Yottabytes: Storage and Disaster Recovery


November 18, 2017  9:18 PM

Pornography Conviction Gives ‘Flash Memory’ a Whole New Meaning

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Flash, SD cards

LPT (Life Pro Tip): When you move from an apartment, take your child pornography with you.

Carpet installers in an apartment in Beaumont, Texas, found three SD cards in an empty closet. “As they started carpeting a bedroom in the vacant apartment on June 5, 2013, workers found something odd tucked away at the top of a door frame. There were three SD cards that belonged in a camera — and it looked like they had been hidden in the room.”

(One could wonder why people installing carpet were looking at the top of a door frame in the first place.)

And of course they promptly did what you’re not supposed to do: Stuck them into one of their devices to see what was on them.

They got more than they bargained for.

When they looked at the SD cards, they discovered they had child pornography on them, so they called the cops and reported it (and fortunately weren’t arrested themselves in the process). “The cards contained 97 images of child pornography, prosecutors say, as well as 222 images of child erotica,” writes Jared Gilmour of the McLatchey newspapers. “Those images showed a girl younger than 10 engaging in sex with an adult man,” who has since been arrested and sentenced after being identified in the pictures.

This was in the mainstream media, so technical details are admittedly sketchy. Newspaper articles reference discoveries made through “computer forensics,” which in this particular case could simply be a matter of looking at the directory on the SD card. For example, “Police were also able to prove, using digital forensics, that the cards were last accessed during the time period when Hawkins was leasing the unit” – in other words, the “date modified” field in a directory. (Reminds me of when some of my reporter friends would explain that they had found a piece of information by the “careful application of journalistic principles,” which meant they asked somebody.)

In addition, none of the articles mentioned anything about a password or encryption, so it would appear that the photos were readily visible to the casual observer. The articles indicated that the memory card “belonged in a camera,” but many cameras in this day and age can use the same kind of SD cards as a smartphone, so it isn’t clear how it was determined that thememory card came from a camera specifically. Consequently, it also isn’t clear whether he was using a device that could have encrypted the photos, such as a smartphone. If it isn’t actually possible to encrypt photos on a camera, as opposed to a smartphone, that seems like it would be an interesting security hole.

The upshot is that, four years after the carpet installers discovered the SD cards, Charles Henry Hawkins, 57, was convicted for possessing child pornography, a third-degree felony. He was sentenced to ten years in prison – the maximum sentence — as well as having to pay a $10,000 fine and register as a sex offender for the rest of his life. He probably will also be a lot better about taking his SD cards with him in the future.

October 31, 2017  1:05 PM

Queen’s Security Data on USB Stick

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Security

We’ve written before about the dangers of USB sticks and why it’s not a good idea to poke ones that you find lying around into your computer. But here’s a story that’s different: An unemployed guy found a USB stick in a pile of leaves in the street, plugged it into a computer in the library – bad human! Bad! – and it turned out to be the security plans for when Queen Elizabeth visits Heathrow Airport.

Oops.

According to the Mirror, which broke the story after the unemployed guy took the USB stick to them, the device contained 76 folders with 174 files totaling 2.5 GB, which were neither encrypted nor password-protected. “It revealed:

  • The exact route the Queen takes when using the airport and security measures used to protect her
  • Files disclosing every type of ID needed – even those used by covert cops – to access restricted areas
  • A timetable of patrols that was used to guard the site against suicide bombers and terror attacks
  • Maps pinpointing CCTV cameras and a network of tunnels and escape shafts linked to the Heathrow Express
  • Routes and safeguards for Cabinet ministers and foreign dignitaries
  • Details of the ultrasound radar system used to scan runways and the perimeter fence”

So there’s three main issues here.

First, how did the files get onto a USB stick in the first place? Are they the actual files used by Heathrow Airport? If that’s the case, they’d better start locking down their security procedures (even though airport chief executive John Holland-Kaye assured members of Parliament that the airport was “completely secure”). For example:

  • Which of their computers have unsecured USB ports that support a USB stick?
  • How many people have access to those files?
  • How many of the people with access have authorization to download those files without it being logged?
  • How many people can leave the facility with a USB stick without it being detected?
  • If this was an authorized download, why wasn’t it encrypted?

If they aren’t the actual files used by the organization, what are they? Notes? Someone else’s actual files? The provenance of the data needs to be ascertained. “Given the location of the find, close to Heathrow, it is thought more likely that an airport worker had accessed the data and inadvertently lost the USB drive,” writes Simon Calder for the Independent. “But it is believed more likely that whoever lost the memory stick had security clearance to access the data, if not necessarily to take the information away from Heathrow on a portable drive.” He didn’t say, however, who thought and believed this or where he got this information.

Second, how did the files come to be on a USB stick in the street, about six miles from the airport (though one source says ten miles)?

