The Brazilian Embassy has this description posted on their home page:

III International Congress of Free Software and Government. CONSEGI is an important space to promote the exchange of experiences and information among Govemment Institutions, Society and representatives of partner countries. Lectures, panels and workshops will take place in the 2010 edition that will be marked by discussion on the topic “Cloud Computing”.

CONSEGI is held in Brasilia, Brazil each year (photo by me):

It would be an understatement to say I am super impressed with the energy, skill and expertise of computing in Brazil that was found at CONSEGI. Another American at the conference, who travels constantly for work, commented to me there that many in the US are unaware of many amazing developments happening outside our country. It is easy to see why he would say this. Surveys show technology adoption rates now skyrocketing in Africa and South America, yet it is Asia and Europe that still dominate the “international” section of tech news at home.

We should avoid thinking this as a language barrier. Portuguese may be less common but the CONSEGI conference ran smoothly with attendees speaking Spanish, English, French and even Korean. I found myself wondering why real-time multi-lingual translations are not an option at Black Hat or RSA. Have I missed something? CONSEGI offered it as standard and I was very grateful to be able to attend sessions with language options using some cool technology.

Paola Garcia Juarez presents in Portuguese, a mathematical model to estimate trust and security of Cloud Computing services (photo by me):

Actually, I was more than grateful. After I played around with a “translation box” I had a discussion at lunch with a brilliant executive from a major Linux distribution. We covered details of infrared wave technology, security and economics. It was a real change from the RFID focus (kind of like laser focus, but not) I usually find at conferences. Since US Army deployed massive amounts of RFID for military operations in 1992 (Somalia) it seems RFID has dominated the American perspective. That brings me to my second point.

We also should avoid thinking of this as a cultural barrier. Disparity in culture and aims actually is a benefit. The topic of the conference was Cloud Computing. A panel of eGovernment experts representing countries of the Southern Hemisphere (hint: there are five Portuguese-speaking countries in Africa) quickly brought to the table universal technology advantages and challenges, from very different perspectives. Ten minutes into just one of these sessions would probably blow the mind of most IT managers that are used to hearing only one perspective. The resourcefulness and creativity of people with diverse backgrounds working together created a rich source of new information.

The Cloud Camp was another highlight of the conference. Topics such as security of virtualization, best practices in cloud compute memory and storage management, and how to evaluate providers all were discussed in detail by attendees.

Technical labs were organized around the conference and it was cool to see them packed full of students learning their P’s (e.g. Postgress, Python, PHP, Perl).

Meetings and sessions ran smoothly, the weather was superb, live musicians were very talented and attendees represented a very wide range of ages and cultures. CONSEGI is a world-class event that should not be missed by anyone interested in global technology. I was honored to present this year on Digital Forensics and Investigations in the Cloud.

Amãpytuna? It is a word from the Tupi area of Brazil and the title of a book on cloud computing that came in the registration packet. Just one example of the many details not to be overlooked; keys from a wider perspective that could help find solutions in the future of information security.

The Register says at least 40 applications and the Windows operating system are vulnerable to remote-code execution. Here is the bit that caught my attention:

“Since Windows systems by default have the Web Client service running – which makes remote network shares accessible via WebDAV – the malicious DLL can also be deployed from an Internet-based network share as long as the intermediate firewalls allow outbound HTTP traffic to the Internet.”

This immediately reminded me of CVE-2010-2568, the recent and infamous Windows shell exploit that also relied on the WebClient based on Web Distributed Authoring and Versionsing (WebDAV). Could it be coincidence or was someone researching that exploit — they tried the same attack vector from the network — when they found this one? I know I was asking why a WebDAV exploit was used for the USB-based attack and whether it would work with a network share. That itch is now scratched.

I wrote earlier

WebClient is even disabled by default in server versions of Windows since 2003.

That contradicts The Register but it is true. I just checked again and as far as I can tell not all Windows systems have WebClient enabled. Many more should probably have it disabled by default.

Newsflash. Heartland was not breached again today. Ok, I am being faecetious but there also is a very important point of truth to this post.

The CIO of Heartland, Steven Elefant, called me about my blog post the other day called “Heartland Breached Again?”. He wanted to clarify the incident and how it was handled. We spoke briefly and I am happy to admit I was wrong in my assumptions. I would like to follow the Heartland CEO playbook and say I actually was misled (just kidding) but I will take the heat for this one.

According to Mr. Elefant the real story is that Austin Police were misquoted and the press has not (yet) done a retraction.

My take on the responsibility for Heartland — the opportunity for them to step in with better end-to-end solutions — was inspired by the statement from police quoted in the news. Changing this statement does not affect my position on responsibility. On this point I was really surprised and pleased to hear that Heartland actually agrees with my post. Although their press releases did not reflect it they had offered the retailer a secure terminal to replace the system believed to be at fault. Set aside the question of who pays for such an upgrade the retailer received a secure option that goes far beyond just moving from Internet to POTS. I had assumed that nothing like this had been done. My bad. Good job Heartland.

The lesson in the breach may boil down to just much greater urgency in replacing insecure payment applications in the Austin retail area. I think that is a message Heartland can agree with.

Many thanks to Heartland for taking the time to reach out and explain in more detail. I hope that helps clarify.

Denise Dubie quotes a Gartner VP webinar in her story “Technologies that won’t be ignored”. I found some analysis did not settle well.

“We cannot consolidate desktops. PCs by definition have a one-to-one ratio,” Paquet explained. “The return on investment model is fundamentally different even though the technology is fundamentally the same and therefore will not have nearly as high the potential ROI.”

I see what he is trying to say. Every user must have a PC — sit at the keyboard and look at the screen — so there is no way to share or consolidate…wait a minute. Of course you can consolidate the PC. The system board and all its fixings can be one-to-many.

That would be old-school, in fact, and has many popular applications. It would be just like servers where IT takes a plethora of hardware and consolidates. They do not remove ALL hardware, of course, just reduce. Reducing PC technology through consolidation makes sense but Gartner says it is not possible.

Why can’t we consolidate desktops? My guess is that this might end up an argument of definition where each time I point out how PCs can and do serve in a one-to-many model Gartner might just relabel this a server model.

Another odd bit. They give facts without attribution or citation in the webinar found here. One good example:

Did You Know? Percent Power Used: Typical x86 Server 65% Doing Nothing

Who says this? Their interpretation of a “nothing” could actually include running antivirus scans or a patch management. Background processes are too easily overlooked and underestimated. Turn this around and IT could easily miscalculate performance requirements — be surprised by big charges for “nothing” services in a pay-as-you-go model. CFOs will get cranky very quickly when they are forced to pay a premium for “nothing” loads not included in the 35% estimate by Gartner.

One more example quote without attribution or citation:

Did You Know? At current pricing the operating expense (energy) to support an x86 server will exceed the cost of that server….within 3 years!

Sounds like energy prices are rising. Or do they mean to say server prices are falling? Or is the point that energy consumption of servers is increasing while price of energy and equipment is constant? No data and no citation in the slide; form your own conclusions. I say 2011 is woefully late for noticing and working on energy costs of servers, but better late than never.

Finally, to the point of this post’s title, Gartner lists Cloud at the very bottom of their trends to watch, number 10. They say resource constriction (sizing down after load) is still a problem being figured out. This takes me back to the earlier “doing nothing” slide. If there is a problem figuring out when and how a server is “doing nothing” then why would we believe the earlier 65% statistic that tells us cloud/consolidation makes sense?