Out with LiqudSky, in with @Paperspace

Those who follow me on Twitter know I have, in the past, been a big fan of LiquidSky for cloud gaming. What I’ve found over time, however, is that I can no longer support that platform. I’ve officially cancelled my subscription and been using a new platform – Paperspace and Parsec – for several months now. The reasons for the change are straight-forward, and could have been addressed by LiquidSky before I jumped ship, but were not.

First, a note on what cloud gaming is: Basically, cloud gaming is simply a desktop hosted with a cloud provider close enough to you physically to provide a very low latency streaming experience. Streaming allows you to see the video and hear the audio of the desktop in much the same way as you watch movies and TV online. Low latency allows your clicks and keyboard input to happen on the remote desktop in close enough to real-time that it feels real-time. Both are required for cloud gaming because you need to react to what’s happening on the screen as it happens (you see an enemy, you react and shoot, or hide, or dodge, etc.). This is insanely difficult to accomplish, as most streaming systems like Netflix are designed for one-way communication. They send the data to your browser or set-top box and that’s all they’re worried about. With gaming, input matters, and therefore latency is a both sending and receiving input is something that must be dealt with. Just having a remote desktop connection doesn’t work – latency might be low enough to stream the desktop to you, but not anywhere near low enough for quick reactions to be recognized by the desktop itself in enough time to be useful.

Another issue is that most cloud platforms are geared toward commodity compute – basic CPU and RAM functions – and not for graphics. This means that while some games will run, those that require dedicated graphics cards (GPU) will not – ruling out the use of nearly all major games you’d want to play. GPU-focused cloud instances exist, but at a huge premium in price, and latency is still a massive issue with those.

Cloud gaming works to solve both issues by accelerating networking to allow for reasonably low latency, and offering GPU-enabled cloud desktop instances with sufficient resources to play the games you want to play. It’s a balancing act, and tricky to get right, but a few companies have managed to do it. For a Mac person who likes to play big-name games (which are typically Windows only), cloud gaming is a dream that’s just now starting to come true.

So less address why I made the switch:

1 – Mac Support: LiquidSky originally had a great Mac client. It wasn’t perfect, but they were working on correcting the few issues that there were there and making it better. Then LiquidSky 2 launched without a Mac client at all. Over the remainder of 2017, we Mac users patiently waited for the next-generation Mac client, but to no avail. Update after update of the Windows client came, and an Android client finally launched, but the Mac client continued to be listed as “coming soon.” As one of the major uses of cloud gaming is allowing Linux and Mac users to play these games, this is inexcusable. The Windows client can be used on a Mac with virtualization or emulation (things like vmWare Fusion and Wine), but this requires a level of technical expertise that is beyond the majority of users – and doesn’t provide a pleasant user experience at all.

Paperspace has had a Mac client since day one of their GPU-enabled gaming desktop services. It works, and it works very well, and they’re continuing development of the platform as they move forward to make it even better. They partner with Parsec to minimize latency and maximize the gaming experience overall, and they provide complete and easy-to-follow instructions on how to install and use these tools that anyone can follow.

2 – Latency: LiquidSky has continued to get worse and worse on this front as it gets more popular. While I’m happy they’re getting more users, they’re not scaling properly to allow for the increased user base to get a good experience when they play. Overburdening of their systems is taxing their networks, causing lag that makes playing many games impossible, and most games just plain unpleasant. Even using Wine to jury-rig their client into working on a Mac, visuals are “muddy” and reaction is sluggish and painful most of the time.

Paperspace keeps their networks and platform robust as it grows. It’s not perfect – there are periods of peak activity that definitely cause hiccups, lag, and some muddiness; but they’re far fewer than I ever experienced on LiquidSky and seem to be kept short. You’ll get a few seconds of sluggishness and stutter, and then you’re back to the great desktop experience you want.

