Microsoft have many varied certification routes and I will not go in to detail on these here (their learning portal is worth a visit however) but one route of key interest for cloudy types is Windows Server 2008 R2 Virtualization.

A bit of an overview of Microsoft certifications – the old school may remember MCP, MCSE etc – nowadays, we are in the age of MCTS and MCITP.  These are loosely the equivalent of their older counterparts, the former being a lower end single exam and the latter being a qualification or certification gained through a combination the single exams.

So – to achieve the latest MCITP (Microsoft Certified IT Pro) qualification, you’ll need to have passed several base MCTS (Technology Specialist) examinations.

In the case of cloudy certifications, this is the ”Microsoft Certified IT Professional: Windows Server 2008 R2, Virtualization Administrator” qualification and requires:

1. Exam 70-652: TS: Windows Server Virtualization, Configuring OR Exam 70-659: TS: Windows Server 2008 R2, Server Virtualization
2. Exam 70-669: TS: Windows Server 2008 R2, Desktop Virtualization
3. Exam 70-693: Pro: Windows Server 2008 R2, Virtualization Administrator

All very worth looking at as they will help with core understanding of the technologies and go to prove an individuals ability with the technologies and…as they say these days at MS…we’re all in!

MC.

Microsoft openly announced commitments to the audience at their PDC09 (professional developer conference) including:

And the browser looks set to feature in a big way at this years PDC as well as in the public arena where it is due for beta release on September 15th (before the PDC).

The release is being marked in a big way (ok maybe not Kinect big) with Microsoft throwing a ‘beauty of the web’ event for a select group of VIP web developers, designers, bloggers and press.

You can get your hands on the latest (currently 4th public) release of the IE9 preview here.

MC.

In case you have not come across it before, phishing is defined as “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication”.

A good example would be:

An email arrives in your inbox from your bank explaining there has been an issue with your account and that you need to log in to verify a couple of pieces of information.  The email provides a link that directs you straight to a login screen.

The email looks trustworthy as it is well written and contains the bank’s logos and details. You follow the link provided, to a website which appears to be legitimate, and you enter the relevant details required without giving it a second thought.

Next thing you know, large sums are missing from your account and you have no idea why.

Avoiding becoming a victim of phishing is not too difficult; you just need to be vigilant when you receive emails asking for personal information.

Here are my top tips to avoid becoming a victim of phishing:

1. Read emails carefully – if they are full of grammatical errors or spelling mistakes, they should not be trusted.

2. If you have been asked to log into any online account, navigate to that website yourself – do not click any links provided.

3. Be aware that many banks will specify the kind of emails they will and will not send to you.  Some even guarantee that they will never email you to ask you to login to your account.

4. Check the legitimacy of the site you navigate to by viewing the details of the SSL owner.

5. Use a web browser that provides anti-phishing support and which protects you from known fraudulent websites.

6. If in doubt, do not provide personal information and speak directly to the supposed source of the email.

Break down of attack types

Most web developers know that they should sanitize their web input. However recent figures from the UK Security Breach Investigations Report 2010 indicate that 40 per cent of all website attacks are due to SQL injections.

SQL injection attacks allow perpetrators to leak data, usually by making a web application perform a query it wasn’t intended to do. However, what most fail to realize is under the right conditions SQL injection attacks can be much more potent than data exposure (which is a serious breach in itself). A well crafted attack has the potential to subvert your entire system where circumstances allow.

To begin, let’s discuss what the SQL injection attack is, and how it works.

A Basic Example

We shall take a PHP MySQL query and consider the problem with it.

mysql_query("SELECT id,username,password FROM user_table \
 WHERE username="'.$_GET['username']."');

So when a user executes a query genuinely, the variable will typically be replaced and the query such, I.E:

mysql_query("SELECT id,username,password FROM user_table WHERE username='matthew'");

The problem arises however when the data input contains characters which are meaningful in an SQL statement. Consider for example logging in with the username ma’tthew (note the intentional quotes in the middle of the username). When we do the variable expansion the query ends up appearing as:

mysql_query("SELECT id,username,password FROM user_table WHERE username='ma'tthew";

When you run this, the query is invalid SQL because the entire statement is syntactically incorrect. What has happened is the attacker has altered the behaviour of the SQL statement – actually gaining control of it. This allows the attacker to continue the statement altering to fetch data that is normally not permitted by the original statement.

This kind of attack is well known by web developers. Unfortunately for system administrators and web developers alike the problem doesn’t stop here. If the privileges that have been set by the system/database administrator are too lax it’s possible to reap data right off the disk and worse still, deploy arbitrary data onto the disk.

The Worst Case Scenario

mysql> desc data;
+-------+-------------+------+-----+---------+----------------+
| Field | Type        | Null | Key | Default | Extra          |
+-------+-------------+------+-----+---------+----------------+
| id    | int(11)     | NO   | PRI | NULL    | auto_increment |
| info  | varchar(32) | YES  |     | Nothing |                |
+-------+-------------+------+-----+---------+----------------+
2 rows in set (0.00 sec)

The webpage used is PHP written as follows:

<?php
mysql_connect('localhost','root','xxxxxx') or die(mysql_error());
mysql_select_db('mywebapp') or die(mysql_error());

echo "<table>\n";
echo "<tr><td>ID</td><td>Info</td></tr>\n";

if (isset($_GET['search'])) {
   $r = mysql_query("SELECT * from data where info like '".$_GET['search']."'") \
      or die(mysql_error());
   echo "SELECT * from data where info like '".$_GET['search']."'";
else {
   $r = mysql_query("SELECT * from data") or die(mysql_error());
}

while ($row = mysql_fetch_array($r, MYSQL_NUM)) {
   echo "<tr><td>$row[0]</td><td>$row[1]</td></tr>\n";
}

echo "</table>";
?>

<form name="test">
Search: <input type=text name=search value=""><br/>
<input type="submit"/>
</form>

However, the developer also has also run “chmod 777” on a directory called “images” which is used for another part of the website. This is a common work-around used to avoid permission problems when creating files, by allowing anyone to create files.

The SQL injection vulnerability occurs on line 9. Because the input is not sanitized, the user can perform a fake search and take control of the SQL. The attacker, having already tried standard SQL injection techniques has seen little data of interest remains on the databases. Rather than find the other databases, the attacker wants to spawn a shell. But, can this be done from within mysql?

The answer is, yes of course it can. This is because the db user has the FILE privilege set that means he can read files in and write files out. The attacker needs to know where the document root is for the website. It’s not outright retrievable from SQL but it is readable in the httpd.conf.

By utilizing the LOAD_FILE privilege and UNION selecting it out, the attacker can add it to the existing table to read the total contents of the file! It’s not a pretty read but thats not relevent. By exploiting the FILE privilege the attacker has obtained a means to get the sites document root.

Armed with this infomation, we can look at the design/layout/source code (again, with more LOAD_FILE tricks it’s possible to determine the most likely place that has a globally writable directory). For example an images/avatar folder for perhaps, joomla, if the site was written as such would be a great target. Because there is a tendency to make folders world-writable when they cannot be normally written to, the attacker can exploit this weakness to deploy a new file within the sites’ document root through mysql. Normally an attacker wants to deploy PHP code into the document root because it will execute. Since it contains lots of meta-characters the attacker typically translates the actual code he wants to use into hexadecimal output. Using the INTO OUTFILE syntax in MySQL he can dump the contents of said file right into his target directory. In this example I will be using simple PHP code that generates “hello world” when the page visits.

The image illustrates what’s happened here. The attacker has injected his own custom string and dumped it into an outfile that’s globally writable and present in the document root of an existing website. Now all that’s left is to visit the file you wrote. The big issue with this type of attack is that it will subvert any coding you might put in place, typically in uploads, to prevent php files being written into sensitive areas on disk.

In Conclusion

The potency of SQL injection and commonness of not sanitizing input is a real threat to system security over and above what’s contained inside of your database. A series of failures have to be reached to get to a point like the one demonstrated above. These failures may include: not enforcing least privileges on database users, not sanitizing all input that comes from a untrusted source, lax file permissions in directories and no defensive layers in sensitive directories.

The trouble is, it’s incredibly simple for a web developer to overlook the sanitization of input, especially with the tight deadlines and rapid application development process that is typical. Not only this but the general consensus to use vulnerable libraries to connect to mysql make such situations common and a concern. Most people are unaware that it’s possible to convert a data leakage vulnerability into a system compromize which can mean IT managers dont give SQL injection threats the priority they deserve in the development process.

Fixing the Situation

There are many ways to fix SQL injection:

• Sanitize your input!
• Use MySQLi or another modern SQL library that supports prepared (or pseudo prepared) SQL satements.
• Use the setfacl command to give apache only access to directories that are meant to be writable by it.
• Deploy .htaccess files into sensitive folders (like uploads) to whitelist what files should be accessible in the folder, so image folders should only allow access to jpg, png and gif for example.
• Dont give FILE privileges to DB users if they dont need it.
• Use SELinux as a last line of defense (its not possible for mysql to write to http content in SELinux).

Such exploits are the result of lax security measures and poor coding and can undermine the confidence of visitors to your site. There’s no need to be victim to the most common form of web attack.

Most of the more prominent features are laid out at the Redhat website but one of the things it neglects to mention is how much more access control it comes with.

Role Based Access Controls (RBAC) offer a system or security administrator a means to define a role of some sort. In our example below we’ll be using a web admin role.

Since Fedora 9, the SELinux maintainers for Redhat have pulled out all the stops to properly deploy a framework for SELinux that is more flexible than what you see with EL5. The problem with EL5′s SELinux policy is that although it works, it really does not scratch the surface of how powerful SELinux really is. RBAC simply is not implemented. This means that delegation of trust and enforcement of a corporate security policy is difficult.

