Cardbox

Cardbox is a Windows program. The Mac is not a Windows computer. These two facts have been a source of frustration to many people for a long time.

We have now done extensive work to make sure that Cardbox is compatible with CrossOver Mac, a product that lets Windows programs run on the Mac without the need to install Windows itself.

The Knowledge Base page now has a “Macintosh” section giving advice on installing and using Cardbox with CrossOver Mac.

If you haven’t already got CrossOver Mac, you can download a trial version.

If you already have a Cardbox licence and want to try all this, you’ll need the very latest build of Cardbox, Build 4259, which you can download here.

If you haven’t already got Cardbox - or you want to get a friend with a Mac to try it out - read about our special offer.

If you have any comments or questions, please visit the Feedback on the Mac page on the Cardbox Everywhere blog.

Amazon have at last revised the service agreement for the use of the Amazon S3 storage service. The new service agreement is a great improvement its predecessor, which we criticised in detail in the S3 in Business article. Using the “backup to S3” features of Cardbox now seems legally as well as technically practicable.

Amazon’s EC2 on-demand computing facility still has unacceptable restrictions placed on its use, but that is a separate service from Amazon S3 and is not relevant to Cardbox users.

A small business, or a business whose main activity is not e-commerce, can run into trouble when selling things on the Web. Either it sells everything through a third party (Amazon for books, Handango for downloads, or even eBay) with high transaction costs, unfavourable contract terms, and hidden risks, or it pays a lot of money for a fully e-commerce-enabled web site when all it really needed was the ability to process a dozen or so transactions a day.

The Universalis case study shows how it is possible to start a small e-commerce business at virtually no cost (just the application fee for the credit card processor) and with virtually no programming (just a single Cardbox macro to process the orders as they come in by email).

This lightweight semi-automated approach is secure, fraud-proof, and requires very little time to manage.

Cardbox is fully compatible with 64-bit editions of Windows, but there is one small exception.

If you have old databases that were created by versions 1 or 2 of Cardbox for Windows, and those databases contain images, and those images were stored with “fractal compression”, then those images will not be visible in 64-bit Windows. This is because the “helper” program for fractal images, made by the defunct company Iterated Systems, is a 16-bit program and Microsoft have removed support for 16-bit programs from 64-bit Windows.

This probably does not apply to you:

• Most people have created their databases with Cardbox 3.0, which doesn’t provide fractal compression for images.
• Most people who used Cardbox for Windows 1.0 and 2.0 did not use the Fractal option when storing images in their databases.
• Hardly anyone is buying 64-bit editions of Windows.

If you have old databases that contain images and you are contemplating a move to 64-bit Windows, this article provides a macro that will scan your database and convert “Fractal” images to a more modern form.

When you choose a font in Cardbox, it offers you a choice of all the normal fonts on your computer. By “normal fonts” we mean the ones in which letters look like letters. For instance, w might look like this:

A symbol font is one where the symbols you see don’t look anything like the letters you type. Here is the letter w as displayed in various different symbol fonts:

Read the rest of this entry »

If your network administrator has prevented you from downloading or running .VBS files, you can get round this restriction by storing your VBScript in files of a different type: for example, .TXT.

Read the rest of this entry »

The vision of the new, simple, beautiful world of information, where everyone can gather information from anywhere, select it, customise it, and reformat it (perhaps even read it sometimes) is a seductive one. At one end you have RSS or Atom feeds generating streams of news items, blog entries, or whatever; at the other end you have personalised home pages that display those streams, or stand-alone newsfeed-reading tools, or plug-in feed readers such as Sage for Firefox. The tools get cleverer and cleverer, both for formatting and for searching: a recent blog post by David Tebbutt shows a nice tool that takes a search term, passes it to Google’s blog search page, and creates a live window that shows a list of matching blog entries. “Try it,” he says.

So I did.

It doesn’t work.

Read the rest of this entry »

[Complete series]

I am writing the first draft of this posting less than 24 hours after the announcement of the public beta release of Amazon EC2 (Elastic Computing Cloud) and it is making me relive the emotions that I and many other developers felt when Amazon S3 was announced. A shared culture is clearly at work. In each case, Amazon create and offer a service that has very few features: but those that it has, it implements consistently, cleanly and robustly. The documentation has the forceful simplicity of a 1970s IBM manual, saying exactly what needs to be said, straightforwardly and unambiguously: it has been written by someone with a mind with the intention that it should be read by someone with a mind. The developer forums are monitored by intelligent people who get to the bottom of the questions that are asked - sometimes deeper than the questioner himself - and give answers uncontaminated by considerations of marketing or public relations. Nothing like that has been seen since the Microsoft Windows 3.1 beta test programme.

