Speaker Key: PB: Phil Brown, DW: David Whelan
PB: Hi, it's Phil Brown, and I am here with David Whelan. Today we are going to do our jargon podcast for 2015.
DW: We thought we would take a look at the letters of the alphabet in particular because Google has just reorganized itself into The Alphabet Corporation. So, starting with A, we have the API, which is also the application programming interface, and you may have heard of APIs being tossed about and wondered what they are. There is some concern that the federal courts in the US do not really understand what they are either, because they called them software, and an API is not software. An API is a connector that allows different systems to communicate with each other. So what you might find is a company, like Dropbox, has an API, and then other developers can write software that talks to that API, to display files that are in your folders or to enable you to work on your Dropbox files without actually being in Dropbox, working through other things. It is an enabler between two different types of software systems.
PB: And you see APIs being bandied about when you go to a tech conference and you hang out with the vendors for a bit. Everyone is running around trying to figure out how they can get their software, in their packages, to run with someone else's, on their platform. So everyone is running around discussing API synergies and things like that when they are at these conferences.
DW: That's right. David Weinberger did a great book called
Small Pieces Loosely Joined
, and that is really where the API is. It allows you to make your program available to other things, to build it out, rather than building, as we did in the old days, monolithic programs that did everything all by themselves.
PB: And I suppose this is for another podcast topic, at some other time, but APIs could possibly create unique security situations as well.
DW: Right, absolutely.
PB: So B is for bot.
DW: B is for bot. Bots used to be nice warm fuzzy things, but bots increasingly come up in conversations about security and malware and computers that are infected. A bot is a computer that has been taken over by a remote system, and is then used for nefarious purpose, often an attack where the bot herder (as they are known) communicates to all of the bots in his herd or her herd, and tells them all to attack a particular website, or to send out a particular kind of message, or to do some sort of coordinated activity. So all the bots all respond at the same time.
PB: And bots are one of the reasons we have to type in all of that extra stuff when we are completing forms and trying to send it off. You will see that little photo of some letters, random letters and numbers that you have to fill in to show that you are a human and not a bot.
DW: Right. You want to make sure that the computers in your law firm are not part of a bot network, so make sure that you are running antivirus software and malware watching software, so that you can eliminate the ability for other people to plant software on your computer without you knowing about it.
PB: Right, containers.
DW: Yes. C is for containers, and containers are an obvious thing. If you do a Google search for a container you get a box, cardboard box, that sort of thing. This is a similar sort of thing, and it is going to become more and more popular, particularly in people who are dealing with vendors in the Cloud. You might go to a company and say that you want them to host your law firm technology in the Cloud, and how do you do that? They will say, "Well, we virtualize it", and, increasingly, the virtualization is something called containers. What happened in the bad old days of right now, is that you would virtualize a system and it would have an operating system like Windows, and it would have applications on top of that, and then your data would be on top of that, and for each customer, the Cloud provider would repeat the operating system and the applications over and over again across the entire system.
The thing with containers, and one of the leading types of container comes from a group called Docker, is that you do not have to have the operating system repeated over each virtualization anymore. In the future, if the Cloud providers use containers, there will be a single operating system across the entire platform, a single set of applications across the platform, and then the only enclosed area will be that container, which will have your stuff in it and separate from the container for, say, Phil's stuff.
PB: Right, D.
DW: D is for DDoS. You are all familiar with the old operating system DOS, MS-DOS. The DOS that we talk about these days is the denial of service, and then the more common one now is the DDoS, the distributed denial of service, and this comes into where those bots are. It is very easy to crash a website or to do an attack, by sending so many requests to it, that it can no longer respond to all the requests, and it stops doing so. That is what a denial of service is. It is the denial of the ability for that server to respond. The distributed denial service means that the attack is coming from many, thousands, in most cases, of computers at the same time, so that it is not only difficult for the server to respond, but it is difficult to figure out where the attack is coming from, and to then block it.
PB: And is there any way for the average small website owner to stop a denial of service attack?
DW: There is not. There are services you can use, like CloudFlare. Cloudflare.com has a free service, as well as a paid service, where they will intercept the DDoS attack and try to block it and filter it out, so that is one way you can do it. Most larger firms and larger corporations will have more than one connection to the internet, and so if a DDoS or a DOS attack happens on one set of addresses on the internet, it can turn those off and go to another one, so that it is still able to interact with and communicate with it, but otherwise you could see law firms going offline if their email servers or their web servers or other internet connections are being attacked.
PB: And you would have to have a somewhat sophisticated client who has you in their sites, to be a victim of this sort of thing. It is much more common for larger companies and they can have these, sort of, broad based attacks happening, and they can be shut down for a day, two days at a time.
DW: It is interesting, we may see that change. I think you are right that it is an individualized attack. They need to be aiming just for you, but we are seeing now that these bot herders are making themselves available so, for $20 or $30 and a credit card you can do a DDoS attack for an hour, and it has now become commoditized, like so many things are with technology.
DW: E is for EPUB. EPUB is a format that is common for eBooks. It is the most common eBook format, other than the Kindle format, which is proprietary to the Kindle platform. EPUB is interesting because it is one that you can actually open up and edit with a set of text tools that are available for free from groups like Sigil. The EPUB format is really nice. If you ever wanted to create an eBook, you could save it as an EPUB, but when people are talking about EPUB, they mean a particular type of format like Word documents and docx or doc in the old days. If they are talking about EPUBs, they are talking about eBooks.
PB: And a number of different readers can handle EPUB natively.
DW: Right. EPUB is probably the most common format, because you can read those on IOS devices, Apple devices, and Android devices. You can open them up on Windows and Mac computers and read them on your computer. It is great and they are often very flexible, and often come without DRM, the digital rights management.
PB: And our last letter for this podcast, F.
DW: F is a firewall. Firewalls are exactly what they sound like. In fact, if you come down to The Great Library, we have a physical firewall in the basement, which was meant to protect things from fire. It is a brick wall, and you can store things behind it. The firewalls that we have nowadays tend to be on our desktops and our hardware that we have attached to our networks. They are meant to prevent external people from getting in, who should not be, but also for your internal applications not to communicate outside of your firewall, without you knowing that they are doing it.
PB: And sometimes they are software firewalls, sometimes they are hardware firewalls which contain software, some of those security devices that are matched with routers and so on.
DW: Right. The Windows firewall comes with all the Windows operating systems and if you hit your Windows key and type "Windows firewall", it will pop up, and it will show you all of the rules that have been created, both the ones that block people from accessing, but also the ones that allow access. And particularly if you are on Windows 10, I would take a look at the rules that are allowing access because Microsoft has included a lot of new rules that allow all of its products to bypass the firewall and share information and things like that. You may want to disable them or delete them.
PB: And it is probably one of the most ignored security features for personal computers, the firewall. I mean, you can really tighten down the security on your computer so that things are not randomly sending cookies back and forth and checking out your computer and sniffing your ports and so on, and people just do not turn on those features.
DW: Right, you definitely want to try and have them. You can find firewalls for Android devices. I do not believe them for IOS, like iPhones and things but, in particular, if you have a home network where you are doing work or, for sure, at your firm, you should also use a hardware firewall that is at the connection between the internet and your firm network so that you are protecting not only on a machine-by-machine basis, but for every potential probe that comes in from the internet itself.
PB: Right. Thanks, David. That is the first six letters of our jargon podcast, thanks.
DW: Thanks, Phil.