Normal access controls are fraught with problems of trust. To make somebody a true webadmin in traditional Linux systems requires a lot of effort:

• The user must be able to read/write web content.
• The user must be able read/write configuration files.
• The user must be able to restart web services.
• The user must be able to alter php configuration files.
• The user must be able to read/write home directory content (if say apache uses mod_userdir).
• The user must be able to read/write the temporary files that the http service generates (php sessions and genuine temp files).
• The user must be able to change permissions of web content.

To manage this level of access on a traditional system would be nigh on impossible. You might be able to get a lot of it done through the use of file ACLs and sudo but it would be a nightmare to manage and make sure not to permit too much or too little access.

EL6 dips more than just its toe into the water of SELinux and with it comes a more flexible implementation of role based access control that is worthy of consideration.

Normally one needs to be able to define what the limits of the role are in order to implement it. But the SELinux policy in EL6 already comes with predefined roles, such as web admin which can be implemented without too much trouble.

Demonstrating RBAC

I am going to demonstrate how to do the above in a secure way which gives a system administrator the confidence to delegate trust.

For starters you’ll need either an Fedora 12 box or EL6 Beta. Once here we can prepare our system to do this in a few relatively simple steps.

Firstly, we’ll add the user onto the system as a web administrator.

[root@krbsrv ~]# useradd webadministrator
[root@krbsrv ~]# passwd webadministrator
Changing password for user webadministrator.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Next, we’ll create an SELinux User and assign our UID to use it.

[root@krbsrv ~]# semanage user -a -R "staff_r system_r webadm_r" -L s0 -r s0 webadm_u
[root@krbsrv ~]# semanage login -a -r s0 -L s0 -s webadm_u webadministrator

Line 1 creates the webadm_u SELinux user (this is distinctly different from a UNIX user account) which is mapped to roles it can be part of.

What we have done is assigned it to the staff, system and webadm roles. ‘Staff’ is a restricted account which can su and sudo which is what we’re going to need to permit, the system role is used here because its needed to run init scripts (to start/stop httpd), and finally our webadm role is the actual primary role of this user. It’s not possible to map the webadm role directly and only to this user because webadm_r doesnt actually have enough privileges to get it to login via SSH. So instead we use the loginable staff role and transition to the webadm role when we want to do work. The -l and -r  are sensitivities. This isnt used in SELinux but its mandatory to pass something to it.

Line 2 maps the actual UNIX user webadministrator to the SELinux user webadm_u, so when the user logs in this will be their identifiable user.

Now we have done this theres still a few more steps left yet.

We have listed 3 roles the SELinux user webadm_u can transition into. But, how do we know which one to transition into by default? Well – the answer to this is the folder: /etc/selinux/targeted/contexts/users. This folder contains a list of SELinux users you already have. If you open the file staff_u file you’ll see something like this:

system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0	staff_r:staff_t:s0
system_r:sshd_t:s0		staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:crond_t:s0		staff_r:staff_t:s0
system_r:xdm_t:s0		staff_r:staff_t:s0
staff_r:staff_su_t:s0		staff_r:staff_t:s0
staff_r:staff_sudo_t:s0		staff_r:staff_t:s0
system_r:initrc_su_t:s0		staff_r:staff_t:s0
staff_r:staff_t:s0		staff_r:staff_t:s0
sysadm_r:sysadm_su_t:s0		sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0	sysadm_r:sysadm_t:s0

This file is a two columned list of which role/types to map to users depending on how they enter the system. So for example the type “local_login_t” represents accessing from a console directly whereas the type “sshd_t” represents logging in via SSH. To the right of these entries is a left-to-right priority list of what contexts the staff_u user ends up getting when they login. Its not important to know all about how this works. All we really need to do is copy this file and name it webadm_u in the same directory.

[root@krbsrv ~]# cp /etc/selinux/targeted/contexts/users/staff_u \
/etc/selinux/targeted/contexts/user/webadm_u

OK so now we have initialized our webadm_u user for logging in. But theres one final task..

The UNIX user webadministrator cant do some of the things it needs to to properly function – such as restart the httpd service or change file ownerships/permissions when necessary. To do this webadm must become root. Becoming root means nothing to SELinux. It will enforce its policy all the same, so even as root webadministrator is restricted purely to the role that is needed. Thus we can safely do this without compromizing our system. We use sudo to do this which takes special tags we use to transition to our webadm role automatically so the user doesnt need to worry about the selinux particulars:

[root@krbsrv ~]# echo 'web_admin ALL=(ALL) TYPE=webadm_t ROLE=webadm_r ALL' >> /etc/sudoers

This means that when the webadministrator runs sudo it will automatically transition into the webadm_t type and webadm_r role.

Great, now we’ve fixed up our user lets test him out!

[root@krbsrv ~]# ssh webadministrator@192.168.122.73
webadministrator@192.168.122.73's password:
Last login: Wed Aug 11 22:55:45 2010 from 192.168.122.1

[webadministrator@krbsrv ~]$ id -Z
webadm_u:staff_r:staff_t:s0

[webadministrator@krbsrv ~]$ sudo -s
[root@krbsrv ~]# id -Z
webadm_u:webadm_r:webadm_t:s0

So, we login via SSH as per the norm. When we login we check our ID (getting SELinux context). You can see we have logged in with webadm_u as the user but staff_r as the role and staff_t as the type. We can’t do much to our web content in this role and we’re also not root. When we sudo what happens is sudo auto-transitions the user into the webadm_r role and webadm_t type – just what the doctor ordered.

This role runs a very restricted set of actions it can take. Lets see what we can do…

We should be able to change the apache configuration and restart the service:

[root@krbsrv ~]# echo "# Add a comment to this file" >> /etc/httpd/conf/httpd.conf
[root@krbsrv ~]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

However we can’t restart other services:

[root@krbsrv ~]# /etc/init.d/sshd restart
bash: /etc/init.d/sshd: Permission denied

We can read, create and modify files in the document root:

[root@krbsrv ~]# cd /var/www/html
[root@krbsrv html]# touch new_file.txt
[root@krbsrv html]# rm new_file.txt

However we can’t modified files outside this:

[root@krbsrv ~]# echo "Port 20000" >> /etc/ssh/sshd_config
bash: /etc/ssh/sshd_config: Permission denied
[root@krbsrv ~]# cat /etc/shadow
cat: /etc/shadow: Permission denied

Looks good!

So, here we are. As you can see, in the webadm role we can restart httpd (which webadministrator needs to do), write to our configuration files and alter our webcontent. However we can’t change anything outside of our remit or attempt to perform anything nefarious – all despite the fact we are root!

In Conclusion..

Practically speaking, the SELinux policy that comes with EL6 is meant to be a framework, not really a turn-key solution to just fit in with your current system. mAs such webadm as a role itself needs tweaking.

For starters, in the webadm role you can’t read your own home directory which is a little impractical. But also you can’t manage the php.ini or any session files created within php.ini. Therefore I’ve tweaked the policy and added the ability for webadm to be able to test websites from within the role, resolve DNS name entries and also allow SSL certificates to be written in the appropriate places. I decided not to permit webadministrator to be able to use FTP to download files directory in the webadm role. If he wants to do this however he can use the non-root login (using the staff role) to download to his home directory and then copy it accross in the webadm role afterwards. I have supplied the policy I wrote as an idea of how you would do this (download here: mywebadm).

It should be worth nothing that nearly every SELinux policy needs fine-tuning to suit your needs. One size definitely does not fit all. SELinux policy however gives you the specific tools you need to build a working, guaranteed access policy meaning you can delegate system administrator work without giving away root privileges and assign the specialists in their fields the power they need to do their work and no more.

I’m a bit of a fan of what SELinux is and does and I thought it was a shame that Redhat failed to mention the amount of effort and progress gone into the policy EL6 ships with. In the real world managing security threats outside and inside your network is a high priority. EL6 finally gives Linux the power to do this.

At least control groups gets a mention. But thats a story for another time…

The report, released earlier this week, surveyed 252 decision makers from Fortune 1000 companies and considered the financial results of top hardware suppliers.

Reporting a 61 per cent increase in server revenue for the first fiscal quarter of the year, the survey reveals that Dell is the quickest server provider to rebound from the economic meltdown.

Bob Gill, managing director of TheInfoPro says that it is clear that, “Dell is rebounding first.”

US studies of this kind are often an indication of trends which affect the UK.  However server sales at UKFast have remained strong over the last few years as we continue to watch our clients grow their server provisions.

As Dell has been our primary server source for many years now, we experience their quality day in day out and are not surprised that they are continuing to be the most competitive in the industry.

Although we have developed our own cloud network in the last year, our dedicated servers are far and away our most popular solutions and demand for our dedicated hosting has continued to increase throughout 2010.

Because we offer a range of hosting options at UKFast and have complete control over our hardware, we are able to remain resilient to the changing pressures of the market.

A particularly exciting project for us is the construction of our new data centre, ‘Manoc3’ which is due to be opened later this year.

Kitting out data centres ourselves, we are able to produce the perfect hosting environment, providing our clients with hardware we trust from server manufactures who remain firm leaders of their industry.

After interviewing 2,000 online consumers, ecommerce trading solutions provider eCommera found that nearly half of consumers (42 per cent) prefer to buy from an aggregated online retailer offering a choice of brands. Just 13.6 per cent of shoppers actually go directly to a brand’s website with one-stop shops such as Amazon their preferred first point of call.

