Security issues, IaaS, BrowserID, App Engine, CloudRoulette, some reading

Post date: Dec 11, 2011 10:30:15 AM

This has been busy busy week, lot of studying, testing, meetings & planning.

  • Found one more serious security issue. One unnamed provider delivers firewalls which have nicely configurable port roles. Any port status can be changed between lan groups, wan, wan2, dmz etc. Major issue here is that when the device boots, port array is initialized as a switch. And later in boot process (after about one minute), ports are reconfigured according requested configuration. This allows all ports, lan, wan, dmz etc to be bridged for about one minute during firewall boot. As far as I can see, this is totally disastrous security issue. Yes, I have informed them about this matter.
  • Had a nice meeting with our IaaS cloud provider about their current services, and new products and services being soon in production state.
  • Checked out BrowserID. I don't personally like the fact they're using email address as identity basis. Otherwise concept would be nice, if browser could generate identity, and sites use it using standard PKI authentication.
  • App Engine has been suffering strange performance issues. Tasks which usually take ~200ms have been now taking something like 15 seconds or even more. Worst case I have seen in logs has been over 62 seconds, even it should be under 1 second for sure. Let's see how long it takes before these issues are tackled.
  • Tried CloudRoulette for deploying WSGI Python apps. It works nicely. Supports multiple hosting companies and allows you to deploy your app to another hosting provider very quickly.
  • Read: REST APIs and performance optimization article - Thinking Beyond REST, very basic stuff.
  • Read: UX articles like Crash course in UX. I can fully agree with this article, but nothing really new there.