3 – Billing Experience and Support: LiquidSky just doesn’t seem to care about its customers. It pains me to say that, as this is completely different than the experience I had when I started using their service. Customer support used to be fast, efficient, and friendly. Now, it seems that they respond when they feel like it, if at all, and basically always answer with “we’re working on that.” While this answer is perfectly acceptable when a new platform launches or a major overhaul has been rolled out – that period of acceptability ended several months ago and the attitude has continued nonetheless. Billing is painful, as it is handled by a 3rd-party entirely now and not even visible on the LiquidSky site. The shift from the ability to use unlimited accounts to everyone using a points system to rent access by the hour is even more confusing; and poorly explained. Let me be clear, they needed to raise their rates – no one could hope to grow and expand with the numbers they were offering – but make it easy for people to figure out what they’re paying for. Use real-money for the per-hour fees, not a conversion first to points and then to different amounts of points for each of the sizes of machines that can be run.

Paperspace has two billing options: per-hour fees in real money and unlimited plans at a fixed amount of money per month. They do charge far more than LiquidSky for unlimited accounts, but they are available and a decent value indeed for those of us who spent a lot on our Mac or Linux desktops and do not wish to buy a Windows machine with that much horsepower just to play games. Billing is handled by Paperspace and all options are available from their own website so I can manage my account quickly and easily. Support is stellar! Paperspace requires the use of a 3rd-party service called Parsec to play games (it mitigates many of the latency issues and handles things like controller support). I have been able to get help on Parsec from Paperspace directly, even though it isn’t their code or product. Paperspace always replies quickly and in a friendly manner.

All-in-all, LiquidSky seems to have totally lost the plot when it comes to cloud gaming. They shifted their focus to gaining more users as fast as possible by offering free credits for watching ads, but didn’t plan well to handle the influx of users that brought. They lost focus on their customers and service and support suffered. They’ve outsourced their billing to a 3rd-party and detached themselves from that process, and made the new purchase plans confusing and complex. Finally, they’ve stabbed their Mac customers in the back by focusing so heavily on Windows. I do understand that the vast majority of the gaming market is Windows, so this isn’t an un-sound business decision on their part. That being said, they had a fanatically loyal user base of Mac folks, who are now abandoning the service due to neglect. They did so as several well-known names like nVidia jumped into this space to compete for those same Windows and mobile users. So they’ve given up one advantage (a dedicated and untapped market) to maximize their effort in a crowded space against major household names. That’s not the best business plan.

Paperspace, with the help of Parsec, offers the total package. High quality services, ease of use, native clients on Mac, and reasonable prices. Note that cloud gaming is currently a very expensive proposition, with monthly fees averaging about US$200/month for unlimited use and per-hour fees being higher than for commodity compute uses. It is, however, worth it – especially for occasional gamers who just want to play one or two games that are Windows-only and therefore don’t need a monthly unlimited plan. It’s not perfect. Setup can be challenging, and not all hardware is fully supported (especially USB devices like gamepads and microphones for chat) – though that’s also the case for LiquidSky and not a Paperspace-specific issue. There are instances of network congestion, and minor nitpick issues, etc. Compared to their competition, however, they’re showing themselves to be leaders in the space of cloud gaming – giving big name brands like nVidia a real challenge and proving that they know what they’re doing and will get it done. They’re also proving themselves savvy businesspeople by targeting users who want the service and have found other platforms don’t get the job done. Mac and Linux users who want to play Windows games exist, and they spend money with companies that remain loyal to them – and Paperspace is going after that loyalty while retaining Windows customers – a recipe for success.

So give Paperspace a look if you’re gaming and not on hardware that can support those games well. No matter if it’s Windows, Mac, or Linux on your desktop, they can make your experience a lot better. Start with an hourly GPU instance and see if it meets your needs. You can always graduate to a monthly plan later if that will save you money. The Paperspace team will indeed be there to help you choose, help you get set up, and help you get back in the game.

Bailing S3 Buckets

Headlines are breaking out all over the last few weeks about high-profile data breaches caused by company databases and other information being stored in public Amazon Web Services (AWS) Simple Storage Service (S3) buckets. See here and here for two examples. The question I get most often around these breach notices is, “Why does anyone leave these buckets as public, and isn’t that AWS’s fault?” The answer is straight-forward, but comes as a bit of a shock to many – even many who work with AWS every day.