Despite brand building inspiring trust among consumers, ultimately convenience appears to be the main incentive for shoppers online.

The report also revealed that consumers are more likely to visit a website that is recommended by family or friends, with word of mouth one of the two key factors in online browsing. While 7 out of 10 identified personal recommendations as influential to their decision, just 21 per cent said advertising on TV, radio and print had played a part and 35 per cent of consumers said Google search is one of the top two factors when choosing a website to buy products online.

Fortunately for H&M and Zara, the brand’s high street presence was cited as the second most important factor by 46 per cent of those surveyed.

H&M’s online store will go live on 16 September and will sell clothing for men, women and children as well as soft furnishings, which are currently unavailable in its 168 UK high-street stores. Zara will also complement its 65 UK stores by selling fashion online for the first time.

Of these updates, for the Windows Server operating systems, 3 are listed as requires restart and apply to Windows Server 2003, 2008 & 2008 R2.

• MS10-046 – kb2286198
• MS10-053 – kb2183461
• MS10-060 – kb2265906

Since these have been released, limited testing has been undertaken and we can confirm that we are expecting reboots to be required for Windows Server 2003, 2008 and 2008 R2.

MC.

(as usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)

At UKFast we are often asked about our business continuity plans. However, on many occasions this has to be pointed straight back at the questioner.

We start by identifying every critical inward and outward facing business process and list it in order of criticality.  All the information assets involved in each process are identified and referenced to an information asset register.

For each of the services, the risks are identified as well as the possible business continuity impacts that they would have on the business should they occur.  This can range in seriousness from the loss of site access through to the loss of site.

The risks are prioritised in terms of their impact and the business continuity planning process makes arrangements to tackle these risks in the order identified by the risk assessment process.

UKFast’s business continuity plans address all of our company’s activities and ensure that adequate resources are available to provide continuity to all information security assets. This includes taking appropriate steps for the protection of our team and all information processing facilities.

Our business continuity plans are maintained within a set framework and are subject to continual testing, maintenance and improvement.

You may be able to gauge that our BCP regime is extensive but this is in part because there are a number business continuity scenarios that would affect both our own company and our client’s business processes.

At UKFast we offer solutions to all of our clients that ensure if such scenarios were to occur, they would do so without an effect to their business processes.

In summary, the UKFast business continuity plans consider UKFast business continuity and specifically our network first, in the event of a BC scenario. There are a number of scenarios that will only directly affect UKFast business processes and a number of scenarios that will affect both UKFast and UKFast Client business processes.

So…what is your business continuity plan?

First, a little background. Many of the consumer grade motherboards on the market use low-end NICs which under high network load can incur a substantial cost compared to enterprise grade NICs. This is because of shortcuts that have been used for getting the device onto the market.

With this in mind, lets take a closer look at what impact a bad NIC can have on Linux compared to one that has been properly optimized.

The Test Setup

Our test machine is a virtual machine running with QEMU + KVM. Configured on the VM are two network devices, an emulated rt8139 chipset device (eth1) and the newer, and hopefully more efficient virt-io paravirtualized network device (eth0).

ip address show
[...]
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 52:54:00:73:67:73 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.73/24 brd 192.168.122.255 scope global eth0
inet6 fe80::5054:ff:fe73:6773/64 scope link
valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:73:67:74 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.177/24 brd 192.168.122.255 scope global eth1
inet6 fe80::5054:ff:fe73:6774/64 scope link
valid_lft forever preferred_lft forever
[...]

And just to be thorough, the kernel modules we’re running:

lsmod | egrep '^(8139|virtio_net)'
8139too                27638  0
8139cp                 19191  0
virtio_net             14013  0

The Benchmarking

To start we’ll take down the virt-io device and see what kind of performance we are able to obtain from the 8139 device when we give it some work to do:

ip link set dev eth0 down

To benchmark this properly requires the use of a system profiler and we have two options; Oprofile and Perf.

Perf is typically the one you should choose on newer kernels, and since test server is running Fedora 12 we’ll be using this as our profiler.

The way that profiling works is through special hardware performance counter registers on the CPUs which are utilized to obtain our statistics with very little overhead and thus causing lesser fudging of our benchmark.

The test file we’ll be downloading is a file of random data using wget on the hypervisor itself. The idea here is that we attempt to max our throughput by selecting a file on a neighbouring machine where as little network interference could effect our results. Perf will record the data which we can analyze:

perf record -af wget http://192.168.122.1/stuff/bigfile.img
--2010-08-09 14:08:22--  http://192.168.122.1/stuff/bigfile.img
Connecting to 192.168.122.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 419419444 (400M) [application/octet-stream]
Saving to: "bigfile.img.1"

100%[===================================================>] 419,419,444 21.0M/s   in 14s

2010-08-09 14:08:37 (27.9 MB/s) - "bigfile.img.1"

[ perf record: Woken up 15 times to write data ]
[ perf record: Captured and wrote 2.413 MB perf.data (~105447 samples) ]

What we have done here is got the profiler to monitor the entire system at the same time running the ‘wget‘ command. This has given us reference samples. The percentages that the report creates are relative to the total load the system produced, thus to get the overall load on the system at the same time we have ran mpstat to collate overall system load. These results are listed below:

02:17:35 PM  CPU      %usr   %nice    %sys...
02:17:36 PM  all      0.00    0.00    0.00...
02:17:37 PM  all      2.00    0.00    8.00...
02:17:38 PM  all      0.00    0.00   17.44...
02:17:39 PM  all      1.01    0.00   18.18...
02:17:40 PM  all      0.00    0.00   12.12...
02:17:41 PM  all      1.01    0.00    9.09...
02:17:42 PM  all      0.00    0.00    4.08...
02:17:43 PM  all      1.00    0.00   11.00...
02:17:44 PM  all      0.00    0.00   16.83...
02:17:45 PM  all      0.00    0.00    2.02...
02:17:46 PM  all      0.94    0.00    5.66...
02:17:47 PM  all      0.00    0.00    5.56...
02:17:48 PM  all      0.00    0.00    2.11...
02:17:49 PM  all      0.98    0.00   16.67...
02:17:50 PM  all      0.00    0.00    9.20...
02:17:51 PM  all      0.99    0.00    7.92...
02:17:52 PM  all      0.00    0.00    2.08...

You can see here during the run system cpu load ramped up to about 13% whilst the download took place.

The results for our perf and our 8139 module grepped out are thus listed. They give us more insight as to what is going on:

perf report | grep 8139
7.15%          swapper  [kernel] [k] cp_start_xmit        [8139cp]
4.72%          swapper  [kernel] [k] cp_interrupt [8139cp]
3.88%             wget  [kernel] [k] cp_rx_poll   [8139cp]
3.23%             wget  [kernel] [k] cp_start_xmit        [8139cp]
1.73%             wget  [kernel] [k] cp_interrupt [8139cp]
0.92%          swapper  [kernel] [k] cp_rx_poll   [8139cp]
0.17%      flush-253:0  [kernel] [k] cp_start_xmit        [8139cp]
0.12%      flush-253:0  [kernel] [k] cp_interrupt [8139cp]
0.03%             sshd  [kernel] [k] cp_start_xmit        [8139cp]
0.03%          swapper  [kernel] [k] dma_unmap_single_attrs.clone.2       [8139cp]
0.02%      flush-253:0  [kernel] [k] cp_rx_poll   [8139cp]
0.02%          swapper  [kernel] [k] dma_map_single_attrs.clone.1 [8139cp]
0.02%             sshd  [kernel] [k] cp_interrupt [8139cp]
0.01%             wget  [kernel] [k] dma_unmap_single_attrs.clone.2       [8139cp]
0.01%            ata/0  [kernel] [k] cp_start_xmit        [8139cp]
0.01%            ata/0  [kernel] [k] cp_interrupt [8139cp]
0.01%             sshd  [kernel] [k] cp_rx_poll   [8139cp]
0.01%             wget  [kernel] [k] dma_map_single_attrs.clone.1 [8139cp]
0.01%          kswapd0  [kernel] [k] cp_interrupt [8139cp]
0.01%  hald-addon-stor  [kernel] [k] cp_interrupt [8139cp]
0.01%          swapper  [kernel] [k] netif_wake_queue     [8139cp]
0.01%  hald-addon-stor  [kernel] [k] cp_start_xmit        [8139cp]
0.01%        scsi_eh_0  [kernel] [k] cp_start_xmit        [8139cp]
0.01%                X  [kernel] [k] cp_start_xmit        [8139cp]

Of the total load on the system, the 8139 driver used about 20% of the entire load. If we take our 15% system usage from before and take 20% from it this indicates that about 3% of the cpu was used handling the network traffic.

Lets take a look at virt-io. We’ll enable it and run the same test.

perf record -af wget http://192.168.122.1/stuff/bigfile.img
--2010-08-09 14:25:35--  http://192.168.122.1/stuff/bigfile.img
Connecting to 192.168.122.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 419419444 (400M) [application/octet-stream]
Saving to: "bigfile.img.7"

100%[================================================>] 419,419,444 59.1M/s   in 6.0s

2010-08-09 14:25:41 (66.6 MB/s) - "bigfile.img.7"

Interesting, this ran actually took half the time.

