Posts Tagged 'Laws'

September 11, 2014

The Cloud Doesn't Bite, Part II

Why it's OK to be a server hugger—a cloud server hugger.

(This is the second post in a three-part series. Read the first post here.)

By now, you probably understand the cloud enough to know what it is and does. Maybe it's something you've even considered for your own business. But you're still not sold. You still have nagging concerns. You still have questions that you wish you could ask, but you're pretty sure no cloud company would dignify those questions with an honest, legitimate response.

Well we’re a cloud company, and we’ll answer those questions.

Inspired by a highly illuminating (!) thread on Slashdot about the video embedded below, we've noticed that some of you aren't ready to get your head caught up in the cloud just yet. And that's cool. But let's see if maybe we can put a few of those fears to rest right now.

"[With the cloud], someone you don't know manages [your cloud servers], and they can get really unaccountable at times."

Hmm. Sounds like somebody's had a bad experience. (We're sorry to hear that.) But in truth, cloud computing companies are nothing without reputation, integrity, and, well, security upon security upon security measures. Accountability is the name of the game when it comes to you trusting us with your critical information. Research, research, research the company you choose before you hand anything over. If the measures that a potential cloud provider take don't cut the mustard with you, jump ship immediately—your business is way too important! But you're bound to find one that has all the necessary safeguards in place to provide you with plenty of peace of mind.

Oh, and by the way, have we mentioned that some cloud infrastructure providers put the deployment, management, and control in the hands of their customers? Yup. They just hand the reins right over and give you complete access to easy-to-use management tools, so you can automate your cloud solution to fit your unique needs. So there's that.

"The nickel-and-dime billing that adds up awfully damned quickly. Overall, if you're not careful you can rack upwards of $4k/mo just to host a handful of servers with hot backups and a fair amount of data and traffic on them."

You're right. That's why it's important to plan your cloud architecture before you go jumping in. Moving to the cloud isn't something you do with your eyes closed and with a lack of information. Know your company's business needs and find the best solution that fits those needs—every single one of those needs. Be realistic. Assess intelligently. Know your potential provider's add-on costs (if any) ahead of time so that you can anticipate them. Sure, add-ons can pile up if you're caught off-guard. But we know you're too smart for that to be a problem.

Play around with your possibilities before you sign on that dotted line. If you can't, search for a provider who'll let you play before you pay.

"Many cloud services break many privacy laws. The service provider can see/use the data too. Some of us are even bound by law to maintain the integrity of certain classes of information (personal, medical, financial). Yielding physical control to another organization, no matter what their reputation, removes your ability to perform due diligence. How do I know that what I legally have to keep private really is private?"

Sigh. Okay, we hear this fear; we really do, but it's just not true. Not for any reputable cloud solutions provider that wants to stay in business, anyway. We, grown-ups of cloud computing, take the security of your data very, very seriously. There are hackers. There are malicious attacks. There are legal compliance issues. And for those, we have Intrusion Protection Software, firewalls, SSL certificates, and compliance standards, just to name a few. We can handle what you throw at us, and we respect and honor the boundaries of your data.

So let's talk nitty gritty details. You're probably most familiar with the public cloud, or virtual servers. Yes, infrastructure platforms are shared, but that doesn't mean they're pooled—and it certainly doesn't mean universal accessibility. Your virtual server is effectively siloed from the virtual servers of every other client on that public server, and your data is accessible by you and only you. If you think about it like an apartment complex, it makes a lot of sense. The building itself is multi-tenant, but only you have the key to the contents of your individual unit.

On the other hand, bare metal servers are mansions. You're the only one taking up residence on that dedicated server. That big bad house is yours, and the shiny key belongs to you, and you only. (Check you out, Mr. Big Stuff.) You have complete and utter control of this server, and you can log, monitor, and sic the dogs on any and all activity occurring on it. Bare metal servers do share racks and other network gear with other bare metal servers, but you actually need that equipment to ensure complete isolation for your traffic and access. If we use the real estate analogy again and bare metal servers are mansions, then anything shared between bare metal servers are access roads in gated communities and exist only to make sure the mailman, newspaper delivery boy, and milkman can deliver the essential items you need to function. But no one's coming through that front door without your say so.

