Security and the Cloud

I was browsing through my unread tweets earlier today and I came across tweets from Evan, the CEO of Twitter. Apparently some enterprising cracker had managed to guess the passwords of several Twitter employees and gain access to their confidential documents, then sent them to a popular tech startup blog. I do not condone the actions of the cracker nor those of the writers of that blog. I think what they did was unethical and will mostly likely be detrimental to Twitter; thus, I'd rather not direct you to their site and increase their traffic. I'll be honest: I love Twitter. As much as I could easily write an entry extolling them while condemning the cracker and his cohorts, I leave that up to other concerned users. While everyone else is fixated on what this means for Twitter, no doubt focusing on its ambitious plans, the whole fiasco struck me more as a failure of cloud computing. What most people don't realize is the exploits of one fame seeking cracker not only undermined the plans and operations of Twitter, but also highlighted some problems of widespread corporate adoption of cloud computing.

The proponents of cloud computing, particularly at Google, would like us to believe that cloud computing is safe, and perhaps safer than traditional hosting solutions. They argue that your fragments of your data are distributed across several servers and in the event a single server is compromised, the attacker won't be able to retrieve your data as he will only have access to a possibly useless fragment. While this may hold true for attacks against servers, I prefer to exercise restraint when claiming cloud computing in general is safe.

The biggest strength of cloud computing is its ability to turn any internet connected device into your personal computer. Its main selling point is you can access your files from anywhere. It frees you from being restricted to a single device and its associated limitations or from the difficulty of synchronizing multiple devices. For instance, suppose your laptop/netbook is somehow irreparably damaged, cloud computing would spare you from 1) scrambling for the latest backup files, and 2) the pains of having to configure your replacement laptop. In fact, given any device can become your own personal computer, you can stop lugging around that heavy laptop with that clunky hard drive altogether.

Its biggest weakness: "you" can access your files from anywhere. Without the need to physically access a target device, your data is no longer secure once your credentials are compromised. While cloud computing may have defenses in place against attacks on servers, it has always been far easier to compromise the account of an individual user than it is to compromise an entire server. Granted, this is an issue shared with most, if not all, networks connected to the internet. However, cloud computing amplifies this problem by having all your data readily accessible from the internet.

Of course, the problem could be somewhat mitigated by a security policy that enforces requirements on password strength, as well as setting a finite time for the period of its validity. On the server end, it would help to support seamless encryption with private keys being stored locally (although this would go against the whole “any computer can become your computer” concept.)

There are other issues which I believe to be of lesser importance and will refrain from discussing in this blog but will address in another blog concerning Chrome OS in the near future.

@replies, direct message support in a plasmoid

Felt the microblog plasmoid would be more useful if it displayed mentions and direct messages so I gave it a little love. :)


I have a couple more itches to scratch but hopefully this will be in KDE 4.4.

Multiple Actions for KRunner in KDE 4.2

I'd been meaning to blog in a quite a while but didn't quite have the time to do so. For much of December and January I had been exclusively using Ruby. It got to the point that when I finally got a little bored with Ruby and decided to resume work on KDE related projects again, it took several seconds for it to register in my brain that comments don't begin with a # in C++. Anyway, now that 4.2.0 is released I figured I could give a semi-technical discussion of what's new in 4.2.0 with regards to KRunner.

Multiple action support

As mentioned in some of my previous posts, KRunner now supports multiple actions. What does this mean for ordinary users? Well, prior to 4.2, runners (or the plugins that provide the matches for a search), could only provide a default action usually corresponding to "open". For example, given an html document match, KRunner would open it with the default viewer, in most cases the web browser. This isn't a problem if you wanted to view the file, however, if you wanted to edit it with a text editor, this behavior is not ideal. Multiple action support allows us to add another action such as "Edit" that would allow us to edit the file instead of opening it with the default browser. We could even add another action to open the file with a different browser.

Unfortunately, there are no runners included with 4.2.0 that support multiple actions. For this reason, I am bundling together two runners that support multiple actions and releasing it in kde-apps.org. The first runner is a modified desktop search runner that adds open with actions and service menu support. For those of you who were former Katapult users and grew fond of the Amarok plugin, the service menu support will allow you to play, append to your playlist, or queue any track nepomuk has found. There is a typo in the service menu desktop file though, replace amarok -e with amarok -a. You'll also need to create a script to call the correct DBus methods because the service menu contains an outdated command for the "append and play" action.


The second runner is a window management runner. It can perform any action that supported by the task manager of the panel, aside from moving a window. That means you can minimize/maximize, or shade a window, move it to a different desktop, keep it above other windows and many other actions.

For the developer seeking to take advantage of multiple action support, reimplementing the actionsForMatch method and modifying the run method are all that need to be done. For convenience, commonly used actions can be stored by the runner by calling the addAction method and the action can be retrieved by calling the action method. The run method of the runner needs to distinguish between actions and can determine the selected action by calling the selectedAction method of the match. Because it is possible that the user interface does not support multiple actions, the run method also needs to support a default action in case no action is selected.

For example given:

void FooRunner::run(const Plasma::RunnerContext &context, const Plasma::QueryMatch &match)
{
 foo(match);
}

adding multiple action support is as easy as:

QList FooRunner::actionsForMatch(const Plasma::QueryMatch &match)
{
    // In some cases we'd want to examine the match and choose appropriate actions based on it
    // but in this example we assume all matches have the same actions
    if (!action("foo")) {
        addAction("foo", QIcon(), "Foo");
    }
    if (!action("bar")) {
        addAction("bar", QIcon(), "Bar");
    }
    QList ret << action("foo") << action("bar");
    return ret;    
}

void FooRunner::run(const Plasma::RunnerContext &context, const Plasma::QueryMatch &match)
{
    // Check if an action was selected
    if (QAction *a = match.selectedAction()) {
        if (a == action("foo")) {
            break;
        }
        bar(match);
        return;
    }
    // Perform the default action
    foo(match);
}

QuickSand

Despite the fact that KRunner now comes with multiple-action support, the default interface does not expose this functionality. KRunner now comes with an alternative interface that allows you to make use of multiple actions. In order to enable it, open the configuration dialog by clicking on the wrench icon, click on the interface tab and select the "task-oriented" option.

If a match supports multiple actions, a second pane containing the actions will appear below the match pane. Press tab to switch to the action pane or click on the arrow icon on the top right portion of the action pane.

Note: Bugfixes for QuickSand didn't make it in time for 4.2.0 so the experience might not be as smooth as it could be. I missed the tagging by 28 hours. Oops. They should be in 4.2.1 though.