02:25:34 PM  CPU    %usr   %nice    %sys[...]
02:25:35 PM  all    4.00    0.00   23.00
02:25:36 PM  all    2.67    0.00   52.00
02:25:37 PM  all    1.23    0.00   33.33
02:25:38 PM  all    1.00    0.00   17.00
02:25:39 PM  all    0.00    0.00    2.00
02:25:40 PM  all    3.03    0.00   36.36
02:25:41 PM  all    0.00    0.00    6.93
02:25:42 PM  all    0.00    0.00    1.01

So, system load was much higher this run using virt-io. Lets check our perf results:

0.18%          swapper  [kernel] [k] virtnet_poll      [virtio_net]
0.08%             wget  [kernel] [k] virtnet_poll      [virtio_net]
0.04%          swapper  [kernel] [k] try_fill_recv     [virtio_net]
0.03%      flush-253:0  [kernel] [k] virtnet_poll      [virtio_net]
0.01%          swapper  [kernel] [k] start_xmit        [virtio_net]
0.01%          kswapd0  [kernel] [k] virtnet_poll      [virtio_net]
0.01%             wget  [kernel] [k] xmit_skb  [virtio_net]
0.01%             wget  [kernel] [k] start_xmit        [virtio_net]
0.01%             wget  [kernel] [k] try_fill_recv     [virtio_net]
0.00%          swapper  [kernel] [k] xmit_skb  [virtio_net]
0.00%          swapper  [kernel] [k] free_old_xmit_skbs        [virtio_net]
0.00%          kswapd0  [kernel] [k] free_old_xmit_skbs        [virtio_net]
0.00%      flush-253:0  [kernel] [k] free_old_xmit_skbs        [virtio_net]
0.00%      flush-253:0  [kernel] [k] start_xmit        [virtio_net]
0.00%      flush-253:0  [kernel] [k] try_fill_recv     [virtio_net]

Well, this is much better. virt-io uses about 1% of the average 25% system usage for the task, thats 0.25% of the total CPU, about 12 times more efficient!

So, what does this show us?

Well, this test would be a no-contest race anyway because on a VM like this 8139 is not paravirtualized whereas virt-io is. Virt-IO was bound to win.

But what this does demonstrate is the difference in driver implementations can broadly affect the CPU. On consumer systems especially cheap NICs reduce performance over the long term by perhaps 3-4% of the CPU. This might not seem like a lot now, but when we delve into the realms of 10G ethernet, this will start to show on more modern CPUs. Having multiple CPUs handling incoming traffic will spread this load out leaving your system free to handle other tasks – or at least not block so much which could lead to increased throughput.

Conclusion

This change, ultimately, will make Linux CPUs perform better in very high speed networks. With the enterprise trend beginning to move to high speed SANS using ISCSI, and perhaps further in the future Fibre Channel over Ethernet, it becomes important for system adminstrators to know where their overheads are. 10G NICs in these environments will really benefit from multi-core CPUs which by the time 10G becomes the norm, most people should be using.

As a system administrator myself, I have a keen interest in resource accounting. Measuring efficiency is important in our business and improving it without having to do much effort on my own behalf I will always welcome.

All are listed at least as ‘may require a restart’. Of note:

• ‘requires restart’:
  • 2 critical updates affecting Windows Server 2003 32bit and x64 Service Pack 2.
  • 1 critical update affecting Windows Server 2008 32bit and x64 & 2008 R2.

We will issue further information on the impact of these updates once they have been released for testing.

The ‘Microsoft Security Bulletin Advance Notification for August 2010′ page here should be referenced for detailed information on how these updates affect your servers or solutions when released on 10th August (as usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)

MC.

When visiting a site, it is important to look for certain signs to ensure that a site is safe before entering credit card details or private personal information.

A small padlock is normally visible in the bottom right or at top right corners of the screen and means that any data entered in to the site will be secure as it will be encrypted.

By clicking the padlock, you can discover information about the SSL and who it is owned by/ issued to. For example, clicking the padlock on https://my.ukfast.co.uk gives the following information:

There are also different types of SSL referring to different encryption levels. The most common forms are 40 bit, 128 bit and 256 bit are the most common. But what does this actually mean?

These figures refer to the length of the encryption key required to unencrypt data – for example, 128 bit encryption actually means that the encryption key is 128 digits long. As with passwords, the longer the key, the more possible combinations there are – so the higher this number, the more secure the site.

There are other forms of visual verification on screen that can indicate that the site you are visiting is secured by an SSL. Often the URL for a secure site will begin with “https”, the “s” referring to “secure.” The company name may also be featured to the left hand side of the address bar, to add extra piece of mind.

Finally, an EV or Extended Validation Certificate provides additional visual information to reassure the website visitor that the site is protected by an SSL. A site with an EV certificate will highlight the address bar in green and will normally contain the name of the Certificate Authority which has issued the certificate and also the name of the company which the certificate has been presented to.

Clearly there are many different types of SSL and many ways to check the security of a site. However, the most important thing is that you can be confident that when you provide personal information online, you are confident that you are using a secure website.

This update addresses vulnerabilities in handling of shortcuts (.lnk’s) in the Windows Shell. Microsoft are now seeing active exploits and hence have released this update 1 week prior to the usual ‘patch tuesday’ updates – which are released on the second Tuesday of every month.

This update applies to Windows XP, Vista, Windows 7, Windows Server 2003, 2008 and 2008 R2.  A more detailed list of affected OS’s and information on the update and how it affects you can be found on Microsoft Technet.

Initial spot checks of the server OS’s above show that once KB2286198 is applied, a reboot is necessary.

MC.

(as usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)

In certain circumstances, 97 per cent of customers are not getting their advertised speed. In addition, there is a growing gap between the claims ISPs make about broadband speed and that which is actually delivered.

So, how does this tie into the hosting industry? Well, there are many hosting providers who, like their broadband counterparts, over promise on bandwidth offered with the hosting package. Hosting providers who use promises of ‘unlimited bandwidth’ as their advertising slogan cannot deliver. It’s impossible. If these unlimited bandwidth promises were ever fulfilled, surely the world’s biggest bandwidth consuming websites (YouTube and Facebook for example) would host with these companies in order to dramatically cut costs?

How do they get away with advertising in such a way with no potential to deliver on it in the way that a customer would expect? The secret lies within small print. You must check the terms and conditions on any offers of this nature. The likelihood is there is something in the Ts&Cs about an acceptable usage policy which means that you will be cut off once you have used 100GB for example.

A common feature of unlimited bandwidth offers is the promise of, “unlimited bandwidth and 100 Mbps connection.” Sounds good, doesn’t it? They want you to believe that you will have 100Mbps connection to the internet which would give you the ability to consume 340TB every month. Clearly this has never been possible. In reality, a 100 Mbps connection is simply the capability of the network card on your server and not the speed of the pipe.

Pipe speeds may vary from provider to provider, but the end result does not – large numbers of customers all promised unlimited bandwidth and all connected to the same pipe. This is problematic as it means that the maximum capabilities of the pipe to which all the customers are connected is not enough to perform at the expected level of the user. This leads to bandwidth performing way below the level of everyone’s expectations and results in lots of slow to load websites.

You get what you pay for. Investing in hosting with a company that has invested in high quality infrastructure and that operates with significant available network capacity makes sense.

Richard Branson is building Virgin not just for his children and their generation but for his great, great, great, great, grandchildren and their contemporaries. To do this, you have to surround yourself with pioneers, with people hungry for progress and in our digital society, people who can constantly innovate and push the boundaries.

This is why we love to be involved with the Digital Entrepreneur of the Year Awards, which honour the leaders of the internet. What I personally like about them is the fact that they do not just seek out owners of successful online businesses – those charismatic leaders who have the drive and ambition to build something special and gain recognition for their efforts. They also aim to find the technical wizards, the more reserved folk who are actually creating the internet and shaping the web as we know it.

As a dedicated server provider, we are lucky enough to see some of the most exciting web projects up close and have the chance to play a big part in their success. It’s very gratifying to unearth some of the web’s masterminds and be able to reward them for their efforts.

The 2010 DEAs launched last week and already, I’m told there are loads of entries coming in. And really excitingly, many of them are for the more technical categories.

Entry is really simple – there are three tailored questions for each of the 15 awards available. You are encouraged to write as much or as little as you wish to get your business or project across and the kind of things the judges are looking for are indicated in each entry form. The other great thing is that because the awards aim to be as inclusive as possible – they are free to enter.

You can find out more at the website – http://www.digital-entrepreneur.co.uk

The industry regulator has discovered that the average customer is now charged for a speed of up to 11.5 mbit/s, but receives just 5.2 mbit/s.

For over a decade UKFast has been focussed on the importance of speed online and as such we were relatively unsurprised by Google’s revelation that speed plays a part in SEO. Google webmaster’s blog states: “Like us, our users place a lot of value in speed – that’s why we’ve decided to take site speed into account in our search rankings.”

However if we are to listen to the latest from Ofcom, it seems that irrespective of Google’s attempts to prioritise companies with fast page load speeds, many internet users are still facing a frustratingly slow experience when surfing the web.

Ofcom’s research has also revealed that the majority of customers questioned now consider broadband to be “as essential as a utility” and that users of Orange and BT broadband packages routinely receive less than one-third of the speeds they were paying for at peak times.

As a leading hosting provider, we understand the importance of having the right tools for the job. If top broadband speeds are to be achieved, companies need a firm foundation on which to build their network, and this is what the government has been promising the UK for some time.

Culture Secretary Jeremy Hunt, who is ultimately responsible for broadband, has recently delayed a commitment for a universal broadband service of 2 mbit/s until 2015, pushing it back from 2012.

The Government maintains, however, that Britain will have “the best broadband network in Europe” by the end of the parliament. Mr Hunt has promised that the focus will be on the next-generation of fibre networks, which BT has said it will deliver to two-thirds of the country by 2015.

