An overview of data location regulations and which providers support user designation of data storage sites.
2015 is going to be a major year for cloud computing. As the growth in cloud usage continues, governments are taking more and more interest in security of personal data.
Herein lies a problem. It has become almost impossible to stop data from crossing over the lines on maps that separate one political entity from another. However, politicians want to be seen as exerting their will over important issues, and data sovereignty has become one such issue.
The EU's General Data Protection Regulation (GDPR) is due to roll out across member countries during 2015. The GDPR defines what is deemed to be personal data and sets fines for such data being compromised by any company with operations in the EU. The fines could reach up to 100 million Euros or 5% of worldwide revenues for the offending company. All data breaches will need to be fully documented and disclosed to the EU regulator, and a breach may include the transfer of such data outside of the EU.
In the US, data breach disclosure requirements are already in place. However, via the Patriot Act, FISA (and FISAAA) and the use of disclosure warrants, the US is attempting to extend its reach beyond its shores into other territories. Such actions would obviously break the EU's GDPR.
Although Asia operates essentially as a collection of separate countries, 2014 showed a marked move towards a more European style of data security. As the growing economies of China, South Korea, Malaysia and others drive existing economies of Singapore, Japan, and Australia to change how they operate, each country is adopting data protection laws that they believe will enable them to compete effectively on the global stage.
So, where does this leave data sovereignty? It still looks like the overriding concern should be to partner with a cloud provider that has demonstrable capabilities around data security. Once that decision has been made, the need to maintain data in a specific geographic location can follow on. It's important to find a provider that understands technologies like data caching and content delivery networks (CDNs), which may violate data sovereignty rules.
Overall, data protection laws are still some way behind the actuality of data processing needs. Expect more change, and choose a provider that is prepared to deal with such change.
After the Lumia 800 and Lumia 510 were detailed on NaviFirm, this indicates that the Lumia 900 is also all set to get the Ms windows phone 7.8 upgrade as it too has been clicked on NaviFirm.
A review by WPCentral declares, “One of our eagle-eyed visitors captured the Lumia 900 getting in on the action. The OS upgrade is for RM-823, which is the worldwide, non-AT&T edition and has an OS edition variety of 8858 with the 12480 firmware. Ms windows phone 7.8 is completed at 8858 making this a true formal upgrade.”
The website goes on to state that one of its visitors had handled to obtain and show his Lumia 900 with the new OS and declares, “No Nokia functions, just stay flooring, Google image, new shades, new start show, new image.”
These functions are required as part of the Ms windows phone 7.8 program and the review contributes that Nokia will most probably include the camera applications via the Nokia Selection when it formally comes out the upgrade to customers.
Microsoft exposed some of the new functions that come with the upgrade, but the emphasize comes in the last passage of the post on the Ms windows phone Blog. Terry Myerson, Business Vice Chief executive, Ms windows phone, described, “We know you are desperate to get the Ms windows phone 7.8 upgrade, and we want you to know that we’re working carefully with our components and service provider associates to get it examined, accepted, and combined out to as many gadgets as possible in early 2013. As we work to quickly get this in the hands of our devoted customers, we’re also determined to provide a high-quality launch and ensure a sleek conversion for our commonly extended services.”
Myerson described that Ms windows phone 7.8 not only functions the new Start show, which is used on Ms windows phone 8, but also delivers in a new variety of functions. He said that when he used the WP 7.8 upgrade on his Nokia Lumia 900, it sensed like using a completely new phone. Myerson described, “Resizable Live Tiles totally change the way I do things, offering quicker access to more of my preferred individuals, images, and applications.”
Windows phone 7.8 comes with more styles as well as an improved variety of feature shades, which is now 20 in all. The new os also functions new secure show functions such as the option to instantly show the Google Picture of the Day and the ‘A1B2C3’ PIN/ security password task to avoid random device baby wipes on mobile phones linked with Exchange records.
He had also described that there are a variety of new applications that are coming to Ms windows phone 7.5 and Ms windows seven.8 customers. Apps such as Words with Friends and Sketch Something are already available, while Upset Wildlife Space and Upset Wildlife Celebrity Conflicts are on the way.
Myerson described, “New designs running Ms windows phone 7.8 are beginning to launch in many nations around the world, building up the environment by offering more Ms windows Phones to more individuals. These gadgets will generally be marketed at a variety of lower prices, significance there will now be Ms windows Phones for everybody's budget and need. This is vital for expanding the reach of Ms windows phone across the planet and guaranteeing we have the right product for every market.” The examining of the rollout of Ms windows phone 7.8 is already ongoing and Ms has handled to increase its international service protection by over 30 percent, increasing it to 95 countries—a variety that should continue to increase.
Summary: Unless internal expansion is
required, we can find little wrong with the ThinkCentre M92p Tiny as a
business-class ultra-small-form-factor PC.
The days of the traditional tower-format PC as a business workhorse
may be numbered, but that doesn't mean it's appropriate for every
organisation to embrace BYOD, filling their offices with assorted
notebooks, ultrabooks and tablets. There remains a need for affordable
and manageable desktop PCs that are space- and energy-efficient, and
that IT departments can deploy with minimal hassle.
Lenovo's ThinkCentre M92p Tiny
takes the small-form-factor PC very seriously, squeezing a perfectly
reasonable (albeit minimally expandable) specification into a very small
'one-litre' volume of desk space. The price of our review system
(system unit plus keyboard and mouse) was UK£531.05 (ex. VAT);
nearest-equivalent prices elsewhere are US$774 and AU$651.89 (both these
configurations are for a Core i5 rather than a Core i3 processor, as
reviewed here).
The
ThinkCentre M92p can be specified with an optional VESA monitor
mounting bracket that also accommodates a USB 2.0 optical drive.
