|
Whenever the cloud fails to live up to its popular reputation as bulletproof and resilient, I cannot resist suggesting that the "cloud" as it exists today distracts us from alternative forms of computing that I feel would be superior. I've routinely proposed a theoretical I call personal application omnipresence or PAO [1], wherein user applications run on a personal application server and are made available to all devices via multiple views (in a manner similar to responsive web design). Ultimately, I think a principle failure of modern computing is our collective inability to deliver secure, private networks (what we currently call "VPNs") in a form that is easily digestible by laypeople—or even semi-technical people, for that matter. With today's mess, configuring a VPN properly takes an enormous amount of attention to detail. VPN technologies are mired with a proprietary and confusing lexicon alongside a continent-sized minefield of potential configuration errors. Of all the R&D being sunk into the cloud, I am not aware of significant R&D investment in making personal private networks that are trustworthy and easily configured. The inability to give individuals and families omnipresent private networks makes their multi-device lifestyles an all-too-convenient target for the facile omnipresence of today's plain cloud. The plain cloud offers omnipresence while forcing acquiescence of privacy, self-control, and even knowledge of how your data and information about your actions is being used. It also centralizes sensitive data into especially juicy targets like Lastpass. I'm not suggesting a distributed model is definitely more secure, but a plurality of implementation approaches, perimeter firewalls, and the tiny size of individual networks makes each target less interesting. For the time being, I use a Keepass database on a file server I operate that I reach via an IPSec VPN from all of my devices. I am not a network professional, so my IPSec VPN may have been configured improperly, but I've tried to follow best practices. What I really want—to reiterate—is a high-quality, simple (not stupid but feature-constrained) private network that our proverbial parents could use. That is always on, from all devices I use, providing a secure channel to communicate with my data on my file server anywhere. What I have, however, is the monster that is IPSec which forces me to think about concepts like SA lifetime, IKE, Key Groups, and certificates. [1] http://tiamat.tsotech.com/pao |