  • Do we have a careless worker who dropped the files they were taking home to work on?
  • A careless terrorist who was supposed to bring them to a meeting? “Oops, my bad.”
  • A careless spy who dropped the files they were planning to sell to someone?
  • Someone discarding the files after they had already made copies or sold them to someone?
  • An attempt to sow fear, uncertainty, and doubt by revealing that the information was out in the world, thus making people afraid to visit Heathrow, or even London itself, for fear of a terrorist attack? As far as terrorism goes, fear of an attack – especially just before the busy holiday season — is almost as good as an actual attack, and it isn’t nearly as dangerous and doesn’t hurt people.

And if it was somebody being careless, they were doubly careless not to encrypt the files – though we know that, despite governments’ insistence that encryption is a tool for terrorists and child pornographers, terrorists often don’t encrypt their own files. On the other hand, if the release of the information was the goal, it would be important not to encrypt them, because otherwise how would people know to be afraid that the information was released?

Third, how did the files come to be on a USB stick on that street?

  • Were they dropped?
  • Were they deliberately placed there? Was it a dead drop of some sort?
  • Were they intended to be found by that person? Or by someone else and this other person picked them up? (We’ve been binging on The Americans lately; can you tell?)
  • How many other such USB sticks with the Queen’s security plans are out there? Where else might copies of that data be?

One thing is for sure: People are going to be seriously scanning the ground for USB sticks in England for a while. Hopefully they’ll take them to the police rather than poking them into their computers – because, you know, that’s still a bad thing to do.


October 27, 2017  9:06 PM

Eek! NYPD Doesn’t Do Backups!

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
government

It’s not often that backups get mentioned in court cases – let alone that people get chided for not doing their backups – but that happened recently in a New York courtroom. Sadly, it seems like the issue is more one of people not knowing technical terminology, though that’s scary enough in itself.

It all started in 2013, when the Bronx Defenders, a nonprofit advocacy group, tried filing public records requests using New York’s Freedom of Information Law (FOIL) – the state equivalent of the national Freedom of Information Act — regarding the New York Police Department’s (NYPD) civil forfeiture account. Since then, Bronx Defenders and NYPD have been back and forth in court, with NYPD insisting that the information isn’t available or is too hard or expensive to get. In one instance, NYPD took 19 months to respond to an inquiry when it was supposed to respond within 10 days.

This comes up because reports indicate that NYPD has a balance sheet of as much as $68 million in civil forfeitures, but it isn’t clear where it came from or when. The department has also been criticized for several years about its lack of transparency on the issue. People have reported that assets including cash, cars, house keys, cell phones and prescription medication were taken from them when they weren’t charged with a crime, and they were unable to get them back.

This is interesting in an IT sense because NYPD reportedly spent $25.5 million in 2009 for its Property and Evidence Tracking System (PETS) database to help it track this information. In fact, according to a 2012 Computerworld award nomination form, “The cradle-to-grave life cycle of property and evidence invoiced in PETS is visible upon demand. From the moment an invoice is created, all related actions and movements (who, what, where, when, and why) are captured up until the moment the invoice is closed.” Which seems to be just what people are asking for, and just what NYPD is saying the system can’t do.

So where do the backups come in? An affidavit from Christian Schnedler, the director of strategic technology programs in the information technology bureau for NYPD, includes the statement, “PETS is the NYPD’s only property and evidence tracking system. Currently, there is no secondary or back-up system, and no repository of the data in PETS outside of PETS itself.”

Consequently, Manhattan Supreme Court Judge Arlene Bluth had kittens. “That’s insane,” she reportedly said. “Do you want the Daily News to be reporting that you have no copy of the data?”

Alert the media.

“New York City is one power surge away from losing all of the data police have on millions of dollars in unclaimed forfeitures, a city attorney admitted to a flabbergasted judge on Tuesday,” reported Adam Klasfeld in Courthouse News.

And, naturally, having been called out, the Daily News also chimed in. “The NYPD may be one computer hiccup away from losing track of tens millions of dollars it has taken from members of the public,” concurred Max Jaeger.

The department quickly backpedaled. “’Contrary to some published reports suggesting that NYPD does not electronically back up the data in its Property and Evidence Tracking System (PETS), all such data is backed up continuously in multiple data centers,’ stated Deputy Commissioner Stephen Davis,” writes  Emma Whitford in the Gothamist.

Meanwhile, the city of New York has also passed a law requiring the NYPD to report on seized property data on an annual basis, according to Bronx Defenders. It is scheduled to go into effect in 2019.

In context, it’s looking like what Schnedler actually meant to say was that there wasn’t an alternative “backup” method to retrieve the data, not that there were no backups at all. Not the sort of terminology mistake you want your director of strategic technology to be making, particularly when talking to a judge.

