Calming The Cloud Storage Storm

 Computing  No Responses »
May 022012
 

One of the cool things about “the cloud” is that there are numerous different companies all offering cloud-based storage of one kind or another. You can even get quite a bit of storage for free, and different solutions offer different cool solutions – such as Dropbox where my phone is configured to automatically send photos up to it. And there are plenty of other solutions out there :-

  • Box
  • Google Drive (of course you may already be using Google Docs which means you essentially have storage related to that).
  • SkyDrive (although for some mysterious reason, Microsoft doesn’t supply a Linux client)
  • iCloud
  • Wuala
  • SpiderOak
  • Ubuntu One – which despite the name, isn’t just for Ubuntu!
  • And in a note for myself, there’s also SparkleShare which is essentially a DropBox client to talk to your own servers.
Undoubtedly there are a whole ton more, but I think I’ve gotten the “big names” covered. The best strategy is of course to find the one whose client works with all the platforms you use (phone, PC, laptop, etc.), comes with the most free storage, and the cost of getting more storage is the least (in decreasing order of importance). Of course in the real world, you are likely to end up with more than one – simply because it’s tempting to look at the next “new thing” or because you want more cheap storage, or simply because other people insist you use service X.

Now if you use multiple cloud-storage solutions, you have a bit of a problem – different clients offering different functionality, different amounts of storage available, and remembering what you put on which “cloud-disk”. Plus of course there is the interesting problem of security – different providers provide different levels of privacy and operate in different jurisdictions where different laws apply.

Different Clients

Different clients work in different ways with different features. For instance, for a Linux user :-

  1. The Dropbox client seems to work pretty well, but it doesn’t appear in a list of filesystems (i.e. when you type df) so you can’t instantly see how much space is still available, etc. At least not in the standard way.
  2. Box(.net) lacks a Linux client, so you have to hack something together. Perfectly possible for more geeky users, but even for us there is the danger that a hackish solution may suddenly stop working mysteriously. Or rather that is more likely.
  3. Ubuntu One doesn’t seem to work via a filesystem interface at all.
  4. And that seems to be the same with SpiderOak.
It may be different for Windows users (I’m too lazy to check – if anyone wants to submit details, please go ahead), but I doubt it.

Whilst cloud storage providers may offer additional features to differentiate their product, they are all essentially the same as a removable hard disk, usb memory stick, or some other kind of removable storage. Whilst the additional features are very welcome, why should we have to learn a new way of managing storage just because it is out there in the cloud ?

Privacy

There is a great deal of paranoia about storing private data in the cloud with the assumption that creepy organisations such as Google will do something nasty with the data. Well maybe, but the likelihood of Google being that interested in an individual’s data is a little unlikely. Of  course just because the cryptogeeks are a little paranoid does not mean they are completely wrong – there are privacy issues involved.

Firstly, Google could be looking at your data to determine things about you that would be of interest to advertisers – to present targeted adverts at you. Which at best can be a little weird.

Next we like to believe that the laws of our country will protect us from someone picking through our personal data. That someone could be the company supplying the storage, or it could be the government in the country where the storage is hosted. That would probably be fine if the storage was restricted to one location where we could be sure that the government protected us, but where is the storage located?

Much of the time the storage is located in foreign jurisdictions where there is no guarantee that any kind of privacy will be respected – especially if a foreign government takes an interest in your data. Don’t forget the laws of say the USA are not designed to protect citizens of any EU country (or visa-versa). There are of course agreements such as the EU Safe Harbour agreement, but it is possible that it does not offer as much protection as assumed – it is not really intended for private individuals choosing to put their own personal data into foreign jurisdictions.

Probably most of us do not have to worry about this sort of thing (although we can choose to), but some may have to be cautious about this sort of thing. Some of us deal with personal data about third parties – sometimes very personal data – and need to consider whether storing such data in the cloud is being appropriately responsible about the data privacy. For example, a contractor who stores information about their clients should be taking actions to ensure that data is not accidentally leaked (or hacked and published).

The easy answer to this problem is to assume that cloud storage is not safe for sensitive personal data, because there is a simple solution to the problem that still allows the cloud to be used. Use encryption such as TrueCrypt to ensure that even if the cloud leaks your data, it is still encrypted with a method that is not known to the cloud provider.

Store It Twice!

There have been occasions where storage providers have removed access to storage either permanently or temporarily – such as the Megauploads site. Whilst it is perhaps unlikely, it is possible for a cloud service provider to disappear and for the customers to lose their data – even if the cloud provider claims that there is some protection against this sort of thing happening. But it could happen, so it is sensible to ensure that if you store data in the cloud, that you should ensure that you have copies of that data elsewhere.

 

 Posted by at 20:57  Tagged with: , , , , , , ,

The Political Grand Prix

 General, Politics  No Responses »
Apr 222012
 

Today’s Grand Prix in Bahrain is mired in controversy because of the race going ahead when the political protesters want it cancelled. Those associated with Formula 1 are claiming that the race should go ahead because it is totally separate from the political issues in Bahrain.

