Denver police were videoed savagely beating David Flores and his pregnant girlfriend by Levi Frasier, who had his tablet confiscated and the video deleted after one of the cops shouted "camera" -- but the video had already backed up to the cloud. Read the rest
In Enclosing the public domain: The restriction of public domain books in a digital environment, a paper in First Monday, researchers from the Victoria University of Wellington document the widespread proactice of putting restrictions on scanned copies of public domain books online. Read the rest
Bittorrent Sync is a Dropbox-like service through which the bittorrent protocol is used to synchronize all your devices. I recently used it to receive a large file from a friend in Los Angeles, and I was amazed and delighted by the speed an ease with which it came down. Bittorrent is calling for alpha testers to help it refine the product for its official launch.
Correction: An earlier version of this story got it wrong. I misremembered how the Bittorrent Sync product worked and erroneously believed that it used a cloud of bittorrent users to cooperatively share synch duties for one another.
It's exciting to see a more decentralized, redundant approach to cloud computing. Of all the resources we use with our computers, bandwidth is the scarcest and most fraught (since it's controlled by evil phone companies and mined by lawless spies). Storage, meanwhile, is fantastically abundant -- hard drives get so much cheaper so much faster that it's sometimes mindboggling. Many of us have storage to spare, and swapping that for cloud-based storage for backup, sharing and collaboration makes good sense.
The Bittorrent Sync architecture is reminiscent of the Freenet Project, a classic censorship-resistant file-sharing technology. I'm really looking forward to seeing what they come up with. Read the rest
How Much Will PRISM Cost the U.S. Cloud Computing Industry? [PDF], a report from the Information Technology and Innovation Foundation -- a highly regarded DC think-tank -- estimates that the US cloud computing companies will lose $22-$35 billion as a result of customers' nervousness about PRISM and other spying programs. The US had been leading the world in cloud computing, but analysts are seeing a rush to European cloud providers that are (presumably) out of reach on the NSA and in jurisdictions with tighter rules on government spying. Read the rest
Ardent Industries, the crazy people behind such large art installations as Dance Dance Immolation and SYZYGRYD, are building a giant 3D Mario cloud stuck to the top of a forklift so they can rain on people's parades. Their Kickstarter is fully funded and they're starting production and getting their forklift licenses! Rad!
Kate sez, "Technology companies are moving rapidly to get tools like email and document creation services into schools. This link to a recent survey of schools in the UK shows that use of such technology is expected to bring significant educational and social benefits. However, it also reveals that schools have deep concerns that providers of these services will mine student emails, documents or web browsing behaviour to build profiles for commercial purposes, such as serving advertisements. When data mining is done for profit, the relationship between the data miner and the consumer is simply a market transaction. As long as both parties are free to choose whether and when they wish to engage in such transactions, there is no reason to forbid them or place undue obstacles in their path. However, when children are using certain services at school and can neither consent to, control or even properly understand the data mining that is taking place, a clear line against such practices must be drawn, particularly when their data will be used by businesses to make a profit."
This weekend's NYT carried an alarming feature article on the gross wastefulness of the data-centers that host the world's racks of server hardware. James Glanz's feature, The Cloud Factory, painted a picture of grotesque waste and depraved indifference to the monetary and environmental costs of the "cloud," and suggested that the "dirty secret" was that there were better ways of doing things that the industry was indifferent to.
In a long rebuttal, Diego Doval, a computer scientist who previously served as CTO for Ning, Inc, takes apart the claims made in the Times piece, showing that they were unsubstantiated, out-of-date, unscientific, misleading, and pretty much wrong from top to bottom.
Read the rest
First off, an “average,” as any statistician will tell you, is a fairly meaningless number if you don’t include other values of the population (starting with the standard deviation). Not to mention that this kind of “explosive” claim should be backed up with a description of how the study was made. The only thing mentioned about the methodology is that they “sampled about 20,000 servers in about 70 large data centers spanning the commercial gamut: drug companies, military contractors, banks, media companies and government agencies.” Here’s the thing: Google alone has more than a million servers. Facebook, too, probably. Amazon, as well. They all do wildly different things with their servers, so extrapolating from “drug companies, military contractors, banks, media companies, and government agencies” to Google, or Facebook, or Amazon, is just not possible on the basis of just 20,000 servers on 70 data centers.
A couple weeks ago, a few hundred Dropbox users noticed they were receiving loads of spam about online casinos and gambling websites, at email addresses those users had set up only for Dropbox-related actions. The online file storage service now admits that hackers snagged usernames and passwords from third party sites, and used this data to break into those Dropbox users' accounts. Dara Kerr, reporting for CNET:
"Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts," the company wrote in a blog post today. "A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam."
Over at Ars Technica, Jon Brodkin has more. Evidently, the illicit access happened because a Dropbox employee’s account was hacked.
An attorney for MegaUpload -- which was shut down by the US government earlier this month, and whose assets have been frozen, following copyright complaints from the entertainment industry -- says that the US Attorney General is planning to destroy all its user data within a week. With its assets frozen, MegaUpload can no longer pay to host its data with its service provider, and so the AG will cooperate with the erasure of tens of millions of users' personal files -- backups, family photos, personal videos, financial records, and even movies and music in production by independent artists who used MegaUpload as a file-locker while their produced their work. TorrentFreak characterizes this as the destruction of evidence, and I think that's right.
