Kate's Comment

Thoughts on British ICT, energy & environment, cloud computing and security from Memset's MD

Can we trust WhatsApp’s privacy?

Summary / TL;DR WhatsApp looks great on face value and it’s underlying technology is awesome. However, there are some things about it which don’t add up for me, eg. it’s apparently non-existent business model and lack of open sourcey-ness. Further, our faith in it relies too heavily on one person, Moxie Marlinspike, who chooses to remain largely anonymous; a choice…

How to secure Mac OSX Screen Sharing with SSH tunnelling

I want to be able to access my home machines over the Internet when I’m at work, preferably via a GUI/WIMP. It is relatively straight-forwards to expose a machine on your home network using port-forwarding on your router, but is it secure just to send Screen Sharing over the Internet? For that matter, if you’re on a semi-untrusted local network…

Creating a shared European cloud space

At today’s European Cloud Partnership (ECP) steering board meeting in Berlin, and the following Cloud for Europe conference, the hot topic was a proposal for a “shared data area” agreement (SDA) for European cloud. We’re note overly happy with the name so it probably won’t stay; it implies too much about locality and/or a “fortress Europe” in terms of cloud….

What do PGP trust levels mean and which should I use?

Following my posts on how to send and receive secure, encrypted emails in Thunderbird with PGP and how to add additional email addresses to your GPG identity, many of the people I’ve been encouraging to use PGP have asked how to decide what level of trust to set for someone’s key. The definitive guide is here here, a modified excerpt…

How to add additional email addresses to your GPG identity (and a face pic)

This is an addendum to my article on how to encrypt email using PGP and Thunderbird. I have many email addresses; my Memset one, my personal one (at craig-wood…), my Wood Tech one and others. All of these are tied into just one PGP identity which makes life much simpler both for me and also people wishing to communicate with…

How to send and receive secure, encrypted emails in Thunderbird with PGP

A step-by-step guide to setting up and using PGP encryption with email for Thunderbird.

How to get staff through Security Clearance via G-Cloud

About government security clearances We have now got the security process down to a slick procedure with G-Cloud, and I’m sharing that in this post. In order to offer IL3 services to Her Majesty’s Government your staff that are involved in those services (eg. systems administrators, software developers, technical architects) need to have Security Clearance (SC). SC is a bit…

Security Aspects Of Open Source Software

Nick and I have built a market-leading, multi-award-winning, multi-million dollar hosting/cloud IaaS company using entirely open source software and an “automate everything” philosophy. We have recently attained a cross-government CESG accreditation for our service under the G-Cloud project, incorporating the open source hypervisor Xen, even though Xen itself was not certified. Here are my views on why open source is actually more secure and reliable than alternatives.

Evolution of storage #1: resilience

I contend that the next stage of evolution of storage is “Just a Bunch of Disks” (JBOD), comprised of a range of media types with different performance characteristics, and with software doing the cleverness. In this first post (1 of 2) I shall address the resilience aspects of this evolution. RAID failings Large RAID (Redundant Array of Independant Disks) systems…

How safe is cloud computing? (infographic)

Infographic summarising cloud security including using cloud computing as a weapon.