Outsiders do not realise how deeply technological development, like scientific research, is shaped and driven by emotion. If you have ever looked at an iPod and wished that you needed one, you will have had an inkling of it. The reason that half of us are in computing at all is that we see computers as things that we can make beautiful things out of: and S3 and EC2 arouse the same emotion.
Some people have criticized S3 and EC2 for being bony, but that is the point of them. You cannot go wrong if you have good, strong bones to build on. If the foundation is right, things just go on getting better. A woman with good bones is six times as beautiful at 60 as she is at 20.

To take one example: when an EC2 computer is shut down, it evaporates. Completely. It is as if it had never been. In particular, any data that it stored are lost. This sounds ridiculous, but it keeps the EC2 architecture simple and beautiful. Anyone building a system on EC2 already has access to data storage of great robustness and infinite capacity: it’s called S3. So each system developer can put together the bones - instantly expandable computing capacity and bulletproof data storage - to make the body he needs. There is no need to contaminate EC2 by building into it assumptions about whether persistent storage is needed, and how much of it is needed, and how it should be administered. Each developer can make the decisions that are right for him and not be constrained by someone else’s idea of what he ought to want.

Conclusion

This series has been about applying the excitement generated by S3 (and now, by EC2) to doing real work in the real world. It has been about reconciling the romantic thrill of “darling, we’re going to have a baby” with the reality of coping with something damp that yells.

For server-based services such as tunesafe.com, S3 is ideal. The user interacts with the web server but all big data transfers are shunted directly into and out of S3. S3 costs money, of course; but it costs so little money that in many cases (such as probably tunesafe.com) it is possible to charge a flat fee because the wholesale data storage and data transfer costs can be bundled up into a single retail offering that still has an attractive price.

For startups that want a million users but don’t want to issue a million invoices a month, the availability of premium-rate storage (”golden buckets”) would be a major enabling technology. The profit from the golden buckets would pay for software development and the maintenance of the necessary servers; Amazon would take their cut; the user would have just one monthly bill to pay; and again, because S3 is so cheap, even a premium-rated version of it would be competitive and affordable. Whole new business models will be possible as a result. The demand is certainly there from developers: we all hope that Amazon will get round to providing this option.

No business plan is complete without some assessment of risk. For a start, Amazon need to find a way of convincingly reassuring us that we are not betting our companies on Amazon’s continuing interest and benevolence. Possible reassurances include the provision of limited guarantees of continuity or the availability of rival services that behave identically to S3. It might even be in Amazon’s interest to help set up such services.

S3 is claimed to be reliable but there are no figures to support this and users of S3 are thus taking on an unquantified risk. Quantifying the risk by publishing data is one way forward. A more interesting approach is to offer insured data storage for a small extra premium. Apart from being potentially extremely profitable, this could catalyse the transformation of the computing industry into one that takes responsibility for its products.

The contract under which S3 is currently offered is entirely unsuited to its purpose. It is not only unacceptable to anyone who plans to depend on S3, it also contradicts everything we know about Amazon’s intentions and corporate philosophy. It needs to be torn up and rewritten from scratch.

Amazon intend to spread their data centres worldwide so that computing capacity (EC2) and storage capacity (S3) are available at equally high speeds all round the world. They must pay serious attention to the legal consequences of storing data in various countries because there is no way for a user to control where, physically, data are stored in the S3 network. There is no point in virtualising away the technical differences between storage technologies if you cannot similarly virtualise away the legal differences between various jurisdictions. It is impossible to expect every Amazon S3 user to ensure that his data comply with the laws of the United States, Britain, Spain, China, and so on. In a world where every country tries to extend its jurisdiction over the whole of the Internet, we need Amazon to work on our behalf to obtain some sort of extraterritorial status for our data.

Let me finish by referring back to the start of this posting. With S3 and EC2, Amazon are revitalising computing by bringing it back to its roots. They have started a revolution. If some of my criticisms have sounded harsh, it is because I am applying some of Amazon’s own perfectionism to the services they have created and because I think that they deserve a large share of the profits from the revolution that they have started.

[Complete series]

Every good filing system has a section called “M for miscellaneous”. So does this blog series.

Anti-Internet software

It is possible for an attacker to provoke Norton Internet Security into blocking all access to Amazon S3 from your computer. So if a Tunesafe user visits a site that contains a specially designed page - or views a forum entry containing a specially designed image - his Tunesafe backups will cease to be accessible.

This does not simply affect Norton Internet Security and Amazon S3: it is potentially a problem for all Web services when used with any anti-Internet software. There is a detailed blog posting here and an executive summary here.