On the other hand, the NYPD apparently couldn’t even agree on whether the database was from IBM. “This article has been modified to remove a reference to whether the NYPD’s database is IBM, something that the parties dispute,” reported Klasfeld. As it turns out, the hardware is from IBM; the software was from SAP, and the underlying technology was an IBM DB2 SQL database, according to the 2012 Computerworld award nomination form.

What the basic issue appears to boil down to is that the database user interface is intended to deal with one record at a time, and NYPD is saying it would be overly burdensome to have to retrieve the information in that way. Database experts are saying, look, just write an SQL query to retrieve the raw data out of the database. It isn’t clear whether NYPD actually doesn’t understand this concept, or is just dragging its feet.

And some of the briefings are absolutely hysterical, as is typically the case when computer things come up in court. The judge cites one affidavit, noting “’the PETS system was not designed to generate accurate reports of aggregate numbers of invoice property by type of hold, with values, precinct, type of investigations, and whether the investigation led to an arrest or not,” she quoted. “Does that mean that PETS can generate inaccurate or somewhat inaccurate reports? These unanswered questions compel this Court to direct respondents to file an answer to the petition.”

That said, it’s always nice to be reminded to do backups. Another round of oral arguments is scheduled for December 12.


October 13, 2017  1:19 PM

New Micron VP Charged With SanDisk Insider Trading

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Micron, SanDisk

Being accused of security fraud at your previous company. “I’ll take ‘Things Not to Do During Your Probationary Hiring Period’ for $500, Alex.”

Nonetheless, Anand Jayapalan, the new vice president of Micron’s Storage Business Unit, has been accused of the Securities and Exchange Commission (SEC) with insider trading at SanDisk only about six weeks into his new job.

As you may recall, Micron hired SanDisk cofounder Sanjay Mehrotra in April as CEO, to replace Mark Durcan, who was planning to retire after taking over as CEO following the death of Steve Appleton in 2012 from a plane crash. Since then, in addition to shutting down the company’s Lexar consumer division, he had hired at least three former SanDisk executives into the Boise, Idaho, company:

  • SanDisk’s senior vice president of corporate engineering, Jeff VerHeul, as senior vice president of Micron’s Non-Volatile Engineering
  • SanDisk’s chief strategy officer and Enterprise Solutions head, Sumit Sadana, as chief business officer.
  • SanDisk’s vice president of marketing for Enterprise Storage Solutions, Anand Jayapalan, was hired on August 21 to head Micron’s solid-state storage business and expand it in large market segments including the cloud, enterprise, and client computing, reporting to Sadana

At the time, the market was pretty happy about these hires. “Clearly, Mehrotra plans to align the product strategies of Micron’s four business segments—computing and networking, storage, mobile, and embedded—to market trends and customer demands,” wrote Paige Tanner in August for The Market Realist, in an article called “Do the Changes in Micron’s Management Suggest New Hope?”

But on September 29, the SEC filed its complaint. And it was a doozy.

You may recall Fusion-IO, which went public in 2011. SanDisk purchased Fusion-IO in 2014. And the SEC figured out that Jayapalan’s uncle Ananda Kumar Ananda, aunt Vijaya Ananda, and wife Rajni Nair appeared to be acting on insider information by purchasing large amounts of Fusion-IO stock soon after SanDisk had decided to buy Fusion-IO, and selling it soon after the sale was announced. (The SEC complaint has an entire page listing the various connections and relationships between the four people, as well as an entire page of times they were less than honest about their relationships and the stock trades.)

Now, it’s not like someone needed insider information to figure out that Fusion-IO was an acquisition target. Heck, I wrote as much as in July, 2013. But the timing was suspicious. Altogether, the family members purchased more than 78,000 shares of Fusion-IO using eight different accounts the weekend after Jayapalan was informed of the likely purchase, after never having bought the company’s stock before. This was all after 20 phone calls during the three-day weekend among the four people.

In fact, the uncle borrowed about a third of the more than $600,000 purchase price through margin loans. “Kumar made this large and substantially leveraged investment in Fusion stock at a time when his medical practice was in substantial decline, he owed nearly $100,000 in credit card debt, and after he had suffered what he described as a ‘drastic’ reduction in his personal income between 2012 and 2014, as his salary dropped by approximately one-third,” notes the SEC’s complaint. The SEC also noted that the aunt and uncle bought and sold Fusion-IO stock at the same time, which they had never done before, that the aunt had never made such big trades before, and that the uncle typically bought and held stock rather than selling it a short time afterwards.

After the SanDisk purchase of Fusion-IO was announced, the stock went up by 22 percent, and Jayapalan’s family members earned more than $200,000.

