2013/01/27

National Security: Prevention and Strengthening Defences missing from Gillard Strategy

The Gillard government has released a new National Security strategy specifically including Cyber-Security. It updates a 2009 strategy released by the Rudd government:
Strong and Secure: A Strategy for Australia's National Security
The strategy is strong, competent and wrong...
Because what is outlined is incomplete:
They have failed to address the root cause of cyber-attacks: vulnerable and error-filled Operating Systems and poor Application Software. Fix the weakness, stop the compromises before they happen, spend the money on where it can do good, not support "Business As Usual".
Cleaning up the mess and containing damage after the fact is exactly wrong: it's attempting to catch the horse after its has bolted.

2013/01/26

Security: Computer Security for Business Continuity in Healthcare

If you run a Healthcare-realted Business, things changed in the last 6 months...
Ransomware is set to boom [0] and cyber-security is now part of our National Security Plan.
Businesses now have to secure their computers and data just as they secure their premises and goods.

It's not optional, fail to do so and you will go out of business, just when is the question.
Ask yourself this: "If my computers were destroyed, how long could I continue the business? At reduced capacity or at all?", then act accordingly.
i.e. Does anyone around the world see you as a high-value, exploitable target?
Especially those in low-income countries with employment problems: poverty corrupts, not just power or the love of money.

The Internet is defined by its explosive growth: A few For-Profit hackers have noticed Business Ransomware is an ideal way to monetise remote computer attacks & exploits.
The numbers of these attacks will now double every few months as word gets around, new "toolkits" are sold to them and they ramp up their activities.

Every business that can raise $5,000 and relies on its systems and data for daily operations is now in their sights. These people have no morals, ethics or compassion in their work: they want your money and don't care about the damage they cause or the impact of their actions. Appeals to them will fall on deaf ears. Neither believe that a single ransom payment will be the last you'll hear of them. Why would you trust the word of criminals who've already broken in and callously damaged your systems?

2013/01/11

Security: Healthcare systems are "soft-targets": the Next Big Exploit

Previous pieces on Security:
I'd been racking my brains as to how Cybercriminals can "monetise" e-Health Records and writing to someone else, think I've understood it finally after a "Top of the News" report by the Security for Professionals: SANS.

There are two ways to monetise e-Health Records:
  • Identity Theft. Huge amount of high-quality info. Medicare Cards are worth 'points' as Govt. ID's.
  • Ransomware: healthcare can't operate without its data and they print money by the truckload.

2013/01/04

Storage: Smaller is better in Hard Disks

I upgraded my TimeMachine ® drive two days ago on my Apple Desktop [2009 Intel Mac Mini, OS/X Snow Leopard].

I went to a local office supply chain-store and bought a Seagate USB3 drive for $90, replacing my older 'Buffalo' USB2 drive, maybe 12-18 months old. While the Mac Mini only has USB2 ports and I can realise the higher bus speed, it will work on newer computers as well.

My new drive is 1TB, 2.5", covered by the statutory 12mth warranty. Better to replace without pressure, than when things are broken... The old drive can go on the shelf as a long-term roll-back.

This is a trick I learnt from a friend with a number of Macbooks and iMacs:
permanently attach an external drive for TimeMachine... Cheap and Effective!
2.5" is important.
The consumer drive variants (not 'enterprise', designed for servers) are built to be mobile (laptops & portable devices) and so are more robust, shock-resilient, etc.

But that's not the 'secret sauce': it's power consumption, and its relative, heat dissipation.

2.5" drives can be fully powered by USB 2, in the normal/correct specification [not the 10W+ that the iPad demands, but well under 5W, even 2.5W]. They run cool, quietly, on low-power.

Not needing a "wall-wart" is really important: it can never be lost, never blow up, never "leak mains power" or cause earth-loop problems (my Western Digital 3.5" drive sparks against the frame when I plug it in. Scary.)

There's a reason based in physics for 2.5" drives using a lot less power:
the aerodynamic drag of the platters,  the main power consumer that is turned into heat, is affected by 3 factors: number of platters, rotational rate, size of platters.
Firstly, they only have 1 or 2 platters, versus 4 (max 5?) you'll find in 3.5" drives.
"low performance" 2.5" drives at 5400rpm spin slower than 3.5" drives, mostly7200rpm  -  a ratio of 1.33:1.
Aerodynamic drag increases with the cube (third power) of speed/rotational rate. The cube of 1.33 is 2.37.

Just these two factors reduce potential power demand by about five times, albeit for one-quarter the space compared to a 4TB 3.5" drive. But 1TB is more than enough to maintain snapshots of my 300GB drive and is a good fit for me.

For the next factor:
Disk Drive form-factors are related - each size has platters half the area of the larger size, so the diameter/radius ratio is 0.7/1.4 times, the square root...
The 3rd factor overshadows all others:
The drag is proportional to the fifth (5th) power of diameter.
This ratio for a diameter ratio 0.7/1.41 is 0.18/5.66.
Just halving platter area, and halving capacity/plater, reduces power needs by another five times.

Without trying, 2.5" drives use 20 times less power, for only 1/2 to 1/4 the capacity.
For the same capacity but slower spin-rate, they use 10 (ten) times less power,

Four 2.5" drives use just a little less space than a single 3.5" drive [102mm x 140mm x 19-25.4mm] vs [102mm x 147mm x 26.1mm], ignoring connectors.