Design : The overall impression of the ThinkCentre
M92p's design is functional and unobtrusive. We measured the base unit
at 18.2cm by 17.8cm by 3.3cm, which works out at 1.07 litres, so we'll
give Lenovo its 'one-litre' claim (that's 7.2in. by 7in. by 1.3in. and
2.27 pints). Our review unit was fitted into a VESA monitor mounting
bracket that also accommodates an external USB optical drive, bringing
the full dimensions of our review sample to 18.2cm by 18.2cm by 6cm
(7.2in. by 7.2in. by 2.36in.). The weight is 1.32kg (2.91lb) for the
system unit and 2.07kg (4.56lb) with the VESA bracket and optical drive.
The ThinkCentre M92p (minus the optical drive) mounted on the back of a monitor using the VESA bracket.
When used independently of the VESA mount, the M92p can be lain
horizontally or propped up vertically in a custom stand. There's no user
access to the internals, so you'll need to make sure you get your
initial specification right.
Features :
Our review M92p unit runs a 2.6GHz Intel Core i3-2120T
processor with 4GB of DDR3-1600 RAM. Graphics are handled by the
integrated Intel HD Graphics 2000 GPU and the OS is Windows 7
Professional (Windows 8 Pro is now available too). The second-generation
Core i3 processor used here doesn't support Intel's vPro
remote/out-of-band management technology, but a third-generation Core i5-3470T chip is available that does.
For storage, our review unit had a 320GB SATA II (3Gbps) Western
Digital hard drive spinning at a moderate 5,400rpm. Options include
alternative hard drive capacities (500GB, 750GB) and a faster 128GB
solid-state drive. We also had an optional USB 2.0 optical drive
attached to the monitor mount.
The M92p has four USB 3.0 ports — two at the front and two at the
back — plus another USB 2.0 port at the back for attaching the optical
drive (which adds two more free USB 2.0 ports). For networking there's a
Gigabit Ethernet (RJ-45) port, with the option (not present on our
review unit) for Wi-Fi (single- or dual-band 802.11n) as well. Video
connectivity is good, with two DisplayPort connectors and a legacy VGA
port on offer. If you buy a couple of the optional splitter cables, you
can configure a single large screen using four monitors in what Lenovo
calls Mosaic mode (we didn't get to test this, as the cables weren't
supplied):
The ThinkCentre M92p driving four monitors in Mosaic mode, courtesy of a pair of DisplayPort splitter cables.
The power supply is a reasonably compact external 65W unit.
Performance & power consumption :
The Windows Experience
Index (WEI) for the ThinkCentre M92p is a moderate 4.6 (out of 7.9),
the WEI corresponding to the lowest component score. As usual, this is
for the integrated graphics — specifically Graphics (Desktop performance
for Windows Aero). Memory (RAM) (Memory operations per second) and
Primary hard disk (Disk data transfer rate) both scored 5.9, Gaming
graphics (3D business and gaming graphics) registered 5.8 and Processor
(Calculations per second) led the field with 6.9:
This isn't stellar performance, particularly on the graphics front.
However, there are options available for boosting speed if necessary:
upgrading the RAM to 8GB or even 16GB; specifying a faster
third-generation Core i5 CPU; or fitting an SSD rather than a 5,400rpm
hard drive. All of these upgrades will boost the cost, of course.
Running the demanding Cinebench 11.5
CPU and GPU benchmarks shows that the Core i3/HD Graphics 2000/4GB
ThinkCentre M92p performs similarly to the Core i3/HD Graphics 2000/4GB ThinkCentre M92z AIO system we reviewed recently:
However, when it comes to disk performance, the ThinkCentre M92p's
320GB SATA II 5,400rpm hard drive lags behind the M92z's 500GB SATA III
7,200rpm drive in the ATTO Disk Benchmark (61.1MB/s write and 67.1MB/s read versus 129MB/s write and 130.3MB/s read respectively):
One of the reasons for specifying a small form factor PC is to
minimise power consumption, so it's pleasing to see that the ThinkCentre
M92p is frugal in this regard, drawing between 13.6W and 37.6W under
various workloads:
ThinkCentre M92p power consumption under different levels of load (PT8 = Passmark Performance Test 8; CB = Cinebench 11.5).
Conclusion : Unless internal expansion is required, we can
find little wrong with Lenovo's ThinkCentre M92p as a business-class
small-form-factor PC (and there are bigger models in the range if
expansion is required). Our review unit was only a moderate performer,
but alternative configurations are available to give it more muscle if
required.
Summary:The next version of BizTalk Server is due in the second half of calendar 2013. A public beta is available now.
Just about a year ago, after a lengthy silence, the Microsoft BizTalk team shared a brief update on its next release. This week, Microsoft made a beta of the next on-premises version of Microsoft's enterprise-integration server.
The next launch of BizTalk is not going to be known as BizTalk Hosting server 2010 R2. Instead, it's going to be BizTalk Hosting server 2013. It still is on monitor to back up Ms windows Hosting server 2012 and SQL Hosting server 2012 and to include with Graphic Facilities 2012.
Last we observed, the new BizTalk was due out six several weeks after Ms windows 8 -- which could have intended Feb 2013 if Ms is keeping a record of from the release-to-manufacturing time frame, or Apr 2013 if the Softies were calculating from common accessibility. Ms windows formal term, via a representative, is there will be a Release Applicant for BizTalk Hosting server 2013 in "early 2013" and the RTM will be avilable in the second 50 percent of schedule 2013.
Based on signs decreased by the Redmondians a year-plus ago, BizTalk Hosting server 2013 could be the last on-premises edition of BizTalk. Going ahead, Ms is implementing a cloud-first design for BizTalk, company authorities have said. BizTalk can run in the chronic exclusive device on Ms windows Pink. "It will also have new plugs to the Ms windows Pink Assistance Bus Lines and Subjects for developing multiple reasoning programs," the representative said.