A quick refresher on S3

For those not familiar with S3 or what it is and what it does, basically S3 is an online file system of a very defined type. S3 is a cloud-based Object Storage platform. Object Storage is designed to hold un-structured collections of data; which typically are written once and read often, are overwritten in their entirety when changed, and are not time-dependent. The last one simply means that having multiple copies in multiple locations doesn’t require that they be synchronized in real-time, but rather that they can be “eventually consistent” and it won’t break whatever you’re doing with that data.

S3 organizes these objects into “buckets” – which would be the loose equivalent of a file system folder on more common operating system file systems like NTFS or EXT. Buckets contain sub-buckets and objects alike, and each level of the bucket hierarchy has security permissions associated with it that determine who can see the bucket, who can see the contents of the bucket, who can write to the bucket, and who can write to the objects. These permissions are set by S3 administrators, and can be delegated to other S3 users from the admin’s organization or other organizations/people that have authorized AWS credentials and API keys.

It’s not AWS’s fault

Let’s begin with the second half of the question. These breaches are not a failure of AWS’s security systems or of the S3 platform itself. You see, S3 buckets are *not* set to public by default. An administrator must purposely set both the bucket’s permissions to public, and also set the permissions of those objects to public – or use scripting and/or policy to make that happen. “Out of the box,” so to speak, newly created buckets can only be accessed by the owner of that bucket and those who have been granted at least read permissions on it by the owner. Since attempting to access the bucket would require those permissions and/or API keys associated with those permissions, default buckets are buttoned up and not visible to the world as a whole by default. The process to make a bucket and its objects public is also not single-step thing. You must normally designate each object as public, which is a relatively simple operation, but time consuming as it has to be done over and over. Luckily, AWS has a robust API and many different programming languages have libraries geared toward leveraging that API. This means that an administrator of a bucket can run a script that turns on the public attribute of everything within a bucket – but it still must be done as a deliberate and purposeful act.

So why make them public at all?

The first part of the question, and the most difficult to understand in many of these cases we’ve seen recently. S3 is designed to allow for the sharing of object data; either in the form of static content for websites and streaming services (think Netflix), or sharing of information between components of a cloud-based application (Box and other file sharing systems). In these instances, making the content of a bucket public (or at least visible to all users of the service) is a requirement – otherwise no one would be able to see anything or share anything. So leveraging a script to make anything that goes into a specific bucket public is not, in itself, an incorrect use of S3 and related technologies.

No, the issue here is that buckets are made public as a matter of convenience or by mistake when the data they contain should *not* be visible to the outside world. Since a non-public bucket would require explicit permissions for each and every user (be it direct end-user access or API access); there are some administrators who set buckets to public to make it easier to utilize the objects in the bucket across teams or business units. This is a huge problem, as “public” means exactly that – anyone can see and access that data no matter if they work for your organization or not.

There’s also the potential for mistakes to be made. Instead of making only certain objects in a bucket public, the administrator accidentally makes ALL objects public. They might also accidentally put non-public data in a public bucket that has a policy making objects within it visible as well. In both these cases the making of the objects public is a mistake, but the end result is the same – everyone can see the data in its entirety.

It’s important to also point out that the data from these breaches was uploaded to these public buckets in an unencrypted form. There’s lots of reasons for this, too; but encryption of data not designed for public consumption is a good design to implement – especially if you’re putting that data in the cloud. This way, even if the data is accidentally put in a public bucket, the bad actors who steal it are less likely to be able to use/sell it. Encryption isn’t foolproof and should never be used as an alternative to making sure you’re not putting sensitive information into a public bucket, but it can be used as a good safety catch should accidents happen.

No matter if the buckets were made public due to operator error or for the sake of short-sighted convenience, the fact that the buckets and their objects were made public is the prime reason for the breaches that have happened. AWS S3 sets buckets as private by default, meaning that these companies had the opportunity to just do nothing and protect the data, but for whatever reason they took the active steps required to break down the walls of security. The lesson here is to be very careful with any sensitive data that you put in a public cloud. Double-check any changes you make to security settings, limit access only to necessary users and programs by credentials and API keys, and encrypt sensitive data before uploading. Object Stores are not traditional file systems, but they still contain data that bad actors will want to get their hands on.

What is Ransomware, and how do I stop it?