The Small Form Factor Committee very nicely designed the footprint of each device size to be the same ratio meaning the length of the next smaller size is the width of the current size. If you've ever noticed, you can lay a 2.5" drive sideways across a 3.5" drive. Four 2.5" drives, in 2 stacks of 2, will fit within a box that would hold a single 3.5" drive. Adding connectors is trickier - they are at right-angles to each other in the two form factors.

A side benefit you have 4 sets of independent electronics, buffers and heads working for you.

You get better aggregate throughput and seek performance from 4 smaller drives, OR you can sacrifice 33% of capacity for radically improved fault-resilience and setup RAID-5 over 4 drives.

But 2.5" drives cost around 35-100% more per GB, depending on models.
It depends what value you put on your time and your data...
I think $90/TB vs $75/TB is insignificant compared to the benefits, even for home use.

If its business or professional-use data for a modest drive count, the economics of 2.5" drives are a slam-dunk (or "no-brainer").  If you have petabytes to store, you got other problems to solve.

At this point you might be wondering "If small is good, and much smaller is much better, why don't we have smaller Form Factors in common use?"

We do.

1.75 inch drives are manufactured in volume, but not sold in "computers", only embedded in mobile devices. They are tricky to manufacture with the same problems as making watches.
The Small Form Factor Committee never specified a standard, especially for thickness, of these drives.

There have been previous credible attempts at micro-minature HDD's: around 2000, IBM built the largest capacity "Compact Flash" drive available. It was a hard disk. While they were both highest capacity and best price/MB, they weren't popular with working Professional Photographers - they were too fragile... One of the extreme advantages of solid-state memory, like "Flash", is its robustness, especially when turned off. If you keep static electricity away from them, they can be nearly indestructible. The data will fade away ("Flash" EPROM is not permanent) long before they'll succumb to mechanical damage...

But within a couple of years the market collapsed because real Flash memory overtook them in capacity, price/MB and transfer rate.

Not long after RAID-5 was proposed in 1989, there was a good academic paper that suggested by 2000 we'd have a new type of storage: many single platter 1 inch drives soldered onto boards.

The economics of very small form-factor disk drives turned out never to be compelling.

If nobody is building the drives in volume, the price cannot be competitive with substitutes, like Flash for smaller units and 2.5" and 3.5" drives for larger units.
If there is no demand for a product, then no manufacturer will invest in the R&D and manufacturing facilities to ramp-up to volume production.

It sounds like a chicken-and-egg problem: nobody builds small drives so nobody designs products based on them so there is no reason to build small drives.

But that's not the whole story: drive manufacturers can do the Maths and know their production economics and capabilities very well.
If they thought they could produce rugged, small drives that were cheaper and higher-capacity compared to Flash, then one of them would've tried it. If they'd have made a profit, everyone would've followed, just like the 5.25 inch to 3.5 inch and 3.5 inch to 2.5 inch changeovers.

The stumbling block is per-device manufacturing cost.

Disks are complex mechanical devices, assembled individually to very fine tolerances. Their production costs are dominated by that, not raw materials and the process doesn't scale well with volume. While disk capacity has doubled every year for 15 years, the minimum unit price has either remained the same or risen.

Very small format drives, even in high volume, would, per unit, cost a sizeable fraction of 2.5" or 3.5" drives.

Compact Flash chips, whilst small capacity (1-32Gb) compared to even 2.5 inch drives (1000Gb), are cents per chip to produce and the technology to scale volume production of them is very well known and researched, but more importantly lends itself to scaling up.

Flash current sells for $1-$10/Gb and 32Gb is $10-20 retail, or less. SSD's are more expensive per GB than SD cards and USB Flash memory devices for a number of reasons related to speed, reliability/durability and wear-rate.

No 2.5" drive can be smaller than mid-capacity Flash memory or SSD: no user would buy one.
Or, the smallest 2.5" drives you can sell for $50-$60 are 250GB, or $0.20/GB.

If you could make a very small format disk drive for as little as $30 retail, it has to compete with Flash.
It'd have to be over 128GB to sell, or at least half the capacity of a small 2.5 inch drive or one-eight the size of high-capacity 2.5 inch drives.

Which gives a smallest economic form-factor of 1.25 inch, this year.
Next year, when Flash memory reduces another 30%, it's marginal and the year after, when Flash cost/GB has halved, completely uneconomic. A two year product life is well below the payback period.

There haven't been any discoveries or developments in magnetic disks that will change these economies within 10 years: we won't ever see high volume production of computer drives smaller than 2.5 inch.



Drive Dimensions:
2.5":  70mm x 102mm x 9mm [thickness varies, 7mm to 12.7mm. 15mm for 'enterprise']
3.5": 102mm x 147mm x 26.1mm [std "1-inch" thickness]

Sources:
[http://www.sffcommittee.com/ie/index.html]
[ftp://ftp.seagate.com/sff/8000_PRJ.HTM]
[ftp://ftp.seagate.com/sff/SFF-8200.PDF] 2.5"
[ftp://ftp.seagate.com/sff/SFF-8300.PDF] 3.5"