Read the rest
Rothken explains that MegaUpload is determined to protect the interests of its users, but that its hands are tied without help from the authorities. The looming data loss is linked to unpaid bills at Cogent Communications and Carpathia Hosting where MegaUpload leased some of its servers.
“We of course would like to think the United States and Megaupload would both be united in trying to avoid such a consumer protection calamity whereby innocent consumers could permanently lose access to everything from word processing files to family photos and many other things that could never practically be considered infringing,” the lawyer told TorrentFreak.
“Megaupload’s assets were frozen by the United States. Mega needs funds unfrozen to pay for bandwidth, hosting, and systems administration in order to allow consumers to get access to their data stored in the Mega cloud and to back up the same for safekeeping.”
MegaUpload has contacted the US Attorney’s office with a request to unfreeze assets including money and domains so users can get access to their personal data.
first, I'd like to clarify what our intent was in how we represented privacy in our TOS. in our help article we stated "Dropbox employees aren't able to access user files" we didn't intend to mislead anybody with this statement - we prevent this via access controls on our backend as well as strict policy prohibitions. we don't feel this statement implies anything about who holds the encryption keys or what mechanisms prevent access to the data.
that said, it's become very clear to us that the statement wasn't explicit enough about what the barriers to access are. consequently, we've updated our help article and security overview to be explicit about this.
secondly, I'd like to clarify that we've never stated we don't have access to encryption keys. we've made quite a few posts in our public forums over the years about this very fact and we are quite open with our community: 1, 2, 3.
If companies with a very strict set of security policies and procedures like Google have had problems with employees that abused their privileges, one has to wonder what can happen at a startup like Dropbox where the security perimeter and the policies are likely going to be orders of magnitude laxer.Read the rest
Dropbox needs to come clear about what privacy do they actually offer in their product. Not only from the government, but from their own employees that could be bribed, blackmailed, making some money on the side or are just plain horny.
Dropbox needs to recruit a neutral third-party to vouch for their security procedures and their security stack that surrounds users' files and privacy. If they are not up to their own marketed statements, they need to clearly specify where their service falls short and what are the potential security breaches that
Unless Dropbox can prove that algorithmically they can protect your keys and only you can get access to your files, they need to revisit their public statements and explicitly state that Dropbox storage should be considered semi-public and not try to sell us snake oil.
You're safe if your password isn't in any dictionary, including the special dictionaries used for password cracking (these dictionaries will try random words in combination, as well as common letter-number substitutions such as "1" for "i" and so on). The crack works on WPA and WPA2-locked networks.
Your best bet is a long, random string for a password -- 64 bits of random noise will probably foil something like this for a good time to come. But good luck reading the password aloud to your visiting friend when she needs to get her laptop online.
Questions about WPA Cracker (via Schneier) Chinese WiFinders with built-in password-crackers Brit ISP TalkTalk shows why cutting people off because a record ... Google: We inadvertently collected personal data sent over open ... French hackers unveil the HADOPI router: cracks nearby WiFi and ... Dublin city council cancels free citywide WiFi: "Illegal under ... Read the rest
Here's Tim O'Reilly on the future of Cloud computing and the "Internet of Things," speaking at the MySQL CE 2010 conference." As Bruce Sterling sez, "It looks like he's just telling disconnected alpha-geek anecdotes, in his customary, avuncular, visionary fashion. What Tim's really doing is throwing lit matches into his network. And boy is he the guru when it comes to doing that."
O'Reilly MySQL CE 2010: Tim O'Reilly, "O'Reilly Radar" (via Beyond the Beyond) Previously:Tim O'Reilly defines "the Internet operating system" The Twitter Book, by Tim O'Reilly and Sarah Milstein Tim O'Reilly: Kindle needs to embrace standards or die Tim O'Reilly sounds off on Yahoo's new "Pipes" service Tim O'Reilly's Reboot talk Tim O'Reilly investigates "search engine spam" on O'Reilly sites ... Tim O'Reilly profiled by Steven Levy Read the rest
Because Google Docs now supports files up to 250 MB in size, which is larger than the attachment limit on most email applications, you'll be able to backup large graphics files, RAW photos, ZIP archives and much more to the cloud. More importantly, instead of carrying a USB drive, you can now use Google Docs as a more convenient option for accessing your files on different computers.Upload your files and access them anywhere with Google Docs (via /.) Previously:Boing Boing: FreeEnigma: easy privacy for webmail Grendel: free/open source software for protecting your cloud data ... Read the rest
Of course, data on web sites is usually shared with at least some other people in some way. Sometimes a user might want to share their information with the web site support staff, so the staff can help solve a problem or fix a bug. Or, the user might want to share their sensitive data with selected other users on the site, such as coworkers or family members. Grendel allows this, letting you encrypt data with multiple keys so that more than one user's password can gain access.Read the rest
It's very easy to screw up when building a cryptography system -- check out Nate Lawson's excellent Google Tech Talk on common crypto flaws, or Matasano's Socratic dialog on similar topics, for a map of the pitfalls available to you, and us.