I get asked this question a lot by folks from all over the tech industry and from non-tech people just as often. Ransomeware is not new, but several extremely high profile attacks (like the “NotPetya” attack in Europe earlier in 2017) have put the topic back on the front burner of most peoples’ minds. With that in mind, let’s take al look at how to answer the question “What is ransomeware, and how do I stop it?”

What is it?

Ransomware is a form of malware – software that is not wanted on your computer and does something detrimental to your machine or the data it holds. This particular form of malware is nastier than most, however. While many virus, trojan, and other types of malware will delete data; ransomware encrypts data on your disk, meaning the data is still there, but totally unusable by you until you decrypt it. The creator of the ransomware is effectively holding your data hostage for money.

Tech Note – Encryption:

Encryption is the process of manipulating the binary data of your files using a cypher of some form to make the data useless to anyone who cannot decrypt it with the appropriate key. Much like converting orders into code before sending them in a war zone, you can encrypt data to make it useless to anyone who doesn’t have the key. This technology lets us safely bank online, save data in the cloud, etc. and is not natively a bad thing to have.

Ransomware arrives as an email attachment, a “drive-by” download from a website (where you visit a website and are prompted to download an executable file), and sometimes it acts as a true worm which infects any computers near one which has fallen victim to the malicious code. Once the infection takes hold on a computer, the malware will look for certain types of files (most often documents, spreadsheets, database files, text files, and photos); and will then encrypt these files in such a way that they are unusable by anyone until the malware author provides you with the decryption key.

The malware creator will offer to send you the key if you pay them the amount of money they are demanding – typically via the crypto-currency Bitcoin. They’ll also provide handy information on how to obtain Bitcoin, and the current exchange rates between the Bitcoin currency and your local currency. These malware authors are of course not going to provide just the helpful information. Along with that info comes a warning that if you don’t pay them by a certain date, your data will become permanently un-decryptable and lost forever. You seem to have only two choices: Pay the ransom or lose your data.

What do you do?

First, don’t panic. The malware creators of the world rely on people getting freaked out and doing anything they say in order to make the problem go away. Take a deep breath, step away from the computer for a moment, and then let’s deal with things.

1 – DO NOT PAY THE RANSOM! I can’t stress this enough, and there are very good reasons why you should never pay the ransom no matter how tempting it might be. First, there is at least a very good chance that the malware creators won’t ever give you the decryption key. It’s depressingly common for malware authors to use ransomware as a tool to steal money; and once the malware is known about, internet service providers and security researchers take steps to remove the ability for them to actually get paid or send you the key anyway. Secondly, negotiating with bad actors only results in more bad actors. If an author of ransomware gets a ton of money from their victims, then other authors will see the money available and write more ransomware to get in on the act.

2 – Check online to see if the ransomware has already been broken. Especially for the older variants of ransomware, there is a chance a security research group has figured out what the decryption key is. Check with your anti-virus/anti-malware provider (Symantec, Sophos, etc.) and legitimate tech sites to see if the key has already been found and made available; and to get instructions on how to decrypt your files with it.

3 – If a decryption key isn’t available, then you will need to restore your data from backups AFTER you clean the malware off your system. Check with your anti-virus/anti-malware vendor or your company’s IT department to find out how to get your system cleaned up; and with your backup provider or IT team to get the last known good version of your files back.

How do we stop it?

Stopping ransomware is not easy, as a successful attack can gain the malware authors quite a bit of money. New variants are popping up often, and some of them can spread themselves from machine to machine once the first few machines are infected via email attachments, etc. So how can you help stop ransomware and make it less profitable for the authors?

1 – DO NOT PAY THE RANSOM! Seriously, this cannot be said often enough. Each time someone pays the ransom, another author sees that they can make money by creating their own ransomware and spreading it around the internet. The first step in stopping the spread of this malware is to make sure there is nothing for the criminals who create it to gain.

2 – Keep your Operating System (OS), anti-virus, and anti-malware software up to date. No matter what OS you use (Windows, Mac, Linux, etc.) you are susceptible to malware of various kinds – including ransomware. Make sure you are regularly updating any desktops, laptops, tablets, and smartphones with OS updates and app updates as they are available. Even if you don’t feel comfortable having the OS keep itself updated automatically, be sure you are manually updating on a weekly basis at least. If you don’t have an anti-malware tool (such as those from Sophos, Computer Associates, etc.), then go download one and get it installed. Keep it updated – either via the tool’s own auto-update feature or just manually checking for updates at least daily. While anti-malware tools cannot catch every single variant of every malware package, they can catch a large number of them and keep you safer than not having one at all.