Essentially it is still very much open for debate whose responsibility it is to keep the web running at top speed. However, at UKFast we are keen to grab the bull by its horns and work with web based companies, broadband providers and the government alike to create an infrastructure which ensures top speeds online.

If you want to find out more about how we are planning to build online Britain or apply for a £1000 hosting fund, check out the details of our ‘Growth Through Innovation’ fund.

As bargain-hunting reaches fever pitch, it is estimated that web sales now account for 33p of every £1 spent in the summer sales.

With 62 per cent of consumers quizzed reporting that buying online is less hassle than on the high street, avoiding the stress of crowds and long queues seems to be the greatest pull of online shopping.

Grabbing the best bargains also appears to be a cause for the migration online, with 53 per cent of shoppers believing that web sales offer more choice and better discounts.

Highlighting the change in shopping patterns encouraged by the unstable economic climate, in addition to shopping online, users also appear to be spending longer researching purchases with the busiest online shopping day arriving over a month after the sales began.

With the report by Opinion Matters for Kelkoo finding that 51 per cent of consumers believe there is ultimately a better range of products available online, it is not surprising that Accessorize is the latest High Street store to launch a standalone website this week.

HMV has also unveiled its attempt to diversify its entertainment brand with the launch of a new digital download service, HMV Digital. Complementing its nationwide stores, the download service will see the brand challenge Apple’s iTunes in the digital download market.

We were with the students for just over an hour and they had lots of questions, which was just as well, because one of the key points (about interviews) was to take in as many good questions as you can think of. I am always impressed by a candidate who turns the tables on me and starts to interview the business to discover its suitability for them!

One question came up that particularly interested me. A young man asked, “If I am interested in running my own business in the future, should I tell the interviewer this? Should I allow them to know that I am this ambitious?”

I could tell that they were not expecting my answer. I said “Yes, you need to let them know your vision, your goals and passion for success.” The man looked confused and asked, “What if this puts him off?” I responded, “Then it’s not the right job for you.”

It reminded me that in business there can often be a ‘watch your back’ mentality. The student was afraid that a manager or business owner would see him as a threat and might be worried that he would either be after their job or looking to learn from them in order to set up against them.

At UKFast we take a different stance. We see people with ambition as an opportunity. We consider the contribution that they can make to the journey our business is on. We also recognise that they could well become our leaders of the future and we embrace this possibility.

The ‘right fit’ in recruitment works in a number of ways. Most of the students entered the room focusing on their skills as the main aspect that would get them their dream job. They left it, however, thinking about how to promote the attributes that make them the person they are and wondering what ‘kind’ of business would meet their needs.

In this final post of the series we shall explain how an organisation can attempt to be as compliant as possible with the ISO27001 standard, even without receiving this accreditation.

Without pursuing ISO27001 accreditation myself, how may I ensure that my organisation is as compliant as possible with the ISO27001 standard?

The best way to ensure that your organisation is compliant with the ISO27001 regulations, is to begin by making sure that as many of your information assets as possible are managed by an ISO27001 accredited hosting provider.

By employing the provision of specific services relating to security in this way, you will not yourself be accredited by association, but are much more likely to ensure that you are acting in accordance with the correct regulations.

Finally you can ensure that your organisation adopts an information security policy that has been approved by an ISO27001 accredited provider.  This can then be the strong foundation which may be the source of further direction, policy and procedure in relation to your own, and your clients’ information assets.

Since UKFast launched the ‘Building online Britain’ GTI scheme (Growth Through Innovation) we’ve been collaborating with online pioneers to share industry knowledge and skills with UK businesses. The purpose behind the philanthropy is to give those who want to conquer the digital market a little nudge in the right direction.

For the past eight months, UKFast has been partnering up with business masterminds to research and promote a better online environment for UK businesses, focusing on aspects such as innovation, speed, service and security, we call these ‘the round tables’.

Since we first started, we’ve been lucky to have had some majorly influential people itching to be involved, and with the likes of Travelzoo’s MD, Joel Brandon-Bravo, and Nick Brown, Chief Exec of Eazyfone, walking through our doors, you really would have to be barking mad not to lap up all the advice that’s being presented to you on a silver platter.

The B.O.B. campaign itself started out as a hosting fund that offers a £1000 share to businesses of £1million towards building your company online.  However, the campaign has since escalated into so much more, especially since our research unearthed some distressing figures about the lack of businesses online.

There has been a 45 per cent growth in online sales over the past two years (IMRG) but, somehow and somewhere 90 per cent of online businesses are failing. With such a berth of opportunity waiting for new and niche products and services to enter the market, there’s no reason not to be online and taking advantage of what’s sitting at a screen right in front of you.

The round tables have discussed numerous topics, such as ecommerce, online law and the marketing mix as well as getting the most from SEO. We created the series of online resources to educate SMBs and get them to the top of their game which is why there’s a wealth of information at your finger tips to push you in the right direction and accelerate your website.

In a two weeks time UKFast will host yet another round table, the topic; PCI Compliance. We can guarantee that the conversations that flow on that afternoon will be too good to forget about, so make sure that you keep your eye on the entrepreneur prize and watch out for the round up at the end of July.

Sleep with one eye open there are exciting things coming your way.

http://ukfast.tv/round-tables.html

MAP 5.0 is a tool designed to simplify IT infrastructure planning processes via automated discovery and assessments of network-wide devices. It performs an inventory of heterogeneous server environments and in addition will gather usage information for Windows operating systems, SQL Server and other MS software products. Migration assessment tools also allow for planning with regards to moving from previous technology versions to the latest versions.

What’s new with MAP Toolkit 5.0?

• Heterogeneous server environment inventory
• Software usage tracking for Windows Server, SharePoint Server, System Center Configuration Manager, Exchange Server, and SQL Server
• Microsoft Office 2010 readiness assessment
• SQL Server discovery and assessment for consolidation
• Windows 2000 Server migration assessment

More information on this tool can be found at the MS technet site here.

MC.

David Porter from the Association of Electricity producers has cautioned however, that private investments are absolutely essential if this goal is to be met.

He said in a letter to the Financial Times this week, that in order to generate the required investments into the low-carbon energy initiative, ministers need to ensure that a clear governmental plan and secure infrastructure are in place, and are widely understood.

Porter said, “The Government has to deliver a credible framework that supports this massive long-term investment.”

At UKFast we have long been aware of the importance of sustainable energy and are working hard to unite our power hungry industry with an ecologically responsible approach to energy consumption.

In September last year, our team made huge strides in our commitment to an ecologically friendly future by signing a deal to create a green data centre of our very own. This will include an ‘intelligent free cooling’ system which will utilise the external climate to reduce energy consumption along with Ecoservers to providing top quality hosting whilst using less energy than ever before. However we recognise that we have a long way to go to become a carbon neutral business.

Years ago we introduced paperless invoicing and recycling to our offices and earlier this year we set out our sustainability project from now to 2015. So right now we are researching wind and water turbine energy resources. Throughout this year we are planting 20,000 trees in and around our staff training facility Castell Cidwm and plans are well underway for a number of reservoir preservation projects.

Search engine giant Google, has now also amped up its sustainability projects, announcing an agreement this week to purchase 114 megawatts of wind power capacity per year for 20 years from NextEra Energy Resources.

A Google spokesperson commented on the agreement, promising that the company’s green investments will not be limited to wind power.

In order to celebrate similar eco-initiatives among UK companies, our annual Digital Entrepreneur of the Year Awards which will be held on the 1^st December, will specifically celebrate the success of the UK green innovator of the year.

If you would like to find out more about this, or any of the awards on offer, check out the DEA website.

Following the clamp down at Manchester United FC, Coronation Street cast members have become the latest high-profile employees to be banned from social media websites, as North West businesses take a tougher stance on Twitter and Facebook.

While the Red Devils decided to take preventative measures by banning their team from social networking sites and taking control of all player profiles, Coronation Street has made the set a ‘mobile and tweet-free zone’. Although the move has been linked to a number of storyline leaks, cast members have also been threatened with disciplinary action for posting inappropriate photos that would portray The Street in a bad light.

Considering that marketing campaigns and even elections can now be won and lost through social media, are these measures a little draconian in a modern, technological age?

Certainly, at UKFast it is our job to encourage our employees to use social networking sites such as Twitter. After spending time developing a strong community culture, we can be confident that they will reflect our brand and company ethos both inside and outside of working hours. By being united on a common goal we can deliver a unified message and make sure that everyone is Tweeting from the same page.

Just as Twitter and Facebook enable stars from the screen and the sporting world to connect with their fans and make them appear more attainable to the average supporter, social media is invaluable for a customer-focused company like ours. Enabling us to communicate directly with customers and clients alike, social media is an important tool for transparency and businesses must not be afraid to let their employees loose on it.

For around 20 minutes the service disruption was intermittent for users, causing confusion in relation to the actual problem. Websites were loading slowly or timing out, while businesses logging into web based applications are likely to have lost connection.

Neil Lathwood our IT Director here at UKFast, was quick to recognise the problem, having analysed traffic graphs on the LINX website. At approximately 14.45, traffic on the graphs dropped off considerably as LINX was able to re-route services through an alternative stable channel.

“Because we manage the hosting for mission critical websites day in day out, we were initially inundated with calls from clients worried about their services,” says Neil. Our team have had to explain that the connectivity issues people are experiencing have no bearing on the stability of their hosting solutions which remain online and available.”

Neil noticed that the phones stopped ringing with such ferocity at the point that the traffic graphs dropped – showing that users had been redirected and were now able to once again access their services.

One of the world’s largest exchange points, LINX is used by many connectivity ISPs across the UK. So a great many businesses and consumers connecting to the internet through a UK ISP are likely to be affected today.