The SEC wants the four people to pay back all the money they made, as well as any interest they earned on it, plus civil penalties. The SEC didn’t say how much the penalties should be, but civil penalties can be up to three times the profit earned on insider trading.

Interestingly, the SEC doesn’t seem to want to charge them with criminal insider trading, which carries a sentence of up to 20 years and a fine of up to $5 million. Nonetheless, the complaint makes several references to how the defendants “knew or should have known” that what they were doing was wrong — the definition for “willful” that typically delineates the difference between civil and criminal insider trading.

No word on what’s happening with Jayapalan’s job, though one might expect he won’t necessarily get a great first-quarter review.


September 30, 2017  5:44 PM

Cobbling Together the Toshiba Memory Chip Sale

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Apple, Flash, samsung, toshiba, western digital

We’ve been waiting a while to find out about the Toshiba memory chip sale, it looks like it might finally be settled: A sale, sort of, with an eventual IPO.

Sort of?

“While it says that it sold its chip division, it didn’t really,” writes Tim Culpan for Bloomberg Gadfly. “It merely pawned it to Bain until it can afford to buy it back again.”

As you may recall, this all started this spring when Toshiba revealed it had lost a lot of money constructing, of all things, nuclear plants. At that time, the company said it intended to sell its memory chip division, hoping to raise at least $18 billion from it, and was also hoping to complete the sale by June. Which it obviously didn’t do. Without the sale, Toshiba faces delisting from the stock exchange due to its losses.

There’s a lot of moving parts to this deal:

  • Toshiba is investing 350.5 billion yen and in return gets 40.2 percent of the company.
  • SK Hynix (which used to be Hyundai Electronics) is investing 395 billion yen (around $3.5 billion) and in return will get less than 15 percent of the company.
  • Hoya is investing 27 billion yen — 1.4 percent of the money — and in return gets 9.9 percent of the company.
  • A partnership led by Bain Capital — appropriately called Pangea — is investing a total of 415.5 billion yen (around $3.7 billion) and in return gets 49.9 percent of the company. Those partners include:
  1. Apple, which is investing 165 billion yen (around $1.47 billion). Why does Apple care? Because Toshiba is the second-biggest manufacturer of the flash memory chips that its iPhone and iPad use. Why can’t it use the number-one manufacturer? Because that’s iPhone competitor Samsung.
  2. Dell, Seagate and Kingston, which are investing a total of 250 billion yen, with Seagate specifically saying it would invest up to $1.25 billion.
  3. Bain Capital, which itself is investing an additional 212 billion yen.

Why don’t the percentages of investment and equity match? Because, for example, SK Hynix is taking a smaller percentage of equity to avoid antitrust issues, Culpan writes. Another factor is that between Toshiba and Hoya, Japanese companies still retain a majority interest in the company – “a keen wish of the Japanese government,” Reuters writes. SK Hynix and the American companies will not have voting rights; their primary interest is access to the unit’s chips.

There were, in fact, so many moving parts that a press conference on the deal was cancelled because the participants hadn’t agreed on some of the details, according to Reuters.

In addition, Western Digital is continuing to throw a cog into the works. “A Western Digital subsidiary, SanDisk, shares ownership with Toshiba of a flash memory production operation in Japan,” explains Jonathan Soble in the New York Times. “Because of that, the American company contends that its approval is necessary for Toshiba to sell the chip unit. Western Digital – which in September had been rumored to have bought the Toshiba unit itself — said this week that it would seek an injunction against the deal.” In the meantime, Toshiba and SanDisk are undergoing arbitration to settle the multiple lawsuits they’re filing against each other, according to Toshiba.

That has also led to state-sponsored Innovation Network Corp. of Japan and Development Bank of Japan backing out of the consortium, write  Pavel Alpeyev and Yuki Furukawa for Bloomberg. In the meantime, what could happen is that the three joint ventures owned by Western Digital could be withdrawn from the sale, they write.

Assuming the whole thing works out – it is expected to close by March 31 — Culpan expects an IPO around 2020.


September 26, 2017  1:57 PM

Time to Get Baked: Baked Tapes, That is

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Storage, Tape

Okay, now it’s time to get baked. Baked tapes, that is. What did you think we were talking about?

The concept of baking tapes has been known for some time – there’s even a 1993 patent on it – but the subject came up again recently in the context of a series of British text-based adventure games from the 1980s, Magnetic Scrolls. Adherents were excited to find backup tapes from Magnetic Scrolls, which were thought to have been lost, and wanted to convert them to a form of magnetic media from this century so they could be revitalized.