3 – Back up regularly. Use a tool that stores multiple versions of your files when they change – like Carbonite (disclosure: I’m a Carbonite subscriber and used to work for one of their family of products) or other such tools. This way, if you do get hit with ransomware, you can clean your system and restore last-known-good versions of files that were lost.

4 – Practice common sense internet safety. Don’t open attachments in email messages unless you know exactly what they are, who sent them, AND that they are legitimate. If you’re not sure of all three things, don’t open it – get confirmation from the sender first. Don’t click links in email. Instead, go to the website in question manually in your web browser and then navigate to the information you need. NEVER accept or open any files that automatically download when you load a website. If you didn’t click on it, don’t accept it. Along with that, always go to the vendor page to get new software. For example, if a site says you need a new version of Flash Player, then go to http://get.adobe.com/flashplayer and check for yourself instead of clicking on the link or button.

Protect yourself from ransomware as best as you can by following common-sense internet safety rules, and keeping your system backed up. Never pay the criminals who are holding your data for ransom. Finally, spread the word that ransomware can be stopped if we all work together and take the right precautions!

Cloud Condensation

Photo Credit: PicJumbo
HNCK7272I made a prediction a couple of years back, and we’re beginning to see signs that it might just come true, a bit sooner than I expected, but still coming true.

The public cloud market is getting more and more crowded, to the point of saturation of the marketplace by hundreds of players of various and assorted sizes. Massive media attention has brought thousands of customers into those cloud platforms, at all different levels. The result is a highly segmented, nearly fractured, industry that cannot hold in its current form. The logical conclusion of this phenomenon – to use a term coined by a co-worker of mine – will be “Cloud Condensation,” and we’re already beginning to see it.

Cloud Condensation is the phenomenon of public Infrastructure as a Service cloud shrinking and creating two types of fallout:

1 – Through mergers, acquisitions, and corporate collapse; fewer public cloud companies will exist, and

2 – Companies who had begun to move resources to public cloud will reduce the amount of resources they place there, and in fact will begin pulling back many of those resources into private datacenters and/or traditional co-location facilities.

This is not to say that cloud itself will disappear – far from it. The cloud principle is strong and will continue to grow and expand over time. Cloud Condensation simply refers to the mind-shift of moving from public cloud to private or on-prem cloud platforms. There are also a lot more types of cloud platforms than just IaaS, and public SaaS and PaaS continue strong growth.

We are, however; seeing the beginnings of Condensation in public IaaS, and there are a few strong indicators that it’s happening:

– HP dropped Helion Public Cloud late in 2015. While they will continue to focus on HP Enterprise Cloud (their private cloud offering), they began to realize that public IaaS cloud was too crowded a sector.

– Citrix sold off Cloud Platform just recently. OpenStack and CloudStack are still strong, but both are designed for hybrid clouds and converged architecture. Cloud Platform is the tool for managing public clouds in their portfolio.

– Several smaller public cloud players are being acquired by larger players. This is pretty normal in any business, and only points to Condensation when combined with other factors.

– Verizon is winding down its public cloud offerings

– Several other traditionally public cloud platforms are beginning to focus more on managed services

Taken together, there is an industry push to private and on-prem IaaS cloud, and away from public cloud. Once again, this is NOT a death-knell for cloud at all, just a shift in how the cloud looks in the modern world. I suspect we’ll continue to see more of this consolidation and contraction in the market, with larger public clouds taking over market share from smaller shops – absorbing them or driving them under – and the rise of services and platforms designed for private and managed clouds taking the fore. My revised estimate is that we’ll see Condensation kick into high gear within the next 8 months, and extend out for another 12-18 before we have the new paradigm.

Cloud – in all its forms – is here to stay. I just suspect (and we’re starting to see some indication) that we’ll see many companies moving to managed, private, and on-prem cloud platforms.