What particularly is part of the BizTalk 2013 try out beyond those out-of-the-box reasoning solutions adapters? Here's Ms windows short list:
• RESTful solutions – BizTalk Hosting server 2013 Beta provides plugs to produce REST endpoints as well as present BizTalk Hosting server relics as a RESTful service.
• Improved SharePoint adaptor, enabling SharePoint-BizTalk incorporation wtih a computer file discuss. "We have eliminated the need for reliance on SharePoint farming, while still offering in reverse interface," Ms windows site says.
• Business Assistance Bus (ESB) Tool set incorporation.
As of 2011, according to Ms, there were more than 10,000 BizTalk Hosting server clients using the product to include Ms windows business procedures with those from other providers such as IBM, Oracle, Siebel, SAP, JD Edwards, etc.
Summary:The Windows 8 launch appears to
be devoid of optimism---except from Microsoft executives. File this
launch and the financial impact of it in the wait and see category.
Ms will review its economical first one fourth income on Friday and all eyes will be on the Ms windows 8 release next week. However, objectives for the Ms windows 8 release appear to be combined at best.
The PC industry just isn't sure what to make of Ms windows 8. Apple CEO John Otellini mentioned there are many form factors and it's uncertain which one will win. Otellini said what components eventually victories with Ms windows 8 may not be known for a season.
Couple Ms windows 8---an OS that will have a new user interface and learning curve---with reducing PC income and Windows big release has a sequence of unknowns. Those concerns will be shown in Windows one fourth as well as the comments that follows the results.
Microsoft is predicted to review first one fourth income of 43 pennies a discuss on income of $12.68 billion dollars before Ms windows 8 release, according to Wall Road reports. The economical second one fourth, finishing Dec. 31, is predicted to bring income of 67 pennies a discuss on income of $17.77 billion dollars.
Given that leap from the Sept to Dec one fourth, experts are modelling some income pop. But experts stay careful.
Evercore specialist Kirk Materne said:
We believe the beginning reviews on Win8 is likely to be a bit combined and need moderate until new touch-enabled components is delivered later this year/early 2013 – tempering any post-launch move.
Barclays specialist Raimo Lenschow said that poor PC income are troublesome for the Ms windows 8 launch:
Although part of the justified reason for the PC poor point is generally linked to controlled buying before Ms windows 8, a major snapback in deliveries from such a large decrease is difficult to think about.
Oppenheimer specialist Shaul Eyal noted:
We expect Win8 to be a strong item. Near term, we believe there is less pent-up need than when Win7 was launched with less contact products available at release date. Additionally, the point that Win8 overhauls the user-interface could expand the item pattern popularity by a few sectors before capturing on.
Others are more high energy. Morgan Stanley specialist Adam Holt is predicting that 3 thousand Area models will sell in the Dec one fourth. The proven reality that Area has a edition of Workplace on it works to Windows advantage, said Holt. Morgan Stanley’s May 2012 Azure Document on pills recommended that 61% of potential item customers saw the ability to use Workplace as among the most important features to consider when buying a item, and should work to Microsoft’s benefit.
In the bottom line, the Ms windows 8 release seems to be without optimism---except from Ms professionals. Computer file this release and the financial effect of it in the delay and see classification.
Summary:Due in the first half of 2013, the next Service Pack for Exchange Server 2010 adds new compatibility and coexistence support.
As part of Microsoft Exchange Conference (MEC) week, Microsoft officials are sharing advance information on what's coming in Exchange Server 2010 Service Pack (SP) 3.
SP3, a "first half of schedule 2013" deliverable, will consist of new functions in addition to the regular repairs.
Among them, according to a Sept 25 Return Group weblog post:
Coexistence with Return 2013: Clients will be able to add Return Hosting server 2013 into their current Return 2010 facilities by including certain "coexistence changes" delivery in SP3.
Assistance for Microsoft windows Hosting server 2012: Clients will be able to set up and set up Return Hosting server 2010 on devices operating Microsoft windows Hosting server 2012.
Client Asked for Fixes: All repairs included within update rollups launched prior to Service Load up 3 will also be part of SP3.
In purchase to add these new functions, customers will have to update their Effective Listing schema, according to the publish.
"We are interacting the required changes before launch time frame to be able to assist our customers with preparing their update direction in advance," authorities said.
Microsoft is in the middle of openly examining Return Hosting server 2013, the next edition of its on-premises Return Hosting server product, as well as its on the internet supplement, Return Online, which is one piece of Workplace 365. Ms authorities are ongoing to decrease to say when these next variations of Return will be announced RTM/RTW (released to manufacturing/released to the Web). My resources say RTM for all of the Workplace 2013/Office Next customer, hosts and services will be in Nov 2012, with common accessibility and launch scheduled for early 2013 (around February).
There is one, slightly more devious, technique that websites can use to identify you. This is by amalgamating all information about the capabilities of your browser and system into a digital fingerprint.
Because of the amount of information that your browser will, if asked, reveal about you, this fingerprint can often be used to uniquely identify you to a site. Once again, the EFF is active in this area, and hosts a website to help you understand what your fingerprint is.
Point your browser to panopticlick.eff.org to see how unique you are. At the time of writing, more than two million people had used the site to check their browsers, and we still found that most of our machines could be uniquely identified. This means any website could track us even without cookies, LSOs or any of the other storage techniques.
At the moment, this is a theoretical vulnerability, and there have been no known cases of browser fingerprinting in the wild. If you're concerned about being tracked this way, the best way to prevent it is to stop scripts from running. This reduces massively the amount of information that a website can use to form the fingerprint.