That is one point of view. Although it is more in the nature of wishful thinking – perfectly understandable as the Formula 1 organisers who undertook to race in Bahrain are hardly responsible for what is happening there on the political scene.

The protesters claim that the race going ahead legitimises the Bahrain regime by adding international credibility.

That is another point of view with rather more weight to it.

But it could well be wrong - it may well be that having the race go ahead brings more attention to the political instability in Bahrain. Most normal people may well not have been aware of the political trouble in Bahrain; at least not recently. By having the race go ahead, the amount of coverage of the political issues has gone up through the roof. Whilst cancelling the race would have increased the coverage slightly, it is likely that it would have resulted in nowhere near as much coverage as we are seeing.

 Posted by at 10:53  Tagged with: , , ,

Knowing The Lord’s Prayer

 Politics, Religion  No Responses »
Apr 032012
 

A few days ago now, a report came out indicating that today only 50% of children know the Lord’s Prayer off by heart whereas in 1972 the rate was 90%. Shock horror!

Before worrying about whether this matters or not, does this survey actually say what we think it does ? In 1972, there was a far greater expectation for children to memorise things and that is less so now. Ignoring whether this is good or bad, it may well be that children in 1972 would claim to know the Lord’s Prayer when they didn’t quite. And children today are perhaps less likely to exaggerate their knowledge.

As an example (although I’m long past the age where I can claim to be a child), I’m not likely to claim I know the Lord’s Prayer off by heart, but if I find myself in the sort of surroundings where the Lord’s Prayer is solemnly chanted, the words are likely to come back to me.

And does it matter ?

Well, a child who goes to church to plead with their god is going to pick it up pretty quickly anyway (at least if it’s a christian church of the persuasion that believes in the Lord’s Prayer), so there is no worry about that point.

As to establishing the cultural tradition of the UK, it seems to me that knowing the Lord’s Prayer is less important than knowing Beowulf or Gray’s Elegy yet how many people know either off by heart ? Or have even read it ? Being aware of (and having read) all three is much more important than having memorised any.

 Posted by at 21:14  Tagged with: , ,

Panic Petrol Buying Causes Injuries ?

 General, Media, Politics  No Responses »
Mar 312012
 

No of course it doesn’t.

Despite the claims of the media who like to imply that the government is to blame for the injury of someone who tried decanting petrol in her kitchen. However stupid the government advice was, they did not suggest people keep petrol in their kitchen in inappropriate containers. They explicitly mentioned “jerry cans” – being the generic name for appropriate petrol containers.

To steal a title from Pink Floyd, what is to blame here is a “momentary lapse of reason” by the woman herself. It is the kind of thing that can happen to anyone – not so much general stupidity, but a temporary ability to disregard the stupidity of some action. We all have been known to do it – you, me, and that daft bloke down the street.

Try to claim otherwise and I’ll laugh at you.

And sometimes that stupidity can have drastic consequences.

It is possible that the government’s rather stupid advise to top up cars and jerry cans has led to an increase in stupid and nasty accidents, but that is no reason to blame the government for accidents. If the government has to avoid issuing advice on matters involving dangerous substances because of the potential for accidents, we need an alternative “government” who will issue such advise.

Of course what the government is responsible for is issuing advise that encouraged panic buying. They obviously paid so little attention to the potential for panic buying that you have to suspect whether it was deliberate – did they want fuel shortages in the middle of the working week rather than during the Easter weekend ? Did they want people blaming the Unite union for causing woes?

Probably not. Even though the “scheme” backfired, the conspiracy theory would credit the government with too much in the way of brains to be possibly true. When issuing advice in such matters the government needs to :-

  1. Get the timing right so that if there is panic buying, it occurs at the least damaging time. Easter (despite the pain of not being able to go away) is better than in the middle of the week.
  2. Phrase advice so that panic buying is less likely.
  3. Point out that diesel or petrol are dangerous substances where a “momentary lapse of reason” can have drastic consequences.
 Posted by at 07:46  Tagged with: , ,

Zimmerman To Face Arrest …

 Politics  No Responses »
Mar 242012
 

Or at least he should.

In a bizarre and alarming incident illustrating the stupidity of the US attitude to guns and gun law, George Zimmerman shot and killed Trayvon Martin in “self defence”. And then the police took his word at face value, and did not arrest him.

There a whole bunch of really strange about this issue :-

  1. Zimmerman was apparently running around as a self-appointed “neighbourhood” watch guard. Now I’m not sure what the attitude towards people like that is in the US, but I would label such a person as a “vigilante” and say that his behaviour is a clear indication of his lack of fitness to carry a gun. That’s not to criticise real neighbourhood watch volunteers – just that someone who runs around who is not part of such an organisation but acts as though he is.
  2. He wasn’t arrested. Whatever the legal situation is, it seems to me that anyone who kills someone – even a policeman who kills the neighbourhood serial killer in the act – should be arrested. Killing someone is always wrong; it may sometimes be less wrong than the alternative, but there’s no getting around the fact that killing someone is always wrong.
  3. The self-defence argument is interesting because it is entirely possible that Treyvon Martin could also quite legitimately make a self-defence claim if he had killed George Zimmerman. After all from his point of view, he was followed and then apparent confronted by this “strange man” when he was going about his legitimate business. Perfectly entitled to some self-defence there.
  4. The whole self-defence argument is a little weak though – it has been implied that in Florida killing is perfectly legal if the perpetrator believes it was necessary for his or her self-defence. Where is the “reasonable” in that ? To illustrate this, I might believe it is necessary for my self-defence to kill you because I’m unhinged – that does not make it reasonable however. Of course the sensible way of testing the self-defence argument is through the old-fashioned method of letting juries decide using their common sense.
On that last point, it only seems to be unreasonable to let a jury decide if Zimmerman acted in self-defence because our present legal systems grind away so slowly. Ignoring the issue of time, it seems perfectly sensible to put Zimmerman on trial to let a community of his peers determine if he acted in self-defence … or not.
 Posted by at 09:35