We cloud folk love our clients, and we love housing and protecting their data—not sneaking peeks at it and farming it out. Your security means as much to us as it means to you. And those who don't need access don't have it. Plain and simple.

"I don't want [my data] examined, copied, or accidentally Googled."

You don't say? Neither do we.

"What happens to my systems when all of your CxOs decide that they need more yachts so they jack up the pricing?"

They stay put, silly. No one takes systems on the boat while yachting. Besides, we don't do yachts here at SoftLayer—we prefer helicopters.

Stay tuned for the last post in this series, where we discuss your inner control freak, invisible software, and real, live people.

-Fayza

September 17, 2012

Joining the Internet Infrastructure Coalition

In January, we posted a series of blogs about legislation in the U.S. House of Representatives and Senate that would have had a serious impact on the hosting industry. We talked about SOPA and PIPA, and how those proposed laws would "break the Internet" as we know it. The hosting industry rallied together to oppose the passage of those bills, and in doing so, we proved to be a powerful collective force.

In the months that followed the shelving of SOPA and PIPA, many of the hosting companies that were active in the fight were invited to join a new coalition that would focus on proposed legislation that affects Internet infrastructure providers ... The Internet Infrastructure Coalition (or "i2Coalition") was born. i2Coalition co-founder and Board Chair Christian Dawson explains the basics:

SoftLayer is proud to be a Charter Member of i2Coalition, and we're excited to see how many vendors, partners, peers and competitors have joined us. Scrolling the ranks of founding members is a veritable "Who's who?" of the companies that make up the "nuts and bolts" of the Internet.

The goal of i2Coalition is to facilitate public policy education and advocacy, develop market-driven standards formed by consensus and give the industry a unified voice. On the i2Coalition's Public Policy page, that larger goal is broken down into focused priorities, with the first being

"In all public policy initiatives of the i2Coalition will be to encourage the growth and development of the Internet infrastructure industry and to protect the interests of members of the Coalition consistent with this development."

Another huge priority worth noting is the focus on enabling and promoting the free exercise of human rights — including freedom of speech, freedom of assembly and the protection of personal privacy. Those rights are essential to fostering effective Internet advancement and to maintain a free and open Internet, and SoftLayer is a strong supporter of that platform.

If you operate in the hosting or Internet infrastructure space and you want to be part of the i2Coalition, we encourage you to become a member and join the conversation. When policymakers are talking about getting "an Internet" from their staff members, we know that there are plenty of opportunities to educate and provide context on the technical requirements and challenges that would result from proposed legislation, and the Internet Infrastructure Coalition is well equipped to capitalize on those opportunities.

-@toddmitchell

February 2, 2012

Avoiding Apocalypses Like SOPA and PIPA

I've always enjoyed SNL's satirization of those infomercials where a guy is slightly inconvenienced by a product that just doesn't seem to work to his satisfaction. As a result, it shows him getting frustrated and pulling his hair out ... But it doesn't stop there. He then gets into his vehicle, drives recklessly down the one-way street going the wrong way and ultimately crashes into a cable tower, knocking out the "big game" for the whole town. Of course, this causes a riot among the angry football fans who then ravage the whole town. Havoc is wreaked because this guy was using a standard toothbrush instead of the all new, Electric Brush-a-thon 2100.

The funny thing is, I don't think SNL is too far off on how these infomercials represent real life. I can't help but think of these parodies when I think about the effects that SOPA would have had if it passed as law:

The first business to die a slow, horrible and expensive death as a result of the legislation might have been Google. Because it's connected to virtually every website on the planet (legitimate and non-legitimate alike), the amount of time spent severing connections to sites in any way related to a site that was merely assumed to be performing illegal activities would stall Google's growth and innovation endeavors. This would cause thousands of people to lose their jobs ... And it's not out of the question to think one or two of those people might start a riot.

Small- and medium-sized businesses would not have escaped the legislation ... Theoretically, a single anonymous comment that linked to a site with pirated versions of Pirates of the Caribbean (*fitting title as an example*) would make that site subject to being shut down if proper actions weren't taken. All these innovative companies would spend their time playing big brother instead of creating the next new technology that will make our lives easier (or at least more fun) ... And along with stifling innovation, don't forget the riots.

To wrap up our "what if" scenario, we'd have Google failing and SMBs going out of business. The Internet would become a wasteland, and it would be like World War 10 in the streets (we skipped 3 through 9 because all of these riots would make the resulting "war" so momentous).

How's that for a satirical worst-case scenario?

I bring this up in the wake of SOPA and PIPA being tabled because the legislators who proposed those controversial bills merely stopped pursuing their goals in the form of those bills ... We can't let the idea that "we've won the battle" distract us from potentially losing the war.

Many technology companies, including Google and Wikipedia, publicly spoke out against this bill by "blacking out" their sites. Due to all the negative responses from the tech community, the bills' sponsors in Congress decided they didn't want the blood from World War 10 on their hands.

We need to continue the momentum from the Internet's response to SOPA and PIPA — not only to pay attention to attempts at similar legislation in the future but also to proactively help create and shape laws that protect intellectual property and copyright holders.

Also, anything we can collectively do to prevent riots in the streets is a good thing. :-)

-Philip

Categories: 
January 24, 2012

SOPA + PIPA: "Stopped" Now. What's Next?

The Internet community's rallying cry has been heard by the United States Congress and Senate. Last week, we reported that SOPA was temporarily being put on the shelf, but now Congressman Lamar Smith has pulled the bill altogether, stating that "until there is wider agreement on a solution," the bill will not be reintroduced.

On the Protect IP Act (PIPA) front, Senator Harry Reid also announced late last week that he's postponed the schedule vote on the legislation that was originally slated for today. In a statement released on Friday, Senator Reid went on to say:

"There is no reason that the legitimate issues raised by many about this bill cannot be resolved. Counterfeiting and piracy cost the American economy billions of dollars and thousands of jobs each year, with the movie industry alone supporting over 2.2 million jobs. We must take action to stop these illegal practices. We live in a country where people rightfully expect to be fairly compensated for a day’s work, whether that person is a miner in the high desert of Nevada, an independent band in New York City, or a union worker on the back lots of a California movie studio."

As a hosting provider, we wholeheartedly agree that counterfeiting and piracy are a primary focus, and our opposition to the bills drafted to protect copyright holders and intellectual property owners is in response to the verbiage in the legislation and the potential dangers in the proposed means of enforcement. Having SOPA pulled and PIPA put on the shelf is an important step, but it's not exactly a time to celebrate. The Internet community needs to remain vigilant and engaged with Congress to help create legislation that reinforces the freedom of the Internet and protects the rights of intellectual property owners.

These bills have not been forgotten by the members who introduced them for consideration and vote, and they will likely evolve into new proposals with the same intent.

Our legal team and management team will maintain our steadfast opposition to these two bills in their current form, and as similar legislation is proposed, we will fill you in on what's being considered. In the meantime, take a few minutes to visit http://savehosting.org/ and TechAmerica to learn more about what our industry is concerned about.

-@toddmitchell

January 18, 2012

Keep Fighting: SOPA on the Ropes. PIPA Lurking.

The Internet is unnervingly quiet today. In response to the Stop Online Piracy Act (SOPA) in the House of Representatives and the Protect IP Act (PIPA) in the Senate, some of the most popular sites on the web have gone dark today – demonstrating the danger (and the potential unchecked power) of these two bills.

Late Friday afternoon, Judiciary Committee Chairman Lamar Smith announced that the DNS-blocking provisions would be removed from SOPA, and on Saturday, The White House responded to in opposition to the the bills as they stand today. Shortly thereafter, SOPA was "shelved."

The Internet was abuzz ... but the Champagne wasn't getting popped yet. After digging into the details, it was revealed that SOPA being "shelved" just meant that it is being temporarily put to sleep. Judiciary Committee Chairman Lamar Smith stood explained:

"To enact legislation that protects consumers, businesses and jobs from foreign thieves who steal America's intellectual property, we will continue to bring together industry representatives and Members to find ways to combat online piracy.

Due to the Republican and Democratic retreats taking place over the next two weeks, markup of the Stop Online Piracy Act is expected to resume in February."

I only mention this because it's important not to forget that SOPA isn't dead, and it's still very dangerous. If you visit sites like reddit, Wikipedia, Mozilla and Boing Boing today (January 18, 2012), you experience the potential impact of the legislation.

The Internet's outrage against SOPA has brought about real change in our nation's capital: The House is reconsidering the bill, and they'll hopefully dismiss it. With our collective momentum, we need to look at the PROTECT IP Act (PIPA, or Senate Bill 968) – a similar bill with similarly harmful implications that's been sneaking around in SOPA's shadow.

As it is defined today, PIPA has a stated goal of providing the US Government and copyright holders an additional arsenal of tools to aide in taking down 'rogue websites dedicated to infringing or counterfeit goods.' The Senate bill details that an "information location tool shall take technically feasible and reasonable measures, as expeditiously as possible, to remove or disable access to the Internet site associated with the domain name set forth in the order." In addition, it must delete all hyperlinks to the offending "Internet site."

Our opposition to PIPA is nearly identical to our opposition to SOPA. Both require a form of essentially breaking a core aspect of how the Internet functions – whether that breakage happens in DNS (as detailed in my last blog post) or in the required rearchitecture of the way any site that accepts user-generated content has to respond to PIPA-related complaints.

PIPA is scheduled for Senate vote on January 24, 2012. It is important that you voice your opinion with your government representatives and let them know about your opposition to both SOPA and PIPA. We want to help you get started down that path. Find your local representatives' contact information:

[SOPA Concerns]: Contact your congressperson in the U.S. House of Representatives
[PIPA Concerns]: Contact your Senator in the U.S. Senate

Keep spreading the word, and make sure your voice is heard.

-@toddmitchell

January 12, 2012

How the Internet Works (And How SOPA Would Break It)

Last week, I explained SoftLayer's stance against SOPA and mentioned that SOPA would essentially require service providers like SoftLayer to "break the Internet" in response to reports of "infringing sites." The technical readers in our audience probably acknowledged the point and moved on, but our non-technical readers (and some representatives in Congress) might have gotten a little confused by the references to DNS, domains and IP addresses.

Given how pervasive the Internet is in our daily lives, you shouldn't need to be "a techie" to understand the basics of what makes the Internet work ... And given the significance of the SOPA legislation, you should understand where the bill would "break" the process. Let's take a high level look at how the Internet works, and from there, we can contrast how it would work if SOPA were to pass.

The Internet: How Sites Are Delivered

  1. You access a device connected in some way to the Internet. This device can be a cell phone, a computer or even a refrigerator. You are connected to the Internet through an Internet Service Provider (ISP) which recognizes that you will be accessing various sites and services hosted remotely. Your ISP manages a network connected to the other networks around the globe ("inter" "network" ... "Internet").
  2. You enter a domain name or click a URL (for this example, we'll use http://www.softlayer.com since we're biased to that site).

Internet Basics

  1. Your ISP will see that you want to access "www.softlayer.com" and will immediately try to find someone/something that knows what "www.softlayer.com" means ... This search is known as an NS (name server) lookup. In this case, it will find that "www.softlayer.com" is associated with several name servers.

Internet Basics

  1. The first of these four name servers to respond with additional information about "softlayer.com" will be used. Domains are typically required to be associated with two or three name servers to ensure if one is unreachable, requests for that domain name can be processed by another.
  2. The name server has Domain Name System (DNS) information that maps "www.softlayer.com" to an Internet Protocol (IP) address. When a domain name is purchased and provisioned, the owner will associate that domain name with an authoritative DNS name server, and a DNS record will be created with that name server linking the domain to a specific IP address. Think of DNS as a phone book that translates a name into a phone number for you.

Internet Basics

  1. When the IP address you reach sees that you requested "www.softlayer.com," it will find the files/content associated with that request. Multiple domains can be hosted on the same IP address, just as multiple people can live at the same street address and answer the phone. Each IP address only exists in a single place at a given time. (There are some complex network tricks that can negate that statement, but in the interest of simplicity, we'll ignore them.)
  2. When the requested content is located (and generated by other servers if necessary), it is returned to your browser. Depending on what content you are accessing, the response from the server can be very simple or very complex. In some cases, the request will return a single HTML document. In other cases, the content you access may require additional information from other servers (database servers, storage servers, etc.) before the request can be completely fulfilled. In this case, we get HTML code in return.

Internet Basics

  1. Your browser takes that code and translates the formatting and content to be displayed on your screen. Often, formatting and styling of pages will be generated from a Cascading Style Sheet (CSS) referenced in the HTML code. The purpose of the style sheet is to streamline a given page's code and consolidate the formatting to be used and referenced by multiple pages of a given website.

Internet Basics

  1. The HTML code will reference sources for media that may be hosted on other servers, so the browser will perform the necessary additional requests to get all of the media the website is trying to show. In this case, the most noticeable image that will get pulled is the SoftLayer logo from this location: http://static2.softlayer.com/images/layout/logo.jpg

Internet Basics

  1. When the HTML is rendered and the media is loaded, your browser will probably note that it is "Done," and you will have successfully navigated to SoftLayer's homepage.

If SOPA were to pass, the process would look like this:

The Internet: Post-SOPA

  1. You access a device connected in some way to the Internet.
  2. You enter a domain name or click a URL (for this example, we'll use http://www.softlayer.com since we're biased to that site).

*The Change*

  1. Before your ISP runs an NS lookup, it would have to determine whether the site you're trying to access has been reported as an "infringing site." If http://www.softlayer.com was reported (either legitimately or illegitimately) as an infringing site, your ISP would not process your request, and you'd proceed to an error page. If your ISP can't find any reference to the domain an infringing site, it would start looking for the name server to deliver the IP address.
  2. SOPA would also enforce filtering from all authoritative DNS provider. If an ISP sends a request for an infringing site to the name server for that site, the provider of that name server would be forced to prevent the IP address from being returned.
  3. One additional method of screening domains would happen at the level of the operator of the domain's gTLD. gTLDs (generic top-level domains) are the ".____" at the end of the domain (.com, .net, .biz, etc.). Each gTLD is managed by a large registry organization, and a gTLD's operator would be required to prevent an infringing site's domain from functioning properly.
  4. If the gTLD registry operator, your ISP and the domain's authoritative name server provider agree that the site you're accessing has not been reported as an infringing site, the process would resume the pre-SOPA process.

*Back to the Pre-SOPA Process*

  1. The domain's name server responds.
  2. The domain's IP address is returned.
  3. The IP address is reached to get the content for http://www.softlayer.com.
  4. HTML is returned.
  5. Your browser translates the HTML into a visual format.
  6. External file references from the HTML are returned.
  7. The site is loaded.

The proponents of SOPA are basically saying, "It's difficult for us to keep up with and shut down all of the instances of counterfeiting and copyright infringement online, but it would be much easier to target the larger sites/providers 'enabling' users to access that (possible) infringement." Right now, the DMCA process requires a formal copyright complaint to be filed for every instance of infringement, and the providers who are hosting the content on their network are responsible for having that content removed. That's what our abuse team does full-time. It's a relatively complex process, but it's a process that guarantees us the ability to investigate claims for legitimacy and to hear from our customers (who hear from their customers) in response to the claims.