The NoScript extension for Firefox provides an easy way to control which scripts run on a site. However, this will severely limit the function of many interactive websites. Web pages are made up of a number of different elements that your browser reassembles to make a single document. These elements may come from many different places, organisations and servers.
Any of these could contain some degree of monitoring using a technique called web bugging (also known as web beacons or pixel tags). These use images to generate HTTP requests that log your activities with a different server to one hosting the website. These potentially could be able to track you using browser fingerprinting, but they're also used more widely. They're not restricted to web pages, and can be used in any HTML document.
Most commonly, they're used by spammers to identify active email addresses. If you open an email containing one of these images, the spammer will be able to identify that you're checking the address, and can be persuaded to open spam emails. Fortunately, most email clients and web mail providers disable image loading by default.
Locating :
When you connect to the internet, your service provider assigns you an IP (Internet Protocol) address. This tells web servers and other computers you communicate with where to send the information. Any computer you interact with online can tell which IP address you use.
From this, they can find out some information, mainly your service provider and approximate location. Check out www.hostip.info to find out what you're transmitting to the world. Since IP addresses change periodically, web servers can't get closer to you than this. However, government agencies can force your service provider to reveal which subscriber was allocated to which IP address at what time. In short, they can link an online act with a physical computer.
For example, in April 2004 Shi Tao, a Chinese journalist, emailed the Asia Democracy Foundation with details of the Chinese Government's attempts to stifle news reports on the 15th anniversary of the Tiananmen Square massacre via Yahoo web mail. His government got the IP address he used from Yahoo, and since the ISP was state-controlled, could find out exactly where it was sent from. In November, he was arrested, and in March 2005 he was sentenced to ten years in prison.
To protect yourself from this level of scrutiny, you need to make sure that there's no link between you (and your IP) and the server you're communicating with. Simply encrypting your communication isn't enough, because it still allows the server to know who sent it - it just prevents eavesdroppers.
You can achieve the necessary privacy by passing your data through a series of encrypted relays. This technique is called onion routing, and has been implemented by the Tor Project
Step one: Communicate with the Tor directory server, which will reply with three random relays.
Step two: Encrypt your data with keys for each of the relays.
Step three: Send this encrypted package to the first relay. This server knows your IP address, but doesn't know what you're doing, since your data is encrypted with the keys to the other relays. The only piece of information they can access is the location of the second relay.
Step four: The first relay sends the encrypted package to the second relay, that can only decrypt the location of the third relay. This computer knows the location of the other two relays, but not your IP or what you are trying to communicate with.
Step five: The second relay sends the encrypted package to the third. This computer can decrypt your message and send it out of the Tor network on to the intended recipient. The third relay can see the final recipient of your data (and if you're using an unencrypted protocol, the actual data), and the location of the second relay, but he doesn't know your identity.
Step six: The recipient gets your request as though it had come from the third relay. They don't know your identity, or even that there is someone hidden behind the third relay. They respond to the third relay.
Step seven: The third relay passes the information back to you through the Tor network in the same manner as you sent it. No one on the network knows both the identity of the original sender, and the recipient.
However, Tor is an anonymisation system, not an encryption system. While the data is encrypted as it passes through the relays, once it leaves the network, it's no more or less secure than any other information on the internet. To keep your data private, you need to use the same precautions you would if you were not using Tor - ie use one of the encrypted protocols listed on the right of table one.
Sounds complicated? Fortunately, the Tor Project has put all the necessary tools in a single package with a secure version of Firefox. It's on the disk, or available from www.torproject.org - just unzip the file and run start-tor-browser. It will connect to the network and open a secure browser.
If you are on the run (in any sense of the phrase), you can browse securely via Orbot for Android or Covert Browser for iOS. There are potential statistical attacks against the network. For example, if an organisation can see all the data going into the network, and all the data coming out of it, the timing and quantities of packets may reveal which user sent what. However, due to the worldwide nature of the system, this would require co-ordinated and systematic monitoring across many countries.
You may think that using an internet account not linked to a physical location - such as mobile or satellite phones - will improve this situation, but it does the opposite. Mobile phone signals can be triangulated, and many satellite phones include the GPS co-ordinates of the phone in the connection to the service provider.
Polish firm TS2 sells a product that can pinpoint a satellite phone user: www.ts2.pl/en/News/1/151. It's possible that technology similar to this was used by the Syrian regime to target and kill journalists in Homs earlier this year.
Some regimes, most notably in China, appear to have taken steps to stop their citizens accessing Tor. The simplest way of doing this is to download a list of Tor relays and stop all connections to those machines.
To allow users to bypass this, Tor has introduced a series of bridges. These are routes into the network that aren't published. A game of cat and mouse has now begun between the Tor Project and organisations trying to block access to the anonymisation service.
Like many community-based projects, Tor needs volunteers. However, unusually for a free software project, programmers are not the most needed people. Running a relay or bridge will help keep people anonymous.
Translators and people working in advocacy are also in demand. To see how you can help people maintain both their privacy and freedom of speech, check out www.torproject.com/getinvolved/volunteer
Disk encryption :
If you're interested in privacy, then the chances are you use full disk encryption. If you don't then you may wish to consider it. It's easy to set up, usually just a tickbox during the distro install, and on a modern system the performance penalty should be minor for most purposes.
Note that partial disk encryption is considerably less secure - in issue 154 we showed one of many methods for circumventing it. Modern encryption methods using algorithms such as AES are unbreakable without the passphrase, provided a sufficiently long key is used (AES-128 should be considered a minimum. If the CIA is on your tail, then AES-256 is better).
There are a few methods a government agency can use to acquire this passphrase. Unfortunately, the easiest (for them) is torture. The second easiest is to try to guess your passphrase using a dictionary attack. However, let's assume that you've picked an unguessable passphrase, and managed to jump out of the window and flee when the knock at the door came. Your secrets will be safe, right?
