choice of subcontractor might be changed hourly according to availability and price. In this case the contracting and auditing involved with a change of subcontractor will need to be done rapidly and frequently, with as much automation of these processes as possible. To complicate matters, the new subcontractor may be in a different country from the old one, with the result that different laws may apply.

The second issue is that rather detailed data, which may be commercially valuable, flows from the customer to the vendor to the subcontractor. In other industries for which subcontracting is common, the subcontractors typically receive only a small amount of data about the customers, if they receive any at all. Suppose a cloud computing vendor goes bankrupt. Can the subcontractors hold onto the customer data as an asset? Can they threaten to publish sensitive data if they are not paid for their services? It is also not clear what rights a purchaser of the bankrupt vendor might have to the data.

Then there's this:

Cloud computing customers need to check what data their providers will release to third parties, and under what conditions. Businesses are generally very reluctant to enable their direct competitors to have access to their customer contact lists or detailed sales data. But even innocuous-seeming data might turn out to be commercially sensitive. For example, someone who obtained information about the load levels for a company’s hypervisor might be able to use this information for insider trading if the company used the cloud service for a crucial application. There is a particular issue about the sale of anonymised data. In the last few years there have been technical advances in the art of de-anonymisation (strictly speaking, de-pseudonymisation). Pseudonymised data is still proof against opportunistic thieves, but an attacker who is out to get a particular customer, already knows a small amount of data about him, and is prepared to do some data processing, may be able to recover all the data about him in a large pseudonymised data set. Previously used practices of selling cloud customers’ personal or sensitive data in pseudonymised form – and regulatory guidelines approving these practices – may have to be revised.

If you have are using or have been considering cloud computing services for you company, but haven't been thinking about these kinds of issues, it would be well worth your while reading this article as a kind of primer. It raises a number of legal questions that are only just beginning to emerge, but which could develop into major points of contention in years to come once lawyers really get their teeth into this vaporous but juicy subject.

Cloud Security Bugbear

IT professionals are fearful that sensitive data will fall into the wrong hands if cloud-based services are used by their organizations, but many acknowledge that the risks are being ignored by some employees who may already be using cloud computing, according to a new survey. The Security of Cloud Computing Users study, conducted by the Ponemon Institute and sponsored by CA Inc., surveyed IT professionals in Europe and the United States. Those surveyed acknowledged that some parts of the organization may be using cloud computing services without their knowledge. More than 50% of respondents in the U.S. said their organization is unaware of all the cloud services deployed in their enterprise. "The [survey respondents] said, 'Yes, in fact, we're not confident what applications out there are being used within policy and we're not only not confident in what's really going on, but we're also not sure what the problems are we should be dealing with,'" said Mike Spinny, a senior privacy analyst at the Ponemon Institute. "It's a very concerning situation in that we're talking to people who are tasked with the responsibility of protecting information." In addition, the IT professionals surveyed by Ponemon found general angst over data security in the cloud with 68% noting that financial information and intellectual property were too risky to store outside the company data center. Those surveyed also said health records (55%) and credit card information (43%) should not be moved to cloud-based services. "There is a lack of confidence that has been uncovered by this study," Spinny said. "IT practitioners said they weren't sure a specific vendor went through the proper vetting process and if they don't know what's being used they're going to lack confidence and feel like they don't have control of their environment." The survey found that many organizations had a lack of understanding of who is ultimately responsible for ensuring security of data in cloud computing environments. Twenty-seven percent of U.S. respondents and 38% of European respondents believe their organization's security leaders are most responsible for ensuring safety. Only 38% of U.S. IT professionals said their organization was proactive in assessing whether information is too sensitive to be stored in the cloud. While IT pros at organizations in Europe generally held a more favorable perception about the state of cloud computing security than their U.S. counterparts, the percentages of organizations fully utilizing cloud-based services is low. The survey found that few organizations are using Infrastructure as a Service or Platform as a Service (PaaS), hosting providers that generally share infrastructure and computing power outside the company walls. The survey found that most of the cloud-based services were Software as a Service (SaaS) providers. Of those surveyed, 67% of U.S.-based IT pros said SaaS was in use in their organization. Meanwhile, only 35% were using PaaS. IT pros in Europe gave similar responses. Over time, both Spinny and Lina Liberti, vice president of marketing for CA security management, said they expected organizations to migrate to more cloud-based resources to reduce cost and boost efficiencies. Organizations need to become more familiar with cloud-based services and eventually they will determine that many of the same security technologies used in physical environments can be used in the cloud, Liberti said. In many cases, the identity management, log management, data encryption and network security systems currently being used can be applied to mitigate increased risks, she said. "I think we're seeing a natural evolution take place within organizations," Liberti said. "Years ago IT practitioners wouldn't have thought to move sensitive data from the mainframe to the distributed server environment. It happened over time and today we're seeing a similar progression with the cloud."

Sony eyes Intel, Google for next-generation TVs

Intel’s consumer electronics push has been quietly gathering steam for months now, with a number of big deals rumored to be in development. Bloomberg this week reported its sources claim that one of those deals is with a huge player: Sony.

“Sony Corp., trying to reverse sales declines in its TV division, will announce home-entertainment devices next month that use Intel Corp. chips and Google Inc. software, said two people familiar with the matter,” Bloomberg said.

Sony, Bloomberg said, wants to use Intel Atom-based systems-on-a-chip from our Digital Home Group to “produce televisions and Blu-ray DVD players with Internet access.”

