The Open Cloud and Other Musings

KNX Association Response

In December 2013 I was able to abuse the insecurity of the KNX/IP protocol in a large home automation setting: The St. Regis Hotel in ShenZhen. The KNX Association responded to the incident with a brief statement on their webpage. The response seems odd, as it is half an apology for being an old standard that failed to keep with the security requirements of a connected world, half defending their security because they provide security through obscurity (ironically, it is supposed to be an “open “standard”)


Learn How To Control A Luxury Hotel Remotely: Updated Talk Materials

Thank you very much to all of you that attended my talks at BlackHat and Defcon. If you are interested in the supporting materials of the talk, I am providing a local mirror for download:


OpenStack is not the Linux of Cloud - From Linux Enlightened Absolutism to the OpenStack Republic

This blog post is not a troll against OpenStack. It started as a response to a twitter post, and transitioned to a reflection on the governance of Open Source projects and its impact on the code. And I am not implying Openstack is worse than Linux, just that it is a different form of open source, is not the Linux for cloud and I will tell you why. Linux was created with a vision, to provide a free and open operating system while OpenStack is just a tool to pool resources between companies to create an open cloud ecosystem. This reflects in several aspects of OpenStack, but the more glaring difference is Governance.


Openstack vs. CloudStack A Tale of Two Conferences

OpenStack and CloudStack are open source software to create infrastructure as a service (IaaS) clouds. Both are under the Apache License, which allows creating derivative projects, and even close sourcing them as long as you maintain the copyright notices. They represent a new wave of open software, where companies open their code to pool resources to other interested parties (another relevant example of that trend is CloudFoundy to create PaaS). I recently attended the respective conferences for these software packages. More than the contents, the dynamics of each conference provided a very representative insight of the software.


Latest Tweets

Latest Posts