Well, not quite. When you're using an encrypted drive, the computer stores the decryption keys in the memory. If they smash through the door just in time to see the computer shutting down, they could put a memory scrubbing tool in your computer and restart it.
Contrary to popular belief, the RAM in your computer isn't wiped when it's powered off, just very soon afterwards. Researchers at Princeton were able to steal encryption keys from the memory of restarted computers. The tools they created to do this are available from https://citp.princeton.edu/research/memory.
If you only locked or suspended your computer, then the situation's even worse. In these cases, the spooks will have time to freeze the memory before rebooting it (or transferring to a computer set up to scrub the memory).
At room temperature, memory typically becomes unusable after a few seconds. If it's frozen to around -50˚C (which is achievable using cheap aerosols), that time increases to several minutes. To avoid this style of attack, you need to stop them being able to access usable memory.
Don't leave your machine locked or suspended. If you have valuable information on it, turn it off. And prevent booting from devices other than the hard drive without a password. This will stop them booting straight into a tool such as the Princeton researchers' USB scrubbing tool. By the time they've managed to bypass your BIOS's security, the memory will be useless.
Using longer encryption keys will also help, since slight errors often creep in during the scrubbing process. The longer your key, the more of these errors it's likely to pick up.
If the men in black are really on your tail, then you could consider running your laptop without its battery. This means that you have only to pull out the power cable before running away.
How Linux Can Help You Protect Your Privacy Online :Parts
Using SSL will keep your data safe from eavesdroppers, but what if the companies that you're communicating with are spying on you?
Google, Facebook, Twitter and others have built business models out of providing users with a free service in return for information about you. This information can then be used to target advertisements at you.
Twitter has even gone a step further and sold users' tweets to market researchers. Some people may consider this a fair trade, but privacy campaigners are becoming increasingly concerned about the shear quantity of data these companies are holding about us. And this data goes way beyond what we voluntarily hand over to them.
Both Google and Facebook have established relationships with literally millions of other websites to help them track your movements around the web using cookies. These may sound like tasty treats, but are actually pieces of information stored on your computer to help sites identify you when your browser reaches them.
To find out just how much these companies are tracking us, we can use Wireshark to monitor our network connection and watch for the cookie data being sent back.
Start Wireshark and capture on your main network interface. In the filter box enter http.cookie
This will now show only packets that relate to cookies that are being sent to web servers. To display a little more of the information that is being acquired, go to the middle pane and click on the arrow next to Hypertext Transfer Protocol.
There are two sections in here that allow the web company to track us: the host and the referrer. Right-click on each of these and select Apply As Column. This will then add these fields to the main view.
Each of these two domains allows the host (the organisation receiving the cookie) to monitor your activity on the referrer. In addition to this, the host uses a unique ID to track your activity between sessions. Google uses its advertising services to monitor what we do, whereas Facebook uses its Like buttons.
There's no way of knowing exactly what these companies are doing with the data they collect - we can see only what they're receiving.
Fortunately, most browsers allow you to control cookies. Depending on your personal feelings, you may choose to limit cookies to certain websites (where they can be useful to remember preferences), or block them completely.
If you use Firefox, go to Edit > Preferences > Privacy, and change Firefox Will to Use Custom Settings for History. If you untick Accept Cookies From Sites, Firefox will not store any cookies.
To do the same in Chromium go to Preferences (the spanner by the address bar) > Under the Bonnet and change Cookies to Block Sites From Setting Any Data. In Konqueror, this can be done through Settings > Configure Konqueror > Cookies and unchecking Enable Cookies. For lightweight KDE users, it can be done in Rekonq by going to Settings (the spanner by the address bar) > Network > Cookies and unchecking Enable Cookies.
As well as allowing you to completely block cookies, both Firefox and Chromium give you the option of blocking third-party cookies (In Konqueror and Rekonq, this is Only Accept Cookies From Originating Server). This means they block cookies from domains other than that of the current website. If you do this, websites can store data about you, such as your preferences, and can track your movements within the site, but other sites won't be able to follow your movements once you leave the domain. This will stop companies from tracking your movements across the web.
If you set this up, then run cookie tracking in Wireshark, as was done above, you will see that the referrer and the host are always the same domain. For many users, this will be a happy medium of letting cookies do their original purpose - letting sites use them to recognise returning viewers - but blocking organisations from following their online movements.
Cookies aren't the only way that websites can track you. Even if you have browser cookies disabled, sites can still store tracking information on your computer using Locally Shared Objects (LSOs). These function exactly like cookies, except that they're accessed through Flash rather than directly through your browser.
To view and control what websites are using these, go to Macromedia's Website Storage Settings Panel.
Webmasters intent on tracking you can use a combination of techniques to create zombie cookies. These store the same information in more than one place so that when you destroy one, they regenerate using the others. For example, if you delete all browser cookies, the website can recreate the cookie from an LSO, and visa versa. As long as one of these remains, all the others can regenerate.
Samy Kamkar has taken this to the extreme at samy.pl/evercookie, where he uses 12 different methods to resurrect the data! We think running the NoScript extension for Firefox should prevent this type of cookie from working, but it also disables the method of testing it! We found that neither Private mode in Firefox, nor Incognito mode in Chromium were able to prevent this.
If you need to be sure that your web browsing isn't being tracked across sessions, the best solution is to use a non-persistent system. That is, a system that doesn't carry any information over from one session to the next. You can still be tracked during a browsing session, but not between them.
For Linux users, the most obvious option is a live DVD. This doesn't have to be a physical disc running live - an ISO running in a virtual machine will do the job. This means that all data that the websites can use to track you is reset each time you restart the virtual machine. You can also run more than one virtual machine simultaneously to prevent anyone linking two sessions.