However, a little known tool from Microsoft does speed this process somewhat, zipping up all data and settings in to a single file which can be transported to your new server running IIS7 and imported in very few clicks.

Hopefully something which will make all our lives a little easier – especially if you aren’t already with us and are looking to move to the fastest network in the UK!

For information on the migration tool see: http://www.iis.net/download/WebDeploy

MC.

The first blog in this series hopefully provided a brief overview of the ISO27001 accreditation. In this post we shall deal with some more specifics of this certification and explain what your hosting provider will have done to earn this recognition.

Checking accreditation

You should first ensure that an organisation is fully accredited to the ISO27001 standard by checking the organisation’s’ ‘certificate of registration’ which should have been issued by an umbrella body of auditors on behalf of UKAS.

UKAS approval

UKAS stands for the United Kingdom Accreditation Service and you will need to check that the ‘Certificate of Registration’ is UKAS approved.

UKAS is the sole national accreditation body recognised by UK government to assess, against internationally agreed standards.

Accreditation by UKAS demonstrates the competence, impartiality and performance capability of these evaluators.

Verifying the UKAS ISO27001 accreditation should be simple, as accredited organisations should have the UKAS logo, the name of the auditors and the unique certificate number clearly printed on any literature.

Using the unique certificate number and the details of the umbrella body auditors, it should be relatively simple to confirm the validity of the accreditation, as most reputable bodies will allow you to validate a certificate via their website.

‘Scope of activities’

Every ISO certificate of registration requires a “statement of scope”.

This explains what operations, departments, physical locations, individuals and business practices are included as part of the external audit.

Some organisations may choose only to include a limited aspect of their business operations in to this statement of scope. Obviously in relation to physical and logical security relating to information from a service provider this may be a cause for serious concern.

It might be that an information processing facility is included within the scope and is assessed to meet the standard but that the support, sales and operations departments of an organisation are purposefully left out of the statement and therefore may represent a serious vulnerability or risk to information assets.

To this end it is critical that the scope of the hosting provider’s certificate of registration is inclusive of all aspects of the organisation’s operations.

Keep your eyes peeled for our third and final blog in this series, where we will be explaining how to ensure that your organisation is as compliant as possible with the ISO27001 standard even if you have not received this accreditation.



After the coalition government abandoned plans to roll out nationwide broadband fibre in its emergency budget, BT has now revealed that the actual cost to realise the government’s vision would be around £2bn.

With the cost of delivering basic broadband in rural areas also expected to rocket, there is little money, except for the £175m allocated from the Digital Switchover, to fund the roll out.

Consequently, Culture Secretary Jeremy Hunt has suggested that a more realistic target for achieving universal 2 Mbps access will be in the lifetime of the Parliament rather than 2012 as originally suggested.

Unfortunately without the suggested £2bn, Britain can only expect to fall further behind Scandinavia, Germany and the Netherlands in the super-fast broadband league if someone doesn’t step in.

Supporting the results of our recent round table on Building Online Britain, the government is therefore placing the onus on the industry to drive this forward. Although industry experts decided a collective approach is better for growing the UK’s online offering, it was widely regarded that businesses, entrepreneurs and educational institutions should be left to develop things with little government input.

Despite firms like Rutland Telecom taking the initiative and raising money from householders to improve broadband services, resistance from BT et al means that it may be an uphill battle to reach the two million homes needed though.

This first blog in the series will act as an introduction to the certification, whilst in part two we shall be examining the accreditation in more detail.

In our third and final blog we will explain how you can ensure that your organisation is as compliant as possible with the ISO27001 standard even if you have not received this accreditation.

What does it really mean that a hosting provider is ISO27001 accredited?

Finding a hosting provider with an ISO27001 accreditation means that you can feel safe in the knowledge that that organisation is committed to information security at every level.

In order to earn this official recognition, a company has to be exhaustively audited by an independent third party against exacting and detailed standards.

That organisation will have identified ‘information assets’ within a specified ‘scope’ and assessed the risk to each in relation to confidentiality, integrity and availability.

‘Risk’ is scored by assessing the impact of an event occurring against the likelihood that such an event would take place. In order to earn the accreditation, a hosting provider will have employed controls to reduce this risk to an acceptable level.

Can my organisation be ISO27001 accredited by association?

If your hosting provider is ISO27001 accreditaed, this unfortunately does not mean that you are also accredited by association.  However, any services exclusively managed on your behalf, by the provider, are operated in compliance with the ISO27001 standard.

The areas not compliant with the ISO27001 standard are those actions and procedures conducted independently by your organisation.

Are all ISO27001 accredited providers equally qualified?

It is important to understand that not all ISO27001 accredited providers are equally qualified.

There are a number of accreditation details which are important to bear in mind:

• Is an organisation accredited / registered?
• If they are a UK based organisation is the accreditation UKAS approved?
• Can you independently verify the ISO accreditation via the independent auditors using the unique certificate number?
• What are the ‘scope of activities’ included within the organisations accreditation?

In parts two and three of this series of blogs we shall look at each of these aspects in more detail.

3 have a severity rating of critical and an exploitability index rating of 1 - see below for deployment priority and severity/exploitability charts.

Following on from the previous posts, we are expecting reboots for Windows Server 2003 and Windows Server 2008 R2 due to  2 of the updates released to be automatically installed this week (MS10-042 & MS10-043).

MC.

(as usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)

Around the table were a selection of the North West’s business leaders representing some of the UK’s heavyweight companies, from DLA Piper themselves to RBS, KPMG and Bruntwood. The regions public sector was there in the form of the NWDA and the Central Salford Urban Regeneration Company, while NW Entrepreneurs were given a voice by Lawrence and Richard Btesh of Chess (Fast growing telecoms company).

The session took a look at the government’s emergency budget and the state of the economy.

What was interesting was that it became apparent that the flurry of business activity taking place in the SMB sector is largely being missed by the majority around the table. We quickly realised that Lawrence’s viewpoint as a hosting provider gives him an insight that is more privileged than initially thought.

The general concensus around the table was that the economy is lifting but it’s going to take time and we all need to be patient. Lawrence was able to add his more optimistic thoughts off the back of the jump in productivity UKFast is seeing across the thousands of businesses on the UKFast network.

Because so many of the new projects and risks are being taken by businesses at the lower end of our economic scale, they appear to be below the radar of the large corporates. It was suggested that the larger businesses have to turn like an oil tanker in these times, while the UK’s small businesses are able to move quickly and flex their mini muscles to great effect right now.

The panel came to the conclusion that change is on its way and that it is the business communities responsibility to react positively in thought and action to encourage a swifter return to economic certainty.

You can view a couple of the videos from the event, with Lawrence’s thoughts on SMB growth and the community’s collective responsibility on the UKFast site.

All 4 are listed as at least ‘may require a restart’.  Of note:

• ‘requires restart’
  • 1 affecting Windows Server 2008 R2 .
• ‘may require restart’
  • 1 affecting Windows Server 2003 and XP.
  • 2 affecting MS Office products.

The ‘Microsoft Security Bulletin Advance Notification for July 2010′ page here should be referenced for detailed information on how these updates affect your servers or solutions when released on 13th July (as usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)

To re-iterate the end of support for MS products, Microsoft also remind customers that the following products have now fallen from mainstream support and customers should actively seek out either a supported operating system or the latest service pack in order to keep receiving necessary security updates:

• Windows XP Service Pack 2 will no longer be supported after July 13, 2010. Many customers are still on this version, so we encourage upgrading to Service Pack 3 or to Windows 7 as soon as possible.
• Extended support for Windows 2000 will also be retired as of July 13, 2010. After that time, we will no longer provide security or any other updates for Windows 2000.

MC.

Researchers have reported that every one of the sites examined in the study, has leaked some kind of private information either to tracking sites or to other social networking services.

With one eye permanently focused on all things internet related, UKFast spotted these shocking statistics last week as the results of the latest study conducted by Worcester Polytechnic Institute (WPI).

This research has analysed the practise of 20 social networks including the most popular sites; Facebook, LinkedIn, MySpace and Twitter.

Craig Wills, professor of computer science at WPI and a co-author of the study stated, “This initial look at mobile online social networks raises some serious concerns, but there is more work to be done.

“The fact that third-party sites now seem to have the capacity to build a comprehensive portrait of mobile online social network users argues for a comprehensive way to capture the entire gamut of privacy controls into a single, unified, simple, easy-to-understand framework.”

Of course this news comes just days after Facebook received a wave of criticism aimed at its own privacy policy.

The social networking giant has been slated for creating tools that make it easier to share user information with third-party web sites, as well as making its privacy controls too complicated.

In response, Facebook has announced that it will be offering new, simpler privacy controls. However, critics are still sceptical about the nature of these new tools and the extent to which they will increase user confidentiality.

The results from this latest WPI survey indicate that a unified approach to privacy is becoming an increasingly important priority for both industry experts and social network users.

Wills states that a cohesive approach to confidentiality would ensure that, “users make informed choices about their online privacy and feel confident that they are sharing their personal, private information only with those they choose to share it with.”

Due to the nature of our industry, at UKFast we are well positioned to understand and emphasise the importance data security in all areas of business.  Consequently we have recently applied for, and been awarded the ISO27001 accreditation for our information security systems.

We remain hopeful that the results from this recent investigation form an important stepping stone in the battle for a more transparent and cooperative approach to privacy issues.

David Smith, deputy commissioner at the ICO told the Infosec Security Conference that the NHS had highlighted 287 breaches since the end of 2007, most of which were breaches related to stolen data or hardware.