“For over 30 years the only copy of the data lay on now obsolete TK50 tape cartridges,” writes Hugh Steers, a founding member and core developer of Magnetic Scrolls who has now founded Strandgames to bring them back, in a blog post describing this process. “You might think, a bit like I did (foolishly), that high quality backups such as these, on proper DEC backup tape media, made with an 1980s DEC MicroVax, would essentially be able to remain on the tape almost indefinitely, providing the tapes themselves are kept in good condition – like in a cupboard, drawer or even perhaps an attic. You would think then, the biggest problem is somehow locating someone with a compatible system and tape drive set up and working. If you can find that system, just pop in the tapes and read away – job done! No problem. Back in time for tea and biscuits!”

(I did say they were British.)

“Immediately we hit the problem,” Steers laments.”The tapes would not read. Turns out that old tape suffers the, so-called, Sticky Shed syndrome.”

“Sticky shed” doesn’t refer to an adhesive small building in the back yard, but to a phenomenon where tape components attract water and as a consequence become both “sticky,” which makes it hard for them to go through the tape heads, and “shed” the oxide in which the information is stored, meaning they lose data.

“The problem goes back to the 1970’s when most tape manufacturers made an ill-advised decision to change the formulation of the ‘binder’ used to glue the magnetic tape particles to the plastic base material,” explain Mike Rivers and Graham Newton in one of the canonical guides to tape baking. “Unknowingly, the new formulation attracted moisture, and eventually enough accumulated to make the tape go ‘sticky.’” Certain kinds of tape are more susceptible to the problem than others.

“Do you remember old music cassettes?” Steers writes. “Remember those times when, all of a sudden the music goes a bit weird and muffled, followed by a disconcerting tape chewing sound. You open the tape compartment to find a massive ball of tangled tape knotted up and totally ruined! Well, imagine the same thing, but with your only data backup, Uh-oh!”

The solution to this problem is to remove the water from the tape medium. Hence, baked tapes.

“The purpose of ‘baking’ is to drive out all the moisture that the tape binder has accumulated, which is what caused it to go sticky in the first place,” Rivers and Newton write. “This will give a few weeks to a few months of ‘normal’ tape functioning… enough time to transfer the affected recordings to a stable medium before the problem reappears when more moisture is absorbed.”

The exact methodology for baking tapes is pretty mystical. The temperature needs to be 130 degrees Farenheit (plus or minus 5-10 degrees), which means a typical oven won’t work because they can’t go too low. Other devices people have used to bake tapes include:

It should go without saying, don’t use a microwave, especially if the tapes are on a metal spool. If the tape is on a plastic spool, it should probably be rewound on a spool of a different material before baking. Experts also say not to use a gas oven. “Gas produces water vapor when it burns, and that is what you are trying to drive out of the tape,” Rivers and Newton write. And while we’re doing disclaimers, this apparently doesn’t work on acetate tapes, but sticky shed typically doesn’t happen with acetate tapes.

How long to bake the tapes also varies, ranging from 2 to 8 hours. Needless to say, all of this is dependent on the specific tapes in question: How much water they have, how much they’ve already deteriorated, how much moisture is in the air, and so on. Hence the mysticism.

(There is also a huge amount of arcane detail on how best to treat the tapes before, during, and after baking.)

The final question remains: How long is a baked tape good for? And that also varies. Some say it’s only good for one read after that, so be sure to read it immediately into a new device. Others say the tape could be good for some time. Certainly, immediately transferring it to another medium seems like the wisest course of action.

Finally, I haven’t done this myself (though I know people who have), and I can’t make any promises or commitments about how well this could work or what damage you could do to your tapes by doing so. No warranty expressed or implied, etc.

The happy ending in this particular case is that, between baking the tapes and finding a way to clean the heads simultaneously while reading them, the sticky shed Magnetic Scrolls tapes have now been read into a new medium and can now be rebuilt, Steers writes.


September 19, 2017  11:33 AM

Forget Your Password, Go to Jail

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Encryption, privacy, Security

Remember the guy who got put in jail for contempt for forgetting his hard disk drive encryption passwords? He’s still in there, and doesn’t have any prospects for getting out anytime soon.

Francis Rawls, a former sergeant in the 16th district of the Philadelphia Police Department, was accused of having child pornography on two encrypted Macintosh hard drives, which were seized in March, 2015. He was ordered by a judge in August, 2015, to provide the passcode to decrypt the drives, but he claims to not remember it. He was put in jail for contempt of court. Prosecutors claim Rawls is “forgetting” his password on purpose to keep from being charged with possessing child pornography, which could put him in prison for 20 years.

Earlier this year, Rawls appealed the ruling, and it was denied. More recently, he attempted to be let out of prison by claiming that there was an 18-month limit on how long someone could be jailed for contempt of court. In addition, in the meantime, he hopes that the case will eventually go to the Supreme Court.