If it ever comes into being, a live version of Boot To Gecko would be a particularly convenient way to do this, but this is still in development.
How Linux Can Help You Protect Your Privacy Online :Parts
You're not paranoid - they really are watching you. Criminals, web companies and governments all have a reason to spy on your online life, and the methods that they use are becoming increasingly sophisticated.
2011 was the most dangerous year to be an online citizen, particularly if you happened not to agree with everything your government said. 199 people around the world were arrested or detained because of content they posted online. Many are still languishing in jail.
The offending information ranged from exposes of environmental damage to religious instruction and criticism of unelected autocrats.
In addition, there has been a recent increase in the use of netizens' information by web companies. Privacy policies have been extended, and Twitter now sells the rights to users' data.
Some of the self-protection methods shown here will have an impact on how you can use a computer. For most people, implementing all of them would be over the top. What we're aiming to do here is show you who can find out what about you, and how to stop them.
What you do with that information is, of course, up to you. Whether you are concerned about the scale of information gathered by web companies, or you are hiding from a corrupt government, read on to find out how to keep your data yours.
You can find out just how much information you're revealing to the world using Wireshark. This tool captures all information passing through your network interfaces and allows you to search and filter for particular patterns. It takes information from your network interface, so any information displayed in it is visible to other (potentially malicious) people on the network.
Wireshark should be available through your package manager, or from wireshark.org. Once installed, you can start it with: sudo wireshark
You will get a message telling you that you've started it with super user privileges and this isn't a good way of doing it. If you plan on using the tool a lot, you should follow their guide on a better set-up, but for a one-off, you can ignore this
Click on your network device in the interface list (probably eth0 for a wired network and wlan0 a wireless) to start a capture. As soon as you start using the network, the top part of the screen will fill with variously coloured packages. The tool has a filter to help you make some sense of this multi-coloured mess.
For example, you can keep a prying eye on duckduckgo.com searches using the filter: http.request.full_uri contains "duckduckgo.com?q" If you now do a search using http://duckduckgo.com, it will appear in the list, and the search term will be in the Info column.
A similar technique could be used on any of the popular search engines. You may not be concerned about people being able to read your search terms, but exactly the same technique can be used to pull usernames and passwords that are sent in plain text.
For example, most forums send passwords in plain text (because they're not a serious security risk, and secure certificates can be expensive). The www.linuxformat.com forums are set up in this way.
To sniff LinuxFormat.com passwords, fire up Wireshark and start a package capture using the filter: http.request.uri contains "login.php" When you log in to www.linuxformat.com/forums/index.php (you will need to create an account if you don't already have one), the filter will capture the packet. The line-based text data will contain: Username=XXX&password=YYYY&login=Log+in
How many computers are you sharing this information with? Depending on your network set-up, probably every other computer on the LAN or Wireless network.
As well as these, every computer that sits in the route between you and the server you're communicating with. To discover what these are, use traceroute to map the path the packets take.
If your computer's behind a firewall, you may find that this just outputs a series of asterisks. In this case, you can use a web-based traceroute such as the ones indexed at www.traceroute.org. This list is a little out of date, and not all of the servers are still hosting traceroute, but you should be able to find one that works in your area.
Do you know who's running these computers? Or who has remote access to them? Do you want these people to be able to see everything you do online? If you use services with unsecured passwords (and there's no reason you shouldn't, as long as you understand the implications), then it's important not to use the same password for a secure service.
The most basic piece of the web privacy puzzle is the Secure Sockets Layer (SSL). This rather obscure-sounding protocol is a way of creating an encrypted channel between an application running on your computer and an application running on another computer.
For each insecure network protocol, there's a secure one that does the same basic task, but through an SSL channel.
Any time you use an insecure protocol, an eavesdropper can read what you send, but if you use a secured one, only the intended recipient can see the data.
For web browsing, it's HTTPS that's important. As we saw before, many computers can read what we send in HTTP, but if we perform the same test again, but using duckduckgo's secure web page - https://www.duckduckgo.com (note the s) - then you will find that the information does not appear in Wireshark.
Some web browsers show a padlock when connected to a secure website, but this can be spoofed easily using favicons. If you're unsure, click on the icon. A legitimate padlock will open a pop-up telling you about the security on the page.
Of course, this ensures only that the information can't be read as it's being transmitted between your computer and the server. Once there, the organisation running the server could pass it on to third parties, or transmit it insecurely between their data centres. Once you send information, you lose control of it.
Before hitting Submit, always ask yourself, do you trust the organisation receiving the data? If not, don't send it.
HTTPS is a great way to keep your web browsing private. However, because of the way it has been bolted on top of HTTP, it isn't always easy to make sure you use it. For example, if you use https://www.google.com to search for 'wikipedia', it will direct you to the HTTP version of the encyclopaedia, not the HTTPS version.
The Electronic Frontiers Foundation (EFF), a non-profit dedicated to defending digital rights, has developed an extension for Firefox that forces browsers to use HTTPS wherever it's available. A Chrome version is currently in beta. Get this from https://www.eff.org/https-everywhere to keep your web usage away from eavesdroppers.
Like all forms of encryption, SSL has a weakness, and that's the keys which are stored in certificates. Just as a hacker can easily get in to your accounts if they know your password, they can easily eavesdrop on SSL encrypted data - or spoof it - if they can trick your computer into using their certificates.
You should be able to view the current certificates and authorities in your browser's security settings, but it isn't always easy to identify things that shouldn't be there. Here, live distros come to the rescue, since you can carry a trusted operating system with you and use that whenever you are at a computer of dubious provenance.
How Linux Can Help You Protect Your Privacy Online :Parts
Summary:Microsoft is looking ahead to a future of private and public clouds, where information is everything, and users can access it however they want. Is Microsoft's latest server OS up to the job?
