MySpace replaces all server hard disks with flash drives

Social networking site MySpace.com announced today that it has switched from using hard disk drives in its servers to using PCI Express (PCIe) cards loaded with solid state chips as primary storage for their data center operations. MySpace said the solid state storage uses less than 1% of the power and cooling costs that their previous hard drive-based server infrastructure had and that they were able to remove all of their server racks because the ioDrives are embedded directly into even its smallest servers. "We looked at a number of solid state solutions, using many different kinds of RAID configurations, but we felt that Fusion-io's solution was exactly what we needed to accomplish our goals," Buckingham stated. The PCIe cards, from Fusion-io Inc., have allowed MySpace to replace multiple server farms made up of 2U (3.5-in high) servers that had used 10 to 12 15,000 RPM Fibre Channel drives each with 1U (1.75-in high) servers using a single ioDrive . "In the last 20 years, disk storage hasn't kept pace with other innovations in IT, and right now we're on the cusp of a dramatic change with flash technologies," said Richard Buckingham, vice president of technical operations for MySpace, in a statement.

MySpace's new servers also have replaced its high-performance hosts that held data in large RAM cache modules, a costly method MySpace had been using in order to achieve the necessary throughput to serve its relational databases. Salt Lake City-based Fusion-io claims the ioDrive Duo offers users unprecedented single server performance levels with 1.5GB/sec. throughput and almost 200,000 IOPS. The system can reach such performance levels because four ioDrive Duos in a single server can scale linearly, which provides up to 6GB/sec. of read bandwidth and more than 500,000 read IOPS. The cards come in 160GB, 320GB and 640GB capacities. MySpace said its new servers using the NAND flash memory modules give it the same performance as its older RAM servers. A 1.28TB card is expected in the second half of this year. "Social networking sites and other Web 2.0 applications are very database dependent. Ethernet pipe," David Flynn, CTO of Fusion-io, said in an interview. Our 320GB ioDrive can fill a 10Gbit/sec.

IA job prospects bright

No one reading this column needs general references to news about the economic difficulties we are living through in the United States and elsewhere. He's looking for a permanent job. Just the other day, I spoke with a long-time friend and colleagues from the information security field who used to earn a decent living as a much sought-after consultant; last week he canceled his business telephone line to save money.

High-tech talent set to take off Another colleague of ours hasn't had a consulting contract in months – despite having had trouble in the past keeping up with demand for his services. The situation makes me think more positively about having moved from the business world to academic in 2001 – despite dropping my nominal salaried income by 57.5% at that time and now earning about one-third of what I'd be making as a senior IA executive in industry today. I think that security consultants may be suffering from a side-effect of the economic downturn: clients who don't already have or want permanent information assurance (IA) personnel may simply have decided to continue taking risks and hoping that nothing bad will happen to them. At least I have tenure, which means that I'm not going to be fired unless I appear in class out of uniform (Vermont Militia = US Army Class A greens), show up drunk (I never drink alcohol), treat a student rudely (no way) or recite Monty Python skits in class… uh wait a minute, I do recite Monty Python skits in class – but very briefly. Only little bits of them.

Really. Honest. Perhaps organizations who have enough savvy to employ permanent IA staff also understand the value of hiring good people for these critically important functions. But more seriously, there is good news for IA students and professionals: according to an extensive survey published by Foote Partners, LLC in Florida, job prospects are good for information assurance (IA) specialists. Upasana Gupta of BankInfoSecurity reviews the "2009 IT Skills Trends Report Update" which is available free in return for buying any other report from Foote or simply for registering with them. Interestingly, the skills most frequently sought-after by employers include (quoting Gupta directly): • Forensic Analysis• Incident Handling & Analysis• Security Architecture• Ethical Hacking• Network Security• Security Management Professor Gene Spafford said in his acceptance address for the National Computer System Security Award in 2000 that we were "eating our seed corn" by paying IA professors less than our IA graduates earn on their first job.