Prosecutors said, though, that his claims weren’t valid because the precedent he was citing had to do with someone who was a witness, and Rawls wasn’t a witness. In fact, prosecutors have defined the case very narrowly in a way that doesn’t give him a lot of protection. “After the government had seized the contemnor’s computers and was unable to decrypt several of the hard drives, it filed a motion with Judge Rueter under the All Writs Act, 28 U.S.C. § 1651, for an order directing Rawls to produce a decrypted copy of the hard drives,” notes a recent briefing. “The procedural posture is significant. The government did not proceed before the grand jury. It did not subpoena him as a witness.”

As you may recall, the whole legal issue of whether people can be compelled to give up their passwords is still being fought in the courts. Courts have been deciding back and forth on the issue for several years now, with some ruling that a phone password is more like the combination to a safe than a physical object such as a key. It matters because something that is the expression of one’s mind, like the combination to a safe, is protected under your Fifth Amendment rights not to incriminate yourself. A physical key, something you possess, is something you can be forced to produce.

In this particular case, prosecutors are claiming that the Fifth Amendment doesn’t apply because it is a “foregone conclusion” that the hard disk drives contain child pornography. That’s because, even though they can’t read the files, they know what the encryption scheme hashes them to. And the hashes of those files apparently are equivalent to the hashes of other common child pornography files.

The appeals court earlier this year also found that the Fifth Amendment doesn’t apply because Rawls didn’t use that defense in the first place, when he showed up to decrypt the hard disk drives and then said he couldn’t remember the passwords. “[B]y failing to appeal the original All Writs Act order or to raise the Fifth Amendment as a defense to the contempt proceeding, he had procedurally defaulted on his Fifth Amendment challenge,” prosecutors write.

Not to mention, prosecutors – who made a point of defining the term “chutzpah” in their briefing and applying it to Rawls – set a new definition for “disingenuous” themselves, by saying it wouldn’t really be “testifying” against himself, because they weren’t really asking for Rawls’ passwords. They were just asking him to type them in. “The government deliberately chose not to call Rawls as a ‘witness’ to minimize Fifth Amendment issues,” prosecutors write. Those Fifth Amendment “issues” being his ability to use it to protect himself. “Thus, the government did not seek to compel him to produce his password. Rather, it sought to compel him to perform a physical act.” That “physical act” being typing in his passwords.

Right. I’m not robbing you, because I’m not asking for your money. I’m just asking you to take it out of your wallet and put it on the table, which happens to be within my reach.

(Though I do have to thank prosecutors for teaching me a new word: “contumacious” – stubbornly or willfully disobedient to authority.)

Prosecutors also implied that 18 months for contempt was nothing, citing other cases where people had been jailed for five years and seven years for contempt. And because Rawl has already lost in appeals court, they are not sanguine that the case will ever make it to the Supreme Court, they add.

Earlier this month, Judge Cynthia Rufe agreed with prosecutors, citing the finding of the previous appeal as the reason. “The ruling of the Court of Appeals compels the conclusion that Mr. Rawls is not a witness to a proceeding as contemplated by § 1826, and that the 18-month limitation therefore does not apply to this matter,” she writes. “This matter exists before the Court solely because Mr. Rawls has prevented the search warrant from being fully executed.”

Consequently, Rawls stays in jail, though prosecutors said they should check in on him now and then to see if, after two years of largely solitary confinement, he suddenly remembers his passwords. “Theoretically, he could be held in jail for contempt forever … until he’s dead,” Dan Terzian, a lawyer from Duane Morris, tells Olivia Solon in The Guardian.

The moral of the story? Don’t forget your password. You could go to jail.


September 13, 2017  3:44 PM

Data Centers Weather Harvey, Irma

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Data Center, Disaster Recovery

Hurricanes in the Southeast in September aren’t a surprise, or shouldn’t be. That said, having two hit the region within a matter of a few days, as well as having another potential one waiting in the wings, tested the mettle of operators. But all told, damage to data centers appeared minimal thus far.

Some data center regions have been hit pretty seriously by hurricanes, most notably Hurricane Sandy in 2012. Hitting New York City, the home of many high-tech firms, the storm took out many data centers that were below ground level. Power failures resulted in bucket brigades of diesel fuel being taken up stairs to the data centers on higher ground. And even thunderstorms have taken out cloud data centers such as Amazon Web Services in Virginia in 2012.

But Harvey and Irma don’t appear to have done massive damage to data centers thus far. Four major Internet providers in Houston stayed up, though the data centers themselves were inaccessible due to flooding, reports Yevgeniy Sverdlik in Data Center Knowledge. The biggest problem was due to fears that they would run out of diesel fuel, he reports, though at least during the thick of the storm they hadn’t even lost utility power. Other sources also indicated that Houston data centers were by and large unaffected.