The heart of the Windows enterprise ecosystem isn't the desktop, or the tablet, or even the smartphone. It's Windows Server — the old reliable that sits in the datacentre and just keeps ticking along, managing your files, handing your email and running your business. You might think that meant you'd never need to upgrade — but businesses and the technologies they use change, which means that Windows Server (which was released to manufacturing on 1 August and became available on 4 September) needs to change too.
On the desktop, with Windows 8, that change is obvious, with a new touch-oriented user interface and a new programming model. In the datacentre, with Windows Server 2012, there's also plenty of change: Microsoft is looking ahead to a future of private and public clouds, where information is everything, and users can access it in any way they want. It's a brave new world of work — but is Microsoft's latest server up to the job?
Start me up :
Turn on Windows Server 2012 for the first time, and you're presented with a server version of the Windows 8 Start screen, complete with Store. You'll need to login with a fresh administrator account to access the store (it won't work with the default administrator user). Click on any of the tiles, and you're taken straight to the familiar desktop, and a new modern-style UI for the multi-server Server Manager. This is where you'll spend most your time, as it's where you'll add and manage features, launch tools and watch for alerts. Much of what Server Manager does is encapsulated in PowerShell cmdlets, and it's well worth getting to grips with PowerShell 3.0 as it's how you'll manage UI-less Server Core installs — as well as using it to remotely manage all the servers in a network (in conjunction with the tools in System Center 2012).
If you prefer to use a desktop PC to manage Windows Server 2012, Microsoft has released a preview of its Remote Server Administration Tools, which bring Server Manager and other server tools to Windows 8. With RSAT on desktop PCs it's a lot easier — and a lot more secure — to deploy servers using Server Core, as your management tooling can run independently of your servers.
Going virtual to the private cloud :
The heart of Microsoft's private cloud strategy is Hyper-V. With the latest version of the hypervisor, there's not just feature parity with VMware, but plenty of new features that take advantage of the latest hardware. This allows Microsoft to support massive clusters of compute and memory, and to work with storage hardware to speed up VM migration. The cloud isn't just about virtualisation, and much of Microsoft's work in the new Hyper-V is about using it to deliver a compute fabric to sit alongside the Windows' new storage fabric. While Windows Server 2012 gives you a lot of virtualisation features out the box, you will need to implement System Center 2012 to get the most out of any private clouds you build — especially if you're planning on using template-driven service definitions to manage and deploy servers and applications.
Microsoft is introducing a new format for its VHD virtual disks with Windows Server 2012, with VHDX. It's more efficient, and able to support much larger disk sizes. You can convert existing disks to VHDX format, using Hyper-V's disk edit tool, but you'll need to merge any snapshots before making the conversion.
Hyper-V also contains the seeds of a major change for Microsoft's virtualisation platform. It's now possible to swap out the basic virtual switch for more complex third-party tooling such as Cisco's Nexus soft switch. By opening up the Hyper-V virtual network to tools like this, Microsoft is giving the hypervisor the tools it needs to become part of a software-defined network (SDN) — allowing rapid reconfiguration of networking features to handle policy-based service deployment. It's hard to overstate just how big a feature this is, as SDN is an important component of both public and private clouds. Support for SDN switches inside Hyper-V goes a long way to making Hyper-V the basis of a dynamically-managed private cloud rather than just another infrastructure component.
Managing, storing and accessing information :
Storage is the other part of Microsoft's private cloud platform, and Windows Server 2012 introduces a new way of working with disks — as well as a new file system, ReFS. Using the File and Storage Services tools in Server Manager you can quickly build a thinly provisioned virtual storage pool, with support for mirroring on mismatched consumer drives. It's an approach that means you can quickly add new drives to a pool, and manage directly attached and network storage, as well as storage array networks, from the same console. When tied in with the service management tooling in System Center 2012, it's a quick way of rapidly deploying services as well as handling live migrations of existing virtual servers.
With ever more mobile users, managing information access and security is increasingly important. Although VPNs remain an effective tool for controlling access to servers, Microsoft introduced Direct Access in Windows Server 2008 R2. Using IPv6 tunnelling to securely extend an intranet to mobile devices, Direct Access was complex to set up and hard to use in conjunction with many SME networks, as it had difficulties traversing NAT firewalls. That's all changed in Windows Server 2012, with a revamped Direct Access that addresses many of its predecessor's shortcomings. The new version will work with single-homed servers, and with NAT devices, defaulting to using IP-HTTPS to traverse most common firewalls.
Direct Access is also a lot easier to configure and deploy, with a simple wizard (you can configure both Direct Access and a VPN in four or five clicks) and a graphical management console. Policies are automatically pushed out to domain-joined devices, and you can configure details of support contacts as well as naming the connection.
BYOD deployments need better file management tools, and Windows Server 2012's Dynamic Access Control replaces complex ACLs with rule-based file and directory policies. Using Dynamic Access Control you can build rules that control access to files based on user claims — whether they're part of a group or a role, and whether their device supports Information Rights Management encryption tools. Dynamic Access Control is managed using Active Directory, but works with non-domain joined devices, as it uses user properties rather than devices.
Ready for the datacentre, today :
Windows Server 2012 is a powerful tool, and an easy upgrade from Windows Server 2008 R2. We were able to upgrade a server in less than an hour, including upgrading Active Directory schema for an entire small-business network. All existing applications carried on running, including websites and applications, although we did choose to upgrade the virtual hard disks of a small private cloud once we were up and running. A simplified set of SKUs makes it easier to choose and licence your servers, and the latest Hyper-V release turns even the smallest office server into a full-fledged private cloud — complete with software-defined networking and storage pools.