Why All The Fuss About The “Granny Tax” ?

 Media, Politics  No Responses »
Mar 222012
 

You know anyone would think the media isn’t capable of adding up to more than 10 without taking their socks off given all the fuss about the so-called “granny tax”. By which they mean the gradual elimination of the increased tax allowance that older people get once the increased personal allowance reaches that level.

Either the complaint is that pensioners are paying the same level of tax as working people, or that the tax allowance for pensioners is not going to go up by the level of inflation for a couple of years. Neither are exactly catastrophic for pensioners – the poorest pensioners are not going to reach that level of income anyway, and those that will be effected will hardly notice the difference.

After all there is no guarantee that the tax personal allowance will increase by the level of inflation every year … neither the normal personal allowance nor the “bonus” allowances that older people get on top of their personal allowance. And why should older people get a special taxation allowance merely for being older ?

Eliminating that special case will make the taxation system just a little bit simpler – something to be encouraged.

I’m more likely than most to throw rocks at the Tories and their policies, but I don’t see this as being worth picking up a rock for. There’s quite a few other things about the recent budget to get excited about.

Like reducing the income tax rate for the wealthy from 50% to 45%; whilst the Tories are quite possibly right about it not being a great revenue raiser, it sends out the message that the Tories are on the side of the wealthy. Whilst they have also done a bit of tinkering with tax avoidance, and added a top rate of stamp duty (on residential property purchases), reducing the income tax rate for the top earners feels wrong.

So why is the media making more fuss about the non-issue that is the “granny tax” ? Someone more suspicious than me might suspect that the media is deliberately drawing attention away from the income tax issue – just how much do these journalists earn anyway ?

 Posted by at 21:13  Tagged with: , ,

Fog On The Downs

 Photography  No Responses »
Mar 202012
 

This is from last week’s day off … which was the one day of the week when the fog was almost entirely solid from beginning to end. Almost but not quite – there was about 5 minutes worth of sun on the train back. But there again, sometimes not so great weather results in sometimes not quite so poor photos …

#1: Flying Over The Fog

Flying Over The Fog
 
 

Those distant black blobs in the sky are actually birds – this needs to be seen large.

#2: The Gate

The Gate
 
 

#3: Paths Meet

The Paths Meet
 
 
 Posted by at 21:54  Tagged with: , ,

Around Portsmouth

 Photography  No Responses »
Mar 182012
 

Just a few more random photos from around Portsmouth :-

#1: The Reflected Tower

Reflected Tower
 
 

#2: The Lighthouse

The Lighthouse
 
 

#3: Looming Out Of The Mist

Looming Out Of The Mist
 
 

That strange looking thing sitting on a cushion of mist is a ferry arriving.

 Posted by at 09:47  Tagged with: ,

More Guerilla Knitting In Portsmouth

 Photography  No Responses »
Mar 172012
 

From quite some time ago :-

Guerilla Knitting 1
 
 
Guerilla Knitting 2
 
 
 Posted by at 19:38  Tagged with: , ,

Offline Web Application Scanners?

 Computing, Security  2 Responses »
Mar 172012
 

This is at least partially an appeal for information – if anyone knows of a web application scanner that does what I describe here, please let me know!

All the web application scanners I have come across so far seem to only try “online” scanning where the work is done by connecting to a web server using the same method as someone with a web browser would use. Or in other words the scanning tools replicate what an attacker might do. Hardly the wrong thing to do – it is probably the best method given that so much can only be determined by going through the web server.

In addition, there are also tools to scan the source code of web applications that you have written yourself. These pick out bits of the application that could do with looking at. Fair enough for a web developer, but I’m after something a bit different.

What I want is a tool that will when given the directory containing the website, will go through it looking for weaknesses like the following :-

  1. Look for problems with the permissions – such as directories and files writeable by the web server owner.
  2. Look for common applications and components – such as WordPress – and identify them, and indicate whether they’re out of date or not.
  3. Look for signs of exploits – PHP ‘shells’ and the like.
  4. Look for content that isn’t linked to as an indication that it shouldn’t be present.

Of course most people could think of a few more things to add to that list! It would be a handy additional source of information when it comes to securing a website.

 Posted by at 16:08  Tagged with: ,
 Older Entries
© 2011 More Zonkyness Suffusion theme by Sayontan Sinha