Some staff stayed in Houston data centers for days. “The facilities had showers and were stocked with food, cots, video games, and books,” Sverdlik writes in a different Data Center Knowledge piece. “Stocking up on sleeping cots and supplies is a customary part of data center operators’ emergency preparedness plans.” In previous disasters, data centers have warned that the most critical resource is people and making sure that they’re safe, and a number of data centers had to put up some of their people when their homes were uninhabitable, he writes.

For Irma, Miami was particularly critical because it serves as a hub linking the U.S. with Latin America, Sverdlik writes in another Data Center Knowledge piece. However, most of the networks using that facility had alternate paths, he added. The building, like many Florida data centers, was rated for Category V winds and was 32 feet over sea level. While reports are still coming in, Florida data centers appeared to also pretty much stay up, though some were on backup power and generators for a time.

Either way, Verizon declared a “Force Majeure event” – essentially, an Act of God —  for Hurricanes Harvey and Irma that let it off the hook any delay or inability by Verizon or its vendors to provide services.

Even for companies that aren’t located in regions affected by hurricanes, these events were a useful wake-up call to update disaster recovery plans. In addition, the fortuitously timed DCD>Colo+Cloud conference, in Dallas on September 26, is planning to expand its coverage of disaster recovery and resiliency topics.

Incidentally, in a bravo-for-little-ironies department, Nirvanix — the company that was notorious for sending out press releases during a natural disaster encouraging everyone to use its products — went out of business in 2013.


August 31, 2017  10:55 PM

How to Destroy a Hard Drive? Ask Terry Pratchett

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Hard disk, hard drive, Storage

If you really want to make sure that nobody’s going to be able to read your data, the late author Terry Pratchett just showed you how it’s done: Per his instructions, his executor just ran over his hard disk drives with a steamroller.

“Pratchett’s hard drive was crushed by a vintage John Fowler & Co steamroller named Lord Jericho at the Great Dorset Steam Fair, ahead of the opening of a new exhibition about the author’s life and work,” reports The Guardian.

Pratchett, who died in March, 2015, at 66 from Alzheimer’s disease, reportedly told author Neil Gaiman of his wish, who revealed it in an August 2015 interview with the Times of London. “The fantasy author Terry Pratchett wanted his unfinished work to be run over with a steamroller, according to his close friend, the writer Neil Gaiman,” the paper reported at the time. “Gaiman, the award-winning author of The Sandman and Coraline, reveals that Pratchett, his confidant of 30 years, told him that he wanted ‘whatever he was working on at the time of his death to be taken out along with his computers, to be put in the middle of a road and for a steamroller to steamroll over them all.’”

Rob Wilkins, who carried out the instructions in the will, manages the Pratchett estate, and tweeted from an official Twitter account that he was “about to fulfill my obligation to Terry” along with a picture of an intact computer hard drive – following up with a tweet that showed the hard drive in pieces, the Guardian reports. The pieces will also become part of the exhibit.

Richard Henry, an official at The Salisbury Museum, where the exhibition will be held, told NPR that the task actually wasn’t easy. “It’s surprisingly difficult to find somebody to run over a hard drive with a steamroller. I think a few people thought we were kidding when I first started putting out feelers to see if it was possible or not.”

Even the steamroller didn’t destroy the hard disk drive, Henry continued. “The steamroller totally annihilated the stone blocks underneath but the hard drive survived better than expected so we put it in a stone crusher afterwards which I think probably finally did it in,” he told the BBC.

Why not just erase the hard disk drive, which reportedly had ten unfinished works on it? Because as any number of criminals have found out to their sorrow, “deleting” a file doesn’t really delete it — just the pointer to the file gets deleted. Much of the data in the file is still on the hard disk drive and can be scraped off by a diligent forensic analyst. Even deleting the file multiple times, rewriting the disk, and so on might not fully eliminate the data.

This is not to say that there weren’t plenty of people who were sad that Wilkins had been so thorough. (Including Gaiman, who said in the August 2015 interview that he was “ridiculously glad” the destruction had not yet happened.) In his lifetime, Pratchett wrote more than 70 books, selling more than 85 million copies worldwide, and no doubt many of his eager fans would have loved to see even an incomplete work.

But the author did not want his unpublished works to be completed by someone else and released, Henry told the BBC. In fact, Wilkins told the BBC in 2015 that what Pratchett really wanted was to have a device connected to his heartbeat so when his heart stopped it would wipe the contents of his hard drive.

Assuming, of course, that the hard disk drive that was crushed was actually the one that Pratchett had used. After all, he had Alzheimer’s; maybe he didn’t know what he was asking for? Maybe someone made a copy of it in the two years after Pratchett died. (Why it took two years before it was destroyed, no one has said.) We can always still hope. “It’s not impossible that some further fragment might surface in years to come, and this will all turn out to have been an elaborate joke on Pratchett’s part,” writes Stephanie Merritt in the Guardian. “I wouldn’t put it past him.”