Gupta quotes the company as describing a number of factors (described in more detail in her excellent article) increasing demand for IA professionals: • IA is increasing recognized as strategically significant to all aspects of business.• Customers are demanding better security to protect their own information.• Laws and regulations are pressuring organizations into compliance with better security.• Liability costs for non-compliance are rising.• Virtualization is increasingly making technologists aware of security issues. The Foote report shows average salaries for various IA positions ranging from $70,000 to $170,000. How we are to attract professionals and recent graduates to our field of teaching and research in universities is a mystery to me. Universities will usually be willing to provide publicity for donors, so it's not a one-way donation devoid of short-term value for the donors, either. Some years ago I begged industry to think ahead and start funding supplements to professors' salaries so university IA departments can compete with industry in attracting field-experienced, professionally certified experts with advanced degrees to our faculty. Anyone interested in raising my salary – oops, our salaries – at Norwich University is welcome to contact me directly and I'll put you in touch with our Chair of Computing to make the arrangements. We even teach courses for free and do work on courses during the summers, when we are not paid for our time!

In the long run, without support from industry to raise salaries, the only people who are going to be willing to work long hours in universities for pathetic salaries are nut-cases like my colleagues and me who work on courses and research because we are addicted to teaching. WE ARE ADDICTS. But I can stop any time. Really.

Acorn 2.1 gains AppleScript, more

It seems like only last month that Flying Meat released Acorn 2, its exceptional "image editor for humans," with a massive array of new features like mutli-layer screenshots, RAW support, and two heaping handfuls of other new tools. After a couple of minor touch-ups and fixes in recent weeks, the purveyor of virtual airborne nourishment is back with Acorn 2.1, a major update that adds another laundry list of new features and fixes. Oh wait, it was only last month. Acorn 2.1's most significant new feature is definitely "scripting for humans" in the form of AppleScript, complete with a series of example scripts to get users started.

Adding AppleScript support to an application can be hard, which inspired Flying Meat to integrate the JSTalk scripting language for Acorn 2.0's launch. AppleScript is a fairly simple scripting language that is accessible to mere mortals (read: non-developers) like you and me, but there has been some understandable debate recently about its future. JSTalk is based on Javascript-it arguably jives better with developers' style and can be easier to add to Mac OS X apps. Other new features include a Hex color picker in the color palette (great for Web design), various improvements to managing layers, automatic image scaling when printing, and the adoption of a smart new Mac trend wherein Acorn will ask if you want to move it to the Applications folder if you run it from any other location. Nevertheless, the community asked for AppleScript, and it's great to see Flying Meat swoop in to the rescue.

I wasn't kidding about there being a laundry list of improvements and fixes in Acorn 2.1, so take a look at the rest for yourself, or fire up Acorn to take the update out for a spin. But before you resort to drastic measures, you could just download a demo for free. If, for some strange reason, you still have not tried or bought a copy of Acorn yet, you may need to consult your physician. Acorn 2 requires 10.6 Snow Leopard and a license costs $50.

Patch Tuesday: What the experts say

Microsoft Tuesday released six patches that address 15 vulnerabilities. Windows exploit code coming "There are three vulnerabilities this month that target a listening service. Here's a look at what security experts are saying about the vulnerabilities, patches and what should concern users.

While none of them are likely to considered great candidates for exploit, they are worth noting as they all primarily affect the enterprise. While Web Services on Devices affects Vista and Server 2008, the attack vector requires that you be on the local subnet, meaning the home user is unlikely to see any real risk."- Tyler Reguly, senior security engineer for nCircle "MS09-066 affects corporate networks as it addresses a vulnerability in Active Directory. It is unlikely that the home user will be running a license logging server or have Active Directory up and running. A successful exploit can result in denial-of-service on the system. All operating systems other than Windows 2000 require valid credentials to send a specially crafted packet.

This vulnerability will be difficult to exploit though. If an attacker already had valid credentials, they would do more damage than a denial-of-service attack on a server. A specially crafted packet sent to a Windows 2000 machine can result in an unresponsive machine that requires an unscheduled reboot."- Jason Miller, data and security team leader for Shavlik Technologies "The Embedded OpenType font kernel vulnerability [MS09-065] is the most serious in our opinion. For Windows 2000 servers, like MS09-064, these machines should be patched immediately. Not only is proof-of-concept exploit code publicly available, but all that's required of a user to become infected by it is simply viewing a compromised Web page. Symantec isn't seeing any active exploits of this in the wild yet, but we think attackers will be paying a lot of attention to it in the future."- Ben Greenbaum, senior research manager at Symantec Security Response. "One of the nice things that you will see today is that Windows 7 and Windows Server 2008 are not affected by any of these patches."- Richie Lai, director of vulnerability research for Qualys Follow John on Twitter: http://twitter.com/johnfontana

Hacker leaks thousands of Hotmail passwords, says site

More than 10,000 usernames and passwords for Windows Live Hotmail accounts were leaked online late last week, according to a report by Neowin.net , which claimed that they were posted by an anonymous user on pastebin.com last Thursday. Neowin reported that it had seen part of the list. "Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe," said the site. "The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists." Hotmail usernames and passwords are often used for more than logging into Microsoft 's online e-mail service, however. The post has since been taken down.

