Circuit Writer Version 7.8

by Jim Scheef

Safety in the Clouds

Last month, as I was wrapping up my presentation at the General Meeting, someone raised the issue of security when using cloud-based software such as the programs I had just reviewed.
His question went something like, “Why would anyone want to keep their documents somewhere where they have no control?” This is an interesting question because it can be approached from so many angles. First, what kind of cloud are we discussing here? My comments are limited to the web-based document storage and office productivity applications in my April presentation. For those who arrived late, my presentation covered Google Docs, Zoho Office and Thinkfree Office. All are web-based replacements for Microsoft Office.

I find three safety or security issues:

1. Safety from loss
2. Safety from prying eyes
3. Convenience

Let’s look at issue #1, Safety from loss. Despite what John Patrick says, the cloud is not necessarily a safe, or even a good place for your files. The classic booboo was when Microsoft lost T-Mobile Sidekick users’ data. One of the features of the Sidekick was that your data was continuously backed up in case your device failed. If your Sidekick locked up or the battery ran down to zero, your data would be restored to the device. From a Computerworld story (tinyurl.com/yznr24t) of October, 2009: “Contacts, calendar entries, photographs and other personal information of Sidekick users has almost certainly been lost for good, following a service disruption at Sidekick provider Danger, the Microsoft subsidiary said on Saturday.” Now ignoring the irony of the provider’s name, this was a wakeup call mostly to service providers who no longer offer such services. The moral here is you must backup any files you want to keep.

So if the cloud is so risky, why are so many companies jumping on the bandwagon and should you jump too? For an assessment from the business side, I’ll refer you to a recent New York Times article (tinyurl.com/y56tfof) that talks about how Netflix is using cloud services from competitor Amazon.com. The web can make strange bedfellows. It often makes sense to buy a service rather than provide it yourself. It’s the classic make or buy decision. Box.Net is a good example of cloud services brought down to our level. This is a service I’ve been using for a couple of years to share files. Notice that my intention here is not security, but some degree of lack of security. Most people don’t have a server running in their basement, but I do. So I could configure it to allow public access to a folder in which I would place files that I want to share. This would mean negating a good part of the work I put in configuring the server to keep people out. So rather than purposely opening some part of my server to the entire Internet and all the bad people thereon, it is far safer and more secure for me to outsource this one application – file sharing – to a service provider who is in the business of running servers specifically to share files. How they make money doing this is a mystery to me because the service is free for 1Gig of space. Last, any file you don’t mind losing should be backed up to your local computer. There is no security like redundant security.

The Office applications I reviewed at the General Meeting all offer a file sharing component while at the same time claiming to keep your un-shared files private. Which bring us to the other side of cloud security, Issue #2: Safety from prying eyes.

You need to put your most private secrets somewhere. So is the cloud a good place? Well, you might not want to keep files that document your criminal activities on a cloud site. Or would you? From years of watching “Law and Order” I know that computers are generally the first thing seized in a criminal investigation so maybe a cloud site not referenced on your local machine, would slow down investigators. Let me know if you get to test this and how you make out.

If you have something that you truly do not want anyone, not even the NSA, to see, then you need encryption and probably multiple levels of encryption using algorithms that are open source and time tested. If you are really paranoid, you should compile your encryption programs from source code that you inspected for backdoors. We’ll skip the discussion about good keys and passwords. Once you have this encrypted string of bits, where should you put it? You know my answer already – more than one place. And at least one of those places is not connected to the Internet.

Back in the real world, I find that a mix of cloud and physical computing makes sense – for me. Since I bought my Droid and became involved with Google, while researching the presentation I found that Google Docs is a nice mix of simplicity, minimal security and convenience. Certainly I’m not going to keep the keys to the kingdom on Google, but the easy and flexible sharing can be useful for collaborating with friends and coworkers on a project.

Your mileage may vary which is the gist of issue #3: Convenience. It really is convenient to have access to your files from any computer with an Internet connection. Is that worth the cost of some degree of security? Only you can make that choice.

Rogueware: Web of Deceit

Read this very interesting article in SC Magazine (tinyurl.com/2bmbyrm) about how “Tainted JavaScript, forged ads and indiscriminate surfing have snared millions of computer users into scareware scams.” Despite the security professional orientation of the magazine, this article is written for us mere mortals. Have you had your browser hijacked? Received pop-up messages that your computer is infected and the cure is just a credit card number away? If it hasn’t happened to you, I bet you know someone who has.

Droid Does Yet Again

Verizon rolled out version 2.1 of the Android operating system to Droid users over the last couple of weeks (tinyurl.com/yetlxqk). I received the update the first day, probably because I was an early buyer. The major new feature in the update is “pinch to zoom” or Multi-touch in the Droid browser, Google Maps, and maybe some other places I haven’t found yet. Lack of the multi-touch interface was a big downer when the Droid was introduced so Droid owners can get over their iPhone envy. The 2.1 update also adds a native email client for Yahoo Mail so my Yahoo mail now works as well as Gmail on the Droid. Pretty cool.

Milestones in the Timeline of Computing

Last month marked the passing of Ed Roberts, the father of the personal computer. He was only 68.

In 1975, Ed Roberts’ company, Micro Instrumentation and Telemetry Systems (MITS), produced a $395 kit that was the first commercially successful personal computer. The Altair 8800 appeared on the January cover of Radio Electronics Magazine where it inspired Bill Gates and Paul Allen to write a version of BASIC that became the basis of Microsoft.
Roberts was smart enough to sell MITS in 1977 at the peak of its success. From there he went to medical school and practiced medicine in Georgia.

Read more on the official Microsoft blog (tinyurl.com/2woedml), ZDNet (tinyurl.com/ykn92e2) where there are many links, Wikipedia (tinyurl.com/yklelxq), and the tribute to Roberts and the Altair on the DigiBarn site at http://www.digibarn.com. You can read a more historical view of Roberts and the Altair in books like Fire in the Valley, by Paul Freiberger and Michael Swaine (Reviewed in DACS.doc). The roll of Roberts in the founding of Microsoft is covered in many books about Bill Gates including Hard Drive by James Wallace and Jim Erickson.