A couple weeks ago, I went to a talk on Securing Databases in the Cloud. The speaker was Mike Frank from Gazzang, a company that sells software to help with the exact problem he was speaking about: the risks with open source software tools and cloud hosting. The talk felt like a slightly awkward mix between promotion and education, but there was enough education that I got some good stuff out of it.
I know the importance of security and am quite fanatic about having proper security practices and aiming towards zero trust policies anywhere possible. I still managed to pick up a few new things, including considering anew the security implications of cloud-based hosting.
The most striking question that Mike brought up and which caused me pause was about virtual images. Hosting on AWS is extremely popular, and users have the perception of having a dedicated server. Most of my attention when thinking about security before went to security within the server (data architecture and encryption of data in the database) rather than security of the overall server image. Mike brought up the scenario of your AWS image, a virtual machine sitting somewhere in memory and disk, and an engineer somewhere having access to that virtual image and being able to do anything with it. How do you protect yourself in that scenario? Coming from that perspective, it made it obvious that security end-to-end and zero trust even of the (virtualized) hardware layer is important.
During the talk, Mike spoke about encrypting data within MySQL, PostgreSQL, Drizzle, and NoSQL databases Cassandra and MongoDB. Mike is Director of Products at Gazzang and prior to that, he was one of the senior product managers for MySQL both under Sun Microsystems and Oracle. He clearly knew his stuff.
Below are my notes from the talk.
1. Huge security risks out there. A new AWS instance spun up will get attacked (attempted) within minutes.
2. Non-obvious stuff that's important to protect:
6. Database encryption functions for data at rest. Keys on outside key store.
7. Gazzang's product is ezNcrypt. How they solve it:
9. Gazzang built on top of ecryptfs
This is my first blog post about food! Though it's somewhat off topic from my regular reading notes and entrepreneurship musings, it's something I care a lot about. Especially dessert (the most important part of a meal). [I did a research project about crêpes in Southern France during college!]
I'll keep this blog post short in contrast to the portion sizes at The Griddle Cafe. Saying that this place is ridiculous is an understatement. The portions are so enormous that I was doing bicep curls with the takeout boxes of leftovers that I couldn't finish.
This is the type of place where you go with a group of six and order just one dish and have more than enough food.
As a chocoholic, I ordered the Black Magic pancake. Its menu description is perfect: "Disbelief will possess you as you're pulled under the spell of our crushed Oreo-filled flapjacks! Topped with whipped cream and Oreo cookie pieces." The only part they leave out is that you get THREE enormous pancakes (like falling off the edges of the plate, probably 10" in diameter each, 1/2" thick each). It's Oreo and chocolate overload, and I could barely finish one pancake myself. For me, the sign of a good restaurant is the presence of chocolate pancakes on the menu. (I'm collecting places around me that have them as it's somewhat rare!)
The other pancake they're famous for is the Red Velvet, which was equally insane (it was literally Red Velvet cake in the form of a pancake).
With such delicious and huge portions, the pricing is quite reasonable. The place has an old-style counter feeling, and it gets really busy, so you have to find the right time (like between meals or at the start of meals) to avoid the rush.
I can't wait to go back again (and have leftover breakfast to eat for a week thereafter).
I thoroughly enjoyed reading the book Sleights of Mind: What the Neuroscience of Magic Reveals about Our Everyday Deceptions by Stephen L. Macknik and Susana Martinez-Conde. I just finished it recently, and as a hobbyist magician and someone equally interested in psychology and neuroscience, it was an incredibly engaging read. I saw the book on display at the Skirball Museum store after seeing the Harry Houdini exhibit there (which was a really cool anniversary surprise I got!).
What I most enjoyed about the book was the tone of the authors in portraying human experience as a cognitive illusion created by our brain to promote our survival. Magicians are the cowboys that hack into our brain and mess with that illusion. How awesome is that?
I recently saw The Matrix again for the first time after about 4 years of not seeing it (I had seen it about 3 times before that), and this book had an eerie resemblance in its main lessons about the brain and the simulation of reality that it creates for our experience. The connection to magic was amazingly delicious icing on top of that cake.
I also enjoyed some of the philosophical discussions, which reminded me of an event I went to a while ago at the Center for Inquiry on magic, science, and skepticism.
Below are my main notes on the book. I'm leaving out a lot of detail with respect to effect secrets for obvious reasons. ;) Even so, this is one of my longest blog posts due to the number of interesting things I learned (and how much I enjoyed the book).
Ch. 7: The Indian rope trick (memory illusions)