This accounts for more than 30 per cent of the total number of serious data breaches reported.

The NHS is the UK’s largest employer with 1.7m staff and is currently in the process of rolling out digital patient records. With this in mind, this latest news is rather concerning.

Most of the breaches (113) were the result of stolen data or hardware, followed by 82 cases of lost data or hardware.

So how is it that an organisation which insists that its third party IT service providers are ISO27001 certified can be responsible for a third of all data breaches in the UK?

To be truly effective, an Information Security Management System (ISMS) must be simple, usable and clearly communicated throughout the organisation in which it is employed.

In addition, responsibility and ownership of assets, policies and procedures must be clearly dictated and controlled at the highest level, to ensure disciplined adherence to the standards.

As the NHS itself is not ISO27001 accredited, some would argue that it may not be fully aware of the standards requirements and therefore there is little chance of the information security approach being effective.

So what is the information security approach of the NHS?

A good question and one that I am not even sure the NHS can answer.

It seems that the NHS may have assumed that in appointing ISO27001 certified third parties to conduct and manage certain services on their behalf, this will ensure the security of their information, data and information assets.

Unfortunately for the NHS, there is no such thing as accreditation by association.

The scope of the NHS’ information security assets is vast. As mentioned previously, the NHS is the largest employer in the UK and as with most modern organisations the majority of these employees will have access to some form of information processing asset.

Herein lays an enormous vulnerability to information security that is currently not being adequately controlled.

As these staff are not controlled by a NHS ISMS that dictates and controls an approach to information assets and regularly audits such controls to ensure that they are effective; each NHS employee presents an unregulated risk to NHS owned data.

Hence the frequency and nature of such data loss should come as no surprise.  NHS data put into the trust of an organisation that runs an effective ISMS and is certified ISO27001 compliant should be considered secure.  However, as soon as it is re-introduced into the realm of the NHS, there is absolutely no way that this will remain the case.

It is an unenviable task given the size of the organisation, but a coordinated approach must be adopted to secure the information within the NHS as an organisation.

I for one have opted out from plans to digitise patient records, not because of some civil liberties rant or fear of a ‘Big Brother’ state but because the risks to confidentiality, integrity and availability are uncontrollable under the current NHS information security model.

No – not a revival of the 80′s British dance act but a new release from Microsoft ….

IIS Express is a lightweight installable version of the popular web hosting platform Internet Information Services (IIS) 7, which can run on XP and above operating systems. 

Features and benefits include:

Beta to be released shortly and more detailed information available over at Scott Guthrie’s blog.

Let’s hope its a chart topper….

MC

As grandparents join social media sites as a new way to connect with their family and friends, the presence of over 50s online has resulted in a five per cent increase in the total number of UK online users.

With 14 million images uploaded to Facebook every day, social networking sites have become a valuable resource connecting older generations with the outside world.

Behind community sites, the 50-plus internet audience is also interested in health and videos online, with RealAge and Flixxy possessing the largest market share, according to the recent study.

In the research by UKOM almost two million more Britons were shown to have gone online since May 2009, totaling 38.8million. While men over 50 were found to show the largest growth, accounting for 38 per cent of all new users, women over 50 represented just 15 per cent of new users followed closely by women aged 21- 34 (14 per cent) and females aged between 12-20 (12 per cent).

As this study demonstrates the increasing value of the Grey Pound, a number of industries, in particular travel, are already showing a desire to take advantage.

It’s interesting to see that integrating search in particular to the overall strategy is something that the UK’s biggest businesses also see as a challenge.

The IAB’s Search Marketing Barometer 2010 interviewed 140 marketers across 91 of the top 100 advertisers in the UK. Nearly all of them believe that there is work to be done to properly integrate search into their overall brand strategies.

60% of them put this down to a lack of digital understanding from many of their marketing professionals/agencies. Despite this, 58% were intending to increase spend on search and 72% felt that no matter what they were able to spend it would not be enough to fully capitalise on this form of marketing.

Jack Wallington, the IAB’s head of industry programmes feels that a knowledge gap is emerging as search transitions into a new form and it is the duty of agencies, search engines and marketing industry bodies to educate brands with the knowledge they need to understand the medium.

Naturally, the knowledge gap offers excellent education based marketing opportunities for agencies and the like to attract new clients and create new revenue streams. However, at UKFast we have always found that the best way for a brand to understand more about a form of advertising is to get involved – rather than go and seek advice. After all, the experts are becoming experts in real time as they devote their resource to understanding the form.

It’s far more powerful for a business going forward to have an expert within, rather than have to outsource the need. We’re lucky to see the activity of thousands of businesses online. Talking to many of our dynamic clients the feeling is that knowledge is most certainly power when it comes to search marketing and gaining that knowledge and keeping it for yourself offers in incredible advantage over the competition.

The Times is taking a tiered approach to the paywall. Currently, it does not cost us to read news from the site, but we must register. Already this is causing a fairly substantial drop in traffic according to the data collected by Hitwise, the Experian owned web monitor.

Early indications suggest that the site, which has always ranked in competition with rivals like the Telegraph and the Guardian, has in a matter of weeks lost visitor share to fall into line with less busy websites such as the Independent, the Mirror and the FT. A steady decline over the last two weeks has seen the sites traffic share reduce by more than 50% in comparison to its position at the start of this month.

Looking at the data, the Telegraph appears to have benefited from the new registration process the most out of the other dailies. Although, downstream data from thetimes.co.uk shows that a quarter of all traffic is going direct to register. The question is – how many of those are completing the process and going on to read the news and how many of these will be willing to continue doing that when they also have to pay for it?

It will be interesting to see whether further developments drop the Times below the FT.com which already has a paywall in place for much of its news. The FT being more niche in its content could have the upper hand.

We’ll keep an eye on this and let you know more results once the paywall has gone in place.

While green IT and the National Programme for IT took a back seat in George Osborne’s economic plans, the IT industry has emerged relatively unscathed from the coalition’s first budget.

IT entrepreneurs in particular look to benefit from an increase in their tax free income allowance, as the government hopes to combat public spending cuts with tax breaks for the private sector. A concern close to our own hearts, these tax incentives will help to keep talent in the UK and compete on a global level. The commitment to review tax regulation around intellectual property and technological research and development will also enhance the competitiveness of the UK.

Additional positive effects of the Budget will see the capital gains tax rate of 10 per cent for entrepreneurs extended from the first £2million to £5million. North West start ups will also enjoy a holiday from national insurance contributions for their first year of business for the first 10 employees.

Chancellor George Osborne has confirmed that the 50p a month landline tax will also be scrapped with the onus for rolling-out super-fast broadband placed back on the private sector.

Despite an obvious focus on encouraging growth within the industry over the next five years, the Chancellor did announce that the Northwest Regional Development Agency will have many of its powers stripped in lieu of a new ‘local enterprise partnership’. Private sector initiatives such as UKFast’s ‘Growth Through Innovation’ scheme will therefore become more important than ever for aspiring SMEs.

A recent report from Juniper Research has revealed that revenue from mobile applications will exceed $25bn (£16.7bn) by the year 2014.

At the end of 2009 the app market was worth only $10bn (£6.7bn), however astonishingly this is expected to more than double in the next four years!

At UKFast, as leading hosting providers we’re lucky enough to have a unique viewpoint of the online marketplace.

We have noted a significant increase in the demand for apps over recent months as well as a clear rise in the number of start-ups looking to profit from the coming boom in the application industry.

The report from Juniper shows that in the long term operators will benefit predominantly from data revenues associated with app usage rather than initial retail prices.

In-app billing, which allows for value added services, will replace initial download costs as the main revenue stream from mobile apps by 2011 according to the study.

Dr Windsor Holden, the author of the report, states “data revenue growth is dependent upon operators embracing policies which enable open access – a policy which also involves facilitating app stores which compete with their on-portal offerings.”

The study forecasts that Game apps will continue to dominate the market for the foreseeable future.

However, our team at UKFast believes that business based offerings should not be discounted in the race for leading mobile apps. The opportunities offered by such tools have yet to be fully explored.

We have long believed that mobile applications are the key to unlocking a new level of business efficiency.

In light of this, our R&D team has been hard at work for some time developing a series of new and exciting applications that will allow users easy access to our ‘client area’ tasks through their mobile phones.

As the application market booms, we maintain that business owners should consider the increased efficiency and thus improved productivity that can be offered through mobile applications.

The report, which was carried out by analysts Verdict and Ovum, shows that mobile transactions accounted for a measly 0.6 per cent of total online spending in 2009, but that this will have increased twofold by 2013.

As always, we have been keeping an eye on all things mobile here at UKFast and have certainly noticed the boom in mobile device development.  It is therefore no surprise, that the statistics for “m-commerce” are looking so optimistic in correlation with recent product development.

£21.2bn was spent online in the last year alone; however of this, only £122.9m was spent using mobile phones.  Astonishingly, in the next four years this figure is predicted to reach a staggering £275m!

It seems that retailers are already reacting to these growth predictions for mobile sales.

Marks and Spencer has recently launched a mobile version of its website, whilst Ocado has created an Android app to add to their existing iPhone offering and widen their mobile shopfront.

On the back of their research, the experts at Verdict and Ovum are confident that the next step for ambitious online retailers is to specifically focus upon developing comparison tools for consumers.

Senior analyst at Verdict Research, Malcolm Pinkerton stated, “Consumers are not spending significant amounts via mobiles and, for now, we believe the true potential for m-commerce is to provide consumers with a valuable tool for research, comparison shopping and retailer interaction.”