“Mr. Pratchett is hardly the first author to request that his unpublished work be destroyed or hidden from public view,” reports Sophie Haigney in the New York Times. “Franz Kafka wanted his diaries, manuscripts and letters burned. Eugene O’Neill wanted the publication and performance of ‘Long Day’s Journey Into Night’ to be delayed until 25 years after his death. Vladimir Nabokov left instructions that fragments of a manuscript be destroyed. In all of these cases, though, the requests were ignored, and the unpublished work came to light.” Edward Albee has left a similar request but it isn’t clear whether it will be honored, she adds.

If you don’t happen to have a steamroller handy, other methods for ensuring the destruction of a hard disk drive include a sledgehammer, a .45, or taking it apart and destroying the disks inside.


August 29, 2017  12:41 PM

Nerd Out on Backblaze Hard Drive Statistics

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Backblaze, hard drive, Storage

Periodically, I like to pass on what Backblaze is reporting about the hard drives that make up its cloud backup service. This is for two reasons. First, Backblaze uses a truly massive number of hard drives, and so they come up with a lot of statistically significant results. Second, the company is absolutely nerdy about big data and hard drive statistics, and does quarterly and annual reports on its experiences that are a great example of how a company could do this sort of report about any hardware it happened to have.

Backblaze just came out with its second quarter report, but because I haven’t written about its individual hard drive statistics for more than a year, I’ll also catch you up on the last couple of quarters as well.

The company is now up to 83,151 hard drives altogether. In the first quarter, it added more than 10,000 hard drives in total, and in the second quarter, it added 635 new hard drives in total – some due to failure but many of them due to migrating to larger, higher density (as well as newer) hard drives. For example, Backblaze has been migrating its 3 TB hard drives to 8 TB  — which, the company said, more than doubles its storage capacity in the same footprint while only increasing its electrical use a little bit.

In addition to upgrading the hard drives themselves, Backblaze is also creating much larger collections of hard drives. Instead of using its “pods” of 45 hard drives, the company has been using “vaults” made up of up to 20 even bigger “pods,” each of which hold up to 60 hard drives. With the increased size of hard drives it’s now using, each “vault” can now store up to 14.4 petabytes of data.

Another interesting thing that Backblaze has been doing lately is testing enterprise-grade hard drives. As you may recall, the company became well known for building its storage system with commodity consumer hard drives rather than the monolithic gigantic storage devices made by companies such as EMC. That was cheaper, especially when it became time to upgrade, and was more granular. But the company has been criticized over the years for using consumer hard drives rather than enterprise hard drives, which some people (including the vendors whose hard drives weren’t very reliable in the Backblaze setup) said would be better suited for the way Backblaze used its drives.

So Backblaze has been testing enterprise hard drives, and surprisingly found that they were actually more prone to failure than consumer ones, as well as generally being more expensive. On the other hand, the company apparently found a batch of Seagate 8 TB enterprise hard drives on sale, and at that price they were worth getting, so the company is using some of them. While they are still showing a slightly higher failure rate, the company cautions us not to jump to conclusions, indicating that it might simply be burn-in failures because of how new they are (which the company calls the “bathtub curve”).

“The enterprise drives have 363,282 drives hours and an annualized failure rate of 1.61%,” writes Andy Klein, director of product marketing for Backblaze. “If we look back at our data, we find that as of Q3 2016, the 8 TB consumer drives had 422,263 drive hours with an annualized failure rate of 1.60%. That means that when both drive models had a similar number of drive hours, they had nearly the same annualized failure rate.”

In other developments, it may surprise you, but Backblaze doesn’t always leap to a new, more dense hard drive model as soon as it comes out; since it’s using a commodity model, it waits until the cost per megabyte for the more dense models is equivalent to that of the less dense models it’s already using, and then tests them. Consequently, the company is just now starting to test 12 TB hard drives. “In the next week or so, we’ll be installing 12 TB hard drives in a Backblaze Vault,” Klein writes. “Each 60-drive Storage Pod in the Vault would have 720 TB of storage available and a 20-pod Backblaze Vault would have 14.4 petabytes of raw storage.”

As it is, Backblaze spends 23 percent of its revenue on hardware, 90 percent of which is devoted to pods and vaults. The rest of the 47 percent of revenue devoted to costs includes space for the hard drives, electricity to run them and keep them cool, personnel to keep them happy and functioning, bandwidth to transfer data, and so on. The company’s remaining 53 percent of revenue is devoted to the operational expenses of keeping it running, such as developing new features, marketing, sales, office rent, and other administrative costs.

As always, the company releases an Excel spreadsheet with its data, as well as the entire datasets themselves, so you can geek out on hard drive data to your heart’s content.

Disclaimer: I am a Backblaze customer.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: