Tag: public

Free Software Movement

IT Education, Open Source

Last update: November 30, 2018

The Free Software Movement is known as a social movement created in response to the way most companies license, distribute and allow access to the code behind their software products.

The ideology powering it is to liberate people’s access to the cyberspace and to their computing devices by limiting the use of proprietary software, as this type of intellectual property is known for leading, in most of the cases, to:

  • duplication of efforts for software development;
  • source code unavailability for studying, auditing or changing;
  • restrictions on usage based on the imposed licensing fees.

All of the above have been proven to have a negative impact on individual development and on the entire society evolution.

 

On the other hand, free-software is promoted by the movement as its development is based on people’s necessity and on the collaboration between individuals. Since it is supposed to satisfy each contributor’s needs, it is believed that the software will be:

  • developed so that it respects the community standards as well as the industry best practices;
  • improved by each user’s contribution.

The values that the movement is trying to defend and promote are based on the following freedoms:

  • to be executed or run by everyone;
  • to be studied and eventually changed in order to fit each user’s needs;
  • to be redistributed (with or without changes).

The movement initiator is Richard Stallman, a computer programmer and free software activist that:

 

The Free Software Movement is also known as:

  • FOSSM – Free / Open-Source Software Movement
  • FLOSS – Free / Libre Open-Source Software

 

Read more about it: Free Software Foundation, The GNU Project, Richard Stallman.

See also:

  • Open Source

You might also be interested in:

  • Security and Privacy Education

Mobile Security – Basic Rules

IT Education, Mobile, Security

Top best practices related to mobile device security:

  1. Lock your device
  2. Hide sensitive notifications
  3. Encrypt storage

Lock your device

Mobile device locking methods and how are they seen by security specialists:

  • Password lock – this is considered the most complex and secure way – highly recommended;
  • PIN lock – not that complex, but still secure – best option;
  • Pattern lock – even less complex, low security level – not recommended;
  • Swipe lock – the least complex and least secure method – simply put: useless.

The second option – PIN lock – combined, eventually, with a fingerprint, makes the perfect lock for your device as it provides:

  • sufficient security and complexity – as long as you use more than your date of birth 🙂 or other similar, easy to guess, codes;
  • enough privacy – by using the fingerprint in public areas, you are not giving up your PIN to unauthorized persons;
  • an easy and fast way to unlock your device, especially if using the fingerprint sensor.

 

Hide sensitive notifications

In order to avoid disclosing information to unauthorized persons, one other step to be taken on each mobile device, after securing it with a lock, is to hide sensitive notifications on the lock screen.

This enables your device to show that you have notifications, but in order to be able to see their contents, the phone needs to be unlocked.

The option is available on all latest mobile device software versions and it is usually found in the device settings menu, under the security and privacy options or can be located by searching the device menu for notifications.

 

Encrypt storage

Storage encryption or device encryption is available on most of the devices currently on the market. The encryption protects the user data (photos, contacts, messages, e-mail, documents an so on) from unauthorized access, in case the device is left unsupervised, lost or stolen.

Depending on the device manufacturer, encryption could be turned on by default, but you should check the encryption status on each device and, if required, take the necessary steps to enable it.

Usually, the encryption option can be found in the device settings menu, under the security and privacy options or can be located by searching the device menu for encryption.

Please note that, depending on software versions or hardware manufacturer, features mentioned above might not be available on all devices, or might be a bit difficult to locate and configure.

More details about each specific option can usually be found in the device’s user manual or via internet, by searching for that particular feature and a specific device or software version.

 

The Public Cloud

Cloud Computing, IT Education

Last update: August 28, 2018

The Public Cloud is a type of infrastructure owned by a third party, accessible remotely. It is physically controlled by its owner and it is available to the general public based on different pricing models.

This type of infrastructure is usually shared between several systems and customers, each having access to the desired resources based on their needs. It can be managed by a service provider (sometimes different than the owner).

The Private Cloud and Public Cloud are similar in terms of architecture, configuration, administration and offered services. The main differentiators are the security and privacy factors: a Public Cloud offers its services over public networks, while the Private Cloud is usually setup to work in a private network.

Some of the big players in the cloud market have developed and are currently offering secure (direct) connectivity services, but a customer would need to invest in secure connections up to the service provider’s connectivity hub.

Public Cloud services are usually preferred by small and medium size entities that lack the financial power to sustain the required infrastructure or by organizations that are less concerned by security and privacy.

Of course, the Public Cloud can be used in safe ways, too, usually as a mixture of existing infrastructure with Private Clouds and Public Clouds. This architecture type allows organizations to separate and secure data from processes while providing business flexibility.

According to the NIST definition: The infrastructure “is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organisation, or some combination of them. It exists on the premises of the cloud provider“.

Other information sources: Wikipedia, NIST.

See also:

You might be interested in:

Software as a Service (SaaS)

IT Education

According to the NIST definition: The Software as a Service (SaaS) is “the capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

NIST also mentions that “A cloud infrastructure is the collection of hardware and software that enables the five essential characteristics of cloud computing. The cloud infrastructure can be viewed as containing both a physical layer and an abstraction layer. The physical layer consists of the hardware resources that are necessary to support the cloud services being provided, and typically includes server, storage and network components. The abstraction layer consists of the software deployed across the physical layer, which manifests the essential cloud characteristics. Conceptually the abstraction layer sits above the physical layer“.

Platform as a Service (PaaS)

IT Education

According to the NIST definition: The Platform as a Service (PaaS) is “the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming uages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment“.

NIST also mentions that “this capability does not necessarily preclude the use of compatible programming languages, libraries, services, and tools from other sources.

Infrastructure as a Service (IaaS)

IT Education

According to the NIST definition: The Infrastructure as a Service (IaaS) is “the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls)“.