SOPA does not allow for due process to investigate concerns. If a site is reported to be an infringing site, service providers have to do everything in their power to prevent users from getting there.

-@toddmitchell

January 6, 2012

SOPA: Bad for Hosting

SoftLayer manages more than 100,000 servers in thirteen data centers around the world. We have more than 23,000 customers, and those customers are responsible for millions of websites (which get billions of pageviews every month). We're one of the largest hosting providers in the world, and we want to talk a little about the Stop Online Piracy Act (H.R. 3261 or "SOPA").

Many in our industry have already commented (and in some cases, "changed their minds") on SOPA and its equally evil twin, the PROTECT IP Act ("PIPA") in the Senate, but we wanted to share our perspective on the legislation. Even with these Dudley-Do-Right, Goody-Two-Shoes titles and their ambitious goals, SoftLayer opposes these bills in their current forms because they expose innocent and law-abiding hosting companies to uncertain liabilities.

Because this legislation has gotten quite a bit of attention in the past few months, you're probably already familiar with it, but if you haven't paid much attention, we can give you a quick summary: As you can read in the name of the bill, SOPA is being proposed to "Stop Online Piracy." SOPA is under consideration by the House Judiciary Committee, and its intent is to provide additional enforcement tools to combat foreign 'rogue' websites that are dedicated to copyright infringement or counterfeiting. That's a great goal, and SoftLayer does not oppose the intent of the Act ... As you saw from Kevin Hazard's blog post a few weeks ago, we have a team of people working all the time to track down and immediately address any violations of our terms of service (including copyright infringement), so we wholeheartedly agree that copyright infringement and counterfeiting are bad.

The way SOPA tries to address the problem is where we disagree with the bill, so let's talk about the most pertinent part of the bill for a service provider like SoftLayer. If SOPA were to pass, when a case of infringement is reported, we would have to "take such measures as [we determine] to be the least burdensome, technically feasible, and reasonable means designed to prevent access by [our] subscribers located within the United States to the foreign infringing site that is subject to the order."

What that means: We would be forced to turn off our customers' access to a small piece of the Internet.

How are we to do that? Well the "least burdensome, technically feasible, and reasonable means designed to prevent access" are not made clear, but most of the discussions about the bill have focused on changing the way the Doman Name System (DNS) resolves to an "infringing site." We'd be more or less ordered to break DNS ... DNS was designed to simply, accurately and quickly match a domain name with the IP address that domain's owner provides, and if SOPA were to pass, we'd have to tell DNS to behave correctly for every site EXCEPT the reported infringing sites. Again, that's not spelled out in the legislation, so it's like being given a job by someone who has no idea how to do the job nor whether the job is even possible to successfully complete.

And that's all assuming that the order to suspend access to an "infringing site" is legitimate. Many of the organizations that oppose SOPA have explained possible scenarios where orders could be filed under the guise of preventing copyright infringement. A competing site/business could claim:

"the operator of the site operates the site with the object of promoting, or has promoted, its use to carry out acts that constitute a violation of section 501 or 1201 of title 17, United States Code, as shown by clear expression or other affirmative steps taken to foster such violation."

In another scenario, a copyright holder could pull the trigger on an order simply at the thought that a user could infringe on a copyright on/via the "infringing site."

When the United States House of Representatives reconvenes after its winter recess, we will be watching intently with hopes that the Internet's response to the bill has effectively derailed it in its current form. As SoftLayer General Council Suzy Fulton mentioned in her post about Texas House Bill 1841, we've been working with an industry group called TechAmerica which submitted a letter to Congress about SOPA and many of the issues that could negatively affect our industry. Additionally, we've gotten involved with SaveHosting.org to speak out against laws that can hurt our customers.

As discussions continue about SOPA, we'll look for opportunities to share more of our insight with you here on our blog. Please let us know your thoughts about the legislation below.

-@toddmitchell

Subscribe to laws