Slashdotting

Slashdot is a site that offers “news for nerds”. To appear on its front page is to be read by hundreds of thousands of people. If the news story contains a link to your web site, very many of those readers will visit your site in a very short time, probably leading to the complete collapse of your server under the load. Your site has been “slashdotted”.

A malicious analogue of slashdotting is also possible. One of the more vicious Internet worms of the last few years aimed to recruit a network of millions of computers all of which would attack one site (such as a US government one) at the same moment. That particular attack failed because the worm was not well designed; but it is quite common to find high-profile sites such as Worldpay having to operate at reduced capacity for several days as a result of a denial-of-service attack.

One of the attractions of putting your publicly accessible data on Amazon S3 is that you are immune to slashdotting.

One of the dangers of putting your publicly accessible data on Amazon S3 is that you are immune to slashdotting.

Why is it a danger? Because a normal slashdotted site becomes slower and slower and eventually crashes or grinds to a halt. This limits the size of the attack. But if you have a 2MB photograph stored on Amazon S3, access to it will be as fast with a million visitors as it is with one; and at $0.0004 per visit, a million visitors will cost you $400. You are safe from a denial-of-service attack but open to a draining-of-bank-account attack.

I haven’t gone too far into this risk because Tunesafe is immune to it: nothing is publicly accessible at all, and each user’s backups are stored in his own private data space on S3. But if you are planning a public service, assess the risks carefully. Various S3 users are lobbying Amazon for automatic limits and cutouts so that access to their data is suspended in case of attack. Amazon are quite reasonably resisting their requests for now. For a start, it would imply real-time gathering of billing information across Amazon’s network, whereas at present they can get away with consolidating the data at relatively long intervals. This may end up as one of those risks that just have to be budgeted for.

Doshslatting

Doshslatting is slashdotting backwards. Amazon charge for uploads as well as downloads: so an attacker could wreck your budget by uploading vast amounts of data. (Again, because it doesn’t have publicly accessible data spaces, Tunesafe is immune to this.)

Doshslatting can only be malicious, which makes it rather easier to deal with. Given the cheapness of S3 and the slowness of data transfer, an attacker would have to have access to a “botnet” of thousands of subverted PCs in order to cost you very much money. The motives for doshslatting could only be vandalism and extortion. Given that a botnet can be used for many lucrative purposes, vandalism isn’t worth the bother; and extortion is not only criminal but necessarily involves contact between the extortioner and his victim. There are easier ways to make money out of botnets.

Amazon S3 already contains partial protection against doshslatting. Rather than having a publicly writeable area of your storage space, you can make all of the space private and accessible only by signed requests from a client. You then make your web application work as follows:

1. The web browser asks your own server for a signed write request.
2. Your server considers the identity of the user, and if it thinks the user is legitimate it creates a signed request and sends it to the browser.
3. The web browser sends the signed request to Amazon S3 along with the data it wants to upload.

This is good, rational protection, and it works. If Amazon allowed the signed request to include a size limit - “please write a data object, the object to be no more than 4MB in size” - things would be better still (technically, the modification would be very easy indeed). What is even better is that signed requests in S3 can have time limits, so your server can issue a request that will only work for 15 seconds after it was created. This will prevent most kinds of botnet attack.

Summary

The anti-Internet problem

This will become more and more of a problem as the use of web services grows. The problem will be stopped eventually, because the makers of anti-Internet software will have to make their products work rationally or people will stop buying them.

Slashdotting

There are technical impediments to Amazon providing precise rate-limiting mechanisms, but an imprecise one may eventually become available (eg. limiting starts when the traffic has reached somewhere between 1 and 5 times the chosen limit). Even so, this is a risk that has to be borne by the business that uses Amazon S3. Methods of monitoring and mitigation have to be considered and a budget set aside to pay Amazon’s fees if a surge in demand does occur. Not every risk can be prevented or pushed onto someone else’s shoulders!

Doshslatting

Methods exist to reduce the risk to the point where only a really dedicated attacker could have a measurable impact; and such attackers will have many more lucrative things to do with their time and resources.

Next time, this series is brought to a conclusion.

Ross Anderson’s book “Security Engineering” is now available for free download. The idea is to make it available to people who can’t afford to buy the book; and for people who can afford the book, to let them read some of the text so that they can see it really is worth buying. (I can testify that it is beautifully printed and bound and definitely worth the money).

This is the best book on security I have come across and one of the best books on any technical subject. I recommend it to many of my friends who have no technical background at all, because it manages to convey the essence of security thinking with such a variety of interesting, well-researched examples. Although it is a serious academic book, it is accessible to people with no specialist background in mathematics or computing. Moreover, it is written in English.

• Buy from Amazon.co.uk.
• Buy from Amazon.com.
• Free download.
• Blog entry about the free download.