Microsoft has done an excellent job on Windows Server 2012. It has managed to add new features and new tools, while still working as a drop-in replacement for earlier Windows Server releases. That's going to make it a lot easier to get up and running with a new server OS, while giving you an ideal migration path to tomorrow's world of private and public clouds. It's not often that we describe a server operating system as a must-have upgrade, but if ever there was one, this is it.
Summary: Server Manager, the admin console for Microsoft's latest server OS, has a modern-style GUI, and is a one-stop shop for managing devices, tools and services.
Log onto Windows Server 2012, and it's straight into the Windows 8-style start screen. However, it's very much a program launcher here, and all applications (unless you've installed something from the Windows Store) run on the desktop.
Upgrading to a new version of Windows Server 2012 from Server 2008 or Servver 2008 R2 is easy enough. However, with the simplified range of SKUs, you'll need to be sure that you're on the right upgrade path. For example, Windows 2008 R2 Enterprise can only be upgraded to Windows Server 2012 Datacenter — and the default install is always Server Core.
The dashboard gives you a quick overview of the servers currently being managed, the services they support and their current state. Green means all is good, red indicates issues that need investigating — in this case some errors from a Best Practice Analyzer scan.
Server Manager is designed to work with whole datacentres full of servers, but there's still the option to drill down into a host server and see just how it's configured — and exactly what hardware is in place.
Server Manager is your one-stop shop for managing devices, tools and services. A Tools drop-down gives you quick access to management consoles and tooling.
Configuring remote access is as easy as walking through a simple wizard. You'll need to know the configuration of your network, and the public name used to connect to the service (which will set up the appropriate certificates).
After you've configured Direct Access, the wizard will create and deploy the appropriate client updates. To speed up installation, use an elevated command prompt on a target notebook to run gpupdate.
There are two Direct Access deployment scenarios, one giving full access from connected PCs to select network resources, the other allowing you to manage connected PCs — making sure that mobile users' PCs are always up to date.
Along with Windows 8, Windows Server 2012 gets a new, faster file copy — with a graphical view of file transfer speeds.
Hyper-V brings a new and more resilient virtual hard disk format, VHDX. You can use the Edit Virtual Hard Disk tools to upgrade to the new format — but remember to merge snapshots first.
If you're on the desktop and need quick access to key tools, just hit the Windows key and X, to open the new tools menu. You've got quick access to everything from command prompts to the File Explorer.
Microsoft officially released Windows Server 2012 today. The new OS shares quite a few things with Windows 8 such as the kernel and the UI. Aside from the GUI, the main focus of Windows Server 2012, just like with its client counterpart Windows 8, is on the cloud. Microsoft, it seems, is jumping on the cloud computing bandwagon to capitalise on the trend. It should suffice to say that the latest version of Microsoft’s server OS takes a giant step forward when it comes to usability and features.
One of the main features of this operating system is the inclusion of PowerShell, which lets you control the server remotely through a command line. Server 2012 is the first version of Windows that lets you do that just like Unix-based servers do. It also enables you to pipe, or forward, the output of one process to the input of another process.
The user interface being introduced with Windows 8 might make unsure of how to go about doing tasks, but there’s no need for administrators to worry as the UI is optional and can be disabled to get a fully-functional server. You can even do away with the GUI completely and run the server through the PowerShell command line. This can be of great use to administrators as they can now perform routine tasks by simply writing a batch script in the command line and running it.
Windows Server 2012 is “Generally Available” to the Public tomorrow but we at Blacknight have been working hard to ensure we can provide Windows Server 2012 to our customers on release day – or indeed a day early!
The Blacknight cloud offering* has a Windows Server 2012 template available as of now allowing customers to experience the latest product offering from Microsoft with many new features available.
We can also provide Dedicated servers with Windows Server 2012 tailored to suit your business needs from today.
The Licensing of Windows Server 2012 has been simplified with Web and Enterprise Editions no longer existing; Windows Server 2012 now comes in 2 primary editions, the only difference being virtualisation rights.
The Standard Edition is the template we are making available via our Cloud Platform with Data Center also available for dedicated server solutions.
The latest offering of Internet Information server (IIS) 8 is available with many new features including:
Real CPU throttling.
SSL Scalability.
Server Name Indication (SNI) / SSL Host Header Support.
SSL Manageability – Central Certificate Store (CCS).
Dynamic IP Restrictions.
FTP Brute Force protection.
Application Initialization Module.
Web Sockets.
Windows Server 2012 also features a data-centre-friendly installation method called Server Core, which provides a way to install the OS over the network.
Windows Server 2012 is available in four different editions to suit individual user requirements and cater to the wide base of Microsoft's followers. The pricing depends on which edition of Windows Server 2012 you are going for.
We have two main versions: Standard and Datacenter. Unlike its predecessor, Windows 2008 R2 Enterprise, where the different editions all had different feature sets, support for different hardware, etc., Windows Server 2012’s two versions have the same set of features and the same hardware limits. Functionality is limited only by virtualisation rights. The Standard version lets you run it on up to two virtual machines, while the Datacenter edition lets you run an unlimited number of virtual machines. The Standard and Datacenter licenses will replace all Windows Server 2008 products currently available.
The Standard and Datacenter versions of Windows Server 2012 both support a larger number of storage, memory and processing power than Windows Server 2008 R2. Server 2012 has support for up to 320 CPU cores and up to 4TB of data storage space.
In addition to Standard and Datacenter, we have two limited-capability versions – Essentials and Foundation. Essential lets you run it on a machine with two sockets or in a virtual machine. Unlike the Standard or Datacenter versions, you can’t run Essentials on both hardware and virtual machines simultaneously. Foundation will be provided only via OEMs and will run only on single socket machines. Foundation doesn’t support virtualisation at all.