Intel, Bloomberg said, “will create an experience called “Smart TV”—where the Internet access will be integrated with advanced television guides, personal content libraries and search.”

CrunchGear said the move was a big gamble for Sony: “This could either be a huge win or a fail whale.”

CrunchGear said the concept made sense in Sony’s home market, Japan, where many consumers get HDTV over the air, or directly from cable coaxial input, without a cable TV box sitting on the TV.

But in markets like North America, many consumers’ cable TV service includes a set-top box, and programming is controlled via a remote that connects with the set-top box and not the actual TV.

CrunchGear speculated that perhaps Sony is working on “some sort of layer that can be served up over top of the cable or satellite content and not a totally separate function requiring switching inputs or changing modes.”

Mary Ninow, a spokeswoman for Intel, declined to comment. Meanwhile, other media sites speculate that more details will be forthcoming at the upcoming Google I/O conference May 19-20.

Application Virtualization Through Instance-Level Isolation

Application virtualization provides a rich solution for managing secure, multi-tenant operations in the data center and the cloud. Among the features that enable this solution is that of isolation. This feature functions on two levels:

1. Isolating a single instance of an installed application into a package that can be automatically distributed to endpoints, based on provisioning policies; and
2. Executing an application instance inside an environment that protects it from access from other instances.

The resulting benefits seem fairly straight forward. Among them, application virtualization eliminates the worry of application conflicts as well as data leakage, and greatly decreases the attack surface of applications. When combined with a solution that offers ease of packaging, application virtualization quickly becomes a solution to provisioning and managing all sorts of complex software environments. As a result, many enterprises are looking at application virtualization as their new method of application management and delivery.

At the same time, application virtualization needs a controlled environment, especially when applications have unexpected results, including not processing as intended and negatively impacting other applications. One solution answer is to provide a “sandbox”, where the application remains isolated. With a safe and controlled sandbox, the confined application is free to run.

What about secure multi-tenancy? There are multiple flavors of application virtualization. Of those I have reviewed, I have found instance-level isolation to be most compelling.

Running applications within instance-level isolation provides disciplined resource management. One can allocate system resources (such as CPU cores, disk space, etc.) to an instance, and allow access to the resources without conflict. Instance-level isolation has the advantages of providing very low overhead to the performance of each instance, so that one can run multiple instances on a single system with close to bare metal performance. Other advantages of instance-level isolation include basic monitoring, providing discrete view of the application stack. Providing administrators and developers with a very clear and precise picture of what is really happening enables isolated problem solving. Encapsulating problems within an instance by using instance-level isolation stops the spread and potential cascading effects.

One pervasive cascading effect is a runaway process, which consumes any and all available resources and can bring a server to a halt. Encapsulation prevents that from happening: with a safe and controlled allocation of resources, only that instance would be impacted, and potentially halted. Without impacting other services, the administrator can address a specific problem, as well as transparently manage change. It is easier to upgrade to a newer version of a core library, needed by one application, if one doesn’t have to test for any negative side effects on others. If, for example, memcached needs a newer version of libevent than that required by another application, one can easily upgrade the memcached instance. Try doing that on a machine where all applications are physically running, or without a 1:1 VM to application mapping.

Instance-level isolation carries multiple advantages over these. Among these are the superior scalability, reduced overhead and improved manageability on the side of instance-level isolation, as well as lower setup and maintenance costs over traditional virtualization of the full OS and HW stack. This is achieved by wrapping each virtualized application in its own protective bubble. In doing so, each application, for all intents and purposes, appears to be the only one running, and any writes or changes it makes to the base system are transparently virtualized, such that conflicts, collisions, and contention do not occur. Instance-level isolation had been developed to address the "unknown" of client devices, and provides a clean way to package apps to be sent to users such that the virtualized apps do not conflict with one another, or with local apps on the base system.

Reviewing various products, I have seen demonstrations showing how VPEP offers instance-level isolation. VPEP achieves this by virtualizing each component required to execute a complete service, storing the meta- and user data on the file system, and running components as needed, which provides greater scale out capacity. I am keen to delve further into how they achieve this – this blog entry provides more detailed information.

All in all, there are benefits when enlisting private cloud or public cloud providers to offer instance-level isolation. This is definitely what I see as another win on the path to true secure multi-tenancy.

Classmate - tablet for the next generation

‘Intel’s latest Classmate: Who needs an iPad?’ was the headline on ZDNet’s story on the latest iteration of the Intel-designed convertible classmate PC that was officially unveiled to the world in an event at Central Park Zoo in Manhattan. As the children used their new classmate PCs to sketch pictures of animals pacing in their cages, review sites were putting the classmate PC through its paces.

ZDNet’s Christopher Dawson, a longtime fan of the classmate PC, said, “The new convertible tablets are improved on several fronts, taking a relatively tough, kid-friendly computer and turning it into a rugged iPad killer with a keyboard and software stack suitable for a variety of use cases all the way from Kindergarten through 12th grade.”

He noted the new convertible classmate PC turns into a tablet PC, can be ordered with anti-microbial keys (i.e., they resist bacteria coming off smudgy little fingers), and gets more than 8½ hours of use on a charge.

Cnet said the classmate PC was comfortable and easy to hold, noted its powered by a new Intel Atom and added that the user interface was easy to use.

“The only question is, at $499, would a school possibly choose an iPad instead?” CNet asked. “Granted, the iPad is not shock-resistant, can't run a regular OS, and is limited by the apps available on the App Store. We've heard of a few school administrators considering iPad purchases, but for now the Classmate seems like a less flashy but far more practical solution.”