And it seems that Pinkerton’s predictions do fall in line with the growth plans of certain online businesses. Retail giant Argos for example, is currently topping iPhone app charts with its tool which focuses upon product comparisons based upon pricing and availability.

If Verdict and Ovum are correct, it seems that we will be seeing more and more retailers focusing upon the development of comparison applications which are easily accessible on mobile devices.

Currently apps such as “Shopper” and “CompareMe” are topping the charts in this arena; however businesses such as Amazon are hot on the heels of independent applications and are clearly looking to cash in on this newly created niche for mobile devices.

Whichever path retailers choose to take however, these new statistics certainly show that mobile applications will become increasingly big business for online retailers within the next few years.

3 have a severity rating of critical and an exploitability index rating of 1 - see below for deployment priority chart.

Following on from the previous posts, we are expecting mandatory reboots for 2 of the updates released to be automatically installed this week (MS10-035 & MS10-032).  Both of which affect pretty much all commonly deployed Windows operating systems (see links above for details).

All remaining updates are listed as ‘may require restart’ which commonly means that they will indeed require a restart.

MC.

All of these are listed as at least ‘may require a restart’ with 2 listed as ‘requires restart’.  The 2 requiring a restart do affect Server operating systems.

Also, the June bulletin addresses the previously advisory regarding sharepoint (983438), and this will now be closed.

The ‘Microsoft Security Bulletin Advance Notification for June 2010′ page here should be referenced for detailed information on how these updates affect your servers or solutions when released on 8th June (as usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)

To re-iterate the end of support for MS products, Microsoft also remind customers that the following products will end mainstream support NEXT MONTH:

• Windows XP Service Pack 2 will no longer be supported after July 13, 2010. Many customers are still on this version, so we encourage upgrading to Service Pack 3 or to Windows 7 as soon as possible.
• Extended support for Windows 2000 will also be retired as of July 13, 2010. After that time, we will no longer provide security or any other updates for Windows 2000.

and for products recently ending support:

• Windows Vista RTM is no longer be supported as it has passed the April 13, 2010 returement date. Service Pack 1 will still be supported until July 12, 2011 but we recommend customers update to Service Pack 2 or Windows 7 at this time.

MC.

New research by website optimisation software firm Aptimize has shown that websites of even the top UK brands are lagging behind their US counterparts in terms of speed. With Google’s recent announcement that speed will be a factor in the ranking algorithm this is a worrying statistic.  As well, web users are now spending more time on social networks than before, which means online businesses and ecommerce sites are losing out on their precious surfing hours.  At a time when the UK economy needs a kick-start not a slow-down we should be responding to these failings.

This week marks the official launch of Building Online Britain at UKFast.

Building Online Britain is a project run by UKFast which aims to help UK businesses achieve more from their websites through speed and innovation.  UKFast has made a £1million pound Growth Through Innovation (GTI) fund available for website owners to increase the speed of their website in order to compete more effectively in the marketplace.  We hope that through this fund thousands of UK businesses will accelerate their success online.

Access your £1000 website acceleration fund here.

UKFast will partnering with other organisations to research and promote a better online environment for UK businesses, focussing on aspects such as speed, security, service and innovation.  If you would like to get involved please contact the campaign team on buildingonlinebritain@ukfast.co.uk.

It comes as no surprise then that we have just been awarded the Number One spot as most Fun and Friendly Office in the UK. The news was published by the Financial Times yesterday in the Best Workplaces 2010 list which is compiled by the Great Places To Work Institute.

Our people are not only creating a culture of enjoyment within UKFast but through this a culture of achievement and the company is growing at an exponential rate with more like minded individuals.  In the same awards UKFast were ranked 5^th for outstanding Learning and Development in the UK and it is this background of growth that fuels the atmosphere in the office.  A team that feels well-equipped and confident in carrying out their role will also feel satisfied in their work.

So congratulations to the whole team who themselves have created the Friendliest Office in the UK!

RAMMap by Sysinternals presents data in a compact windows application within a series of tabs:

The application runs on Vista/Server 2008 OS and later and is available for download & install here as well as click and run live here.

MC.

Both have a severity rating of critical and an exploitability index rating of 2 - see below for charts of vulnerability and severity.

MS10-030addresses an issue on operating systems installed with mail clients such as Outlook express, Windows Mail and Windows Live mail. As such, not all OSes are affected – Windows 7 and Server 2008 R2 do not have a mail client installed as default.

MS10-031addresses a vulnerability in Microsoft Visual Basic for Applications (VBA).  This is specific to VBA SDK 6.0.  On affected systems software should be recompiled and redistributed once the update has been applied to ensure this remote code execution vulnerability is removed.

The ongoing sharepoint security advisory (983438) is available for those affected and covers workarounds to cross site scripting (XSS) vulnerability.

As echoed in the last two security bulletin posts, MS are taking Windows XP SP2 to end of support on July 13th, 2010 and Windows 2000 is retired on the same date – the latter meaning they will provide no further security updates, potentially leaving production versions of the operating systems vulnerable if not update to a later OS.

MC.

What is not necessarily understood by the less technical amongst us, myself included, is what the published features mean and what they allow you to achieve. At UKFast, we provide Cisco ASA Firewalls only, and so these are what I will focus on. The table below shows an excerpt from the comparison table Cisco publish and the feature set of each firewall:

*Maximun IPs provided by UKFast dependent on solution.

Maximum Firewall Connections – the maximum number of connections the firewall can handle at any time. Buy websites and application will push the limit on the connections.

Maximum Firewall Connections per Second – the maximum number of new connections the firewall can accept per second.

Maximum VPN Sessions – number of VPN connections that can be in operation at 1 time.

Maximum VLANs – VLANs allow a single firewall to appear like a number of firewalls – like virtualising a dedicated server into a number of virtual servers. Having the ability to configure a number of VLANs allows for increased solution security and provides the ability to provide different access lists and port security on database servers than you have on web servers, for example.

Failover Upgrade Available – A “Yes” identifies that by buying 2 units, failover is possible.

IPS Upgrade Available – All Cisco ASA firewalls now support being upgraded to include IDS/IPS.
Maximum IPs – The number of IPs that can be protected by the firewall. A solution with more than 10 servers or using more than 10 IP addresses (for SSL certificates, for example) would need to be upgraded from using the base ASA 5505 model.

Definitions

• 5505 UL = 5505 Firewall with Unlimited User Licence upgrade installed
• 5505 SP and 5510 SP = Version of firewall model with Security Plus Licence upgrade installed
• VPN = Virtual Private Network
• VLAN = Virtual Local Area Network
• IDS = Intrusion Detection System
• IPS = Intrusion Prevention System

In addition to the bulletins Microsoft also announced that in the wake of the recent security advisory regarding sharepoint (983438), they will not be releasing an update in the May bulletin. MS Teams are still working on an update for this issue and recommend reviewing the advisory for advice.

The ‘Microsoft Security Bulletin Advance Notification for May 2010′ page here should be referenced for detailed information on how these updates affect your servers or solutions when released on 11th May (as usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)

To re-iterate the end of support for MS products, Microsoft also remind customers that the following products will end mainstream support shortly:

• Windows XP Service Pack 2 will no longer be supported after July 13, 2010. Many customers are still on this version, so we encourage upgrading to Service Pack 3 or to Windows 7 as soon as possible.
• Extended support for Windows 2000 will also be retired as of July 13, 2010. After that time, we will no longer provide security or any other updates for Windows 2000.
• Windows Vista RTM will no longer be supported after the April 13, 2010 bulletin release. Service Pack 1 will still be supported until July 12, 2011 but we recommend customers update to Service Pack 2 or Windows 7 at this time.

MC.

Egypt, Saudi Arabia and the United Arab Emirates are the first three countries to benefit from this advancement, while web addresses in Chinese, Thai and Tamil are soon to follow.

The new development is not an attempt to alienate Latin alphabet countries from areas of the web but a move to secure one web for all. Before ICANN allowed the country code top level domains system (CCTLDs) to go ahead there were fears that language specific mini internets might begin to be created, compartmentalising the internet and removing entire nations from the world wide web.

This latest move has been intimated by some as ‘the most significant day’ since the internet began. This is quite a statement considering the incredible growth and development of the net over the years.

More so, it feels like natural progression. As we move into Web 3.0, we have read the web, we’ve had Read/Write and now the net is about ‘Read, Write and Control.’ Interaction and inclusion are drivers behind the way the web has developed since the dawn of social networking. The advent of Control is about allowing users to choose how they engage in the global community and country code URLs are another step towards this.

Following its influential role in Barack Obama’s 2008 US election campaign, the key party leaders have all identified Facebook, Twitter and YouTube as ways to engage new voters.

From The Conservative Party’s ad takeover of the YouTube homepage today to Labour’s application which enables supporters to update their Facebook and Twitter status, this general election has identified how important this new medium is to political campaigning.

While the first ever election TV debates drew audiences in excess of 10 million, social networking has engaged audiences on a global scale providing a critical arena where politicians are questioned directly by those entering the polling stations and not just in the studio audience.

By identifying online opportunities through their media specialists Windfall Media, the Liberal Democrats (who boasted the most Facebook friends) felt they were able to better understand the online audience and their needs. As a result of listening to voters through blogs, forums and micro-communities, ultimately they felt more able to convey their message. Whether they have done this effectively remains to be seen…

Of course with the benefits social media has brought there have also been repercussions, with candidates falling foul of inappropriate tweeting and the immediacy and transparency social media offers.

Fundamentally, as users become increasingly concerned with engaging with each other, and disinterested with the political parties who represent them, Twitter and Facebook have given the power back to the voters and now must be an essential part of any election campaign.