Many people log onto a wide range of Microsoft's online properties - including the trial version of the company's Web-based Office applications , the Connect beta test site and the Skydrive online storage service - with their Hotmail passwords. Accounts with domains of @hotmail.com, @msn.com and @live.com were included in the list. It was unknown how the usernames and passwords were obtained, but Neowin speculated that they were the result of either a hack of Hotmail or a massive phishing attack that had tricked users into divulging their log-on information. Microsoft representatives in the U.S. were not immediately able to confirm Neowin's account, or answer questions, including how the usernames and passwords were acquired. Last year, a Tennessee college student was accused of breaking into former Alaska governor Sarah Palin's Yahoo Mail account in the run-up to the U.S. presidential election. The BBC , however, reported early Monday that Microsoft U.K. is aware of the report that account information had been available on the Web, and said it's "actively investigating the situation and will take appropriate steps as rapidly as possible." If Neowin's account is accurate, the Hotmail hack or phishing attack would be one of the largest suffered by a Web-based e-mail service.

Palin, the Republican vice presidential nominee at the time, lost control of her personal account when someone identified only as "rubico" reset her password after guessing answers to several security questions. Kernell's case is ongoing. David Kernell was charged with a single count of accessing a computer without authorization by a federal grand jury last October. Shortly after the Palin account hijack, Computerworld confirmed that the automated password-reset mechanisms used by Hotmail, Yahoo Mail and Google 's Gmail could be abused by anyone who knew an account's username and could answer a single security question.

The Internet’s First 40 Years: Top Ten Milestones

While 40 years in a person's lifetime is a very long time, the Internet - which turned 40 today - is really only getting started. No birthday celebration for the Internet would be complete without giving recognition to some of the biggest milestones. Still, like just about any 40-year-old guy, the Internet has packed a lot of changes into its life so far. Deciding on which ones is a totally tough call, because the Internet has made such a huge impact on anyone lucky enough to access it.

So here, in chronological order, is my rather arbitrary list of Top Ten Internet Milestones, gleaned largely from a nostalgic look back through the pages of PC World. But as I view things, anyway, it's important to pay tribute to the myriad technologies created over the past four decades to connect people to the Internet - first through modems and then through wireless and cable - as well as to let them access communications like data, radio, and TV in ways once unimaginable. October 29, 1969. Leonard Kleinrock, a UCLA college professor, sends a two-letter message - "lo" - to a computer at Stanford Research Institute. October 13, 1994 - The - eventually to be known as Netscape Navigator - is released as beta code. The Internet is born.

November 6, 1997 - Intel ships a videoconferencing system that runs on the Internet (gasp!) as well as on ISDN phone lines (remember them?) and corporate LANs. February 18, 1998 - The first V.90 modems, enabling Internet access at the then-whopping rate of 56 Kbps, are shipped to stores by 3Com Corp. August 21, 2002 - Together with T-Mobile and HP, Starbucks expands WiFi access to users at 1200 coffee shops throughout the US . Early January, 2009 - Yahoo shows off Connected TV, a platform allowing Web widgets to dock on Internet-connected HDTVs at the Consumer Electronics Show in Las Vegas. Sometime in September 1999 - An Internet-enabled game machine named Dreamcast debuts, pioneering a pathway that will eventually lead to Nintendo's GameCube and Sony's PS3. June 28, 2000 - Metricom rolls out the then-blazingly fast, 128Kbps Ricochet wireless service in Atlanta and San Diego. Early July, 2009 - Internet radio services like Pandora, Blip.fm and Last.fm are saved - albeit temporarily - when recording companies agree to make royalty fees more comparable to those paid by satellite TV services, for example. October 22, 2009 - Microsoft's Internet TV, a new service for accessing Web-based streaming TV shows and movies from directly inside Media Center - finally leaves beta as part of the launch of Windows 7.