Yottabytes: Storage and Disaster Recovery

February 28, 2015  2:25 PM

Yes, People Still Use Zip Drives

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
IOMEGA, Storage, Zip

Believe it or not, some organizations are still using Zip drives.

In case you don’t remember, or are too young to remember, Zip drives were developed by Iomega in 1994. They were a similar size to floppy disks – thicker – but held considerably more data; they started at 100 MB and eventually went up to 750 MB. Another interesting distinction about them is that they could be used for either PCs or Apple computers.

“A little over 20 years ago, however, when Iomega introduced the original 100MB Zip disk, that was staggeringly huge for a removable disk,” writes Christopher Phin in Macworld. “The wildly more common 3.5-inch floppies held 1.4MB. For context, the entry-level PowerBook 150, introduced in the same year, had a 120MB hard disk, and the base configurations of even 1994’s server Macs came with hard disks that were only five times the capacity of the Zip disk.”

Kids these days don’t remember how expensive storage used to be. “Today, when the most popular USB flash drive on Amazon is a $15 SanDisk Cruzer that stores 320 times the original 100MB Zip disk, we have a pretty blasé attitude to storage, but in the ’90s, you carefully counted the kilobytes when saving a JPEG out from Photoshop, because the literal cost of storage was so high,” Phin writes. He notes, for example, that the pile of Zip disks it would take to store the data on his 5.42 TB hard drive would be higher than the Eiffel Tower.

They were also known for a reliability problem known as the Click of Death. “Without any warning a Click Of Death drive begins emitting a series of audible and distinctive clicking sounds, either when a cartridge is first inserted or when attempting to read or write data to or from a previously inserted cartridge,” writes Steve Gibson, who has an entire FAQ devoted to the problem. “The word ‘Death’ appears in the names for this problem since that’s exactly what occurs in real life: Minutes, hours, or days after the clicking is first heard, the drive — and usually one or more of the user’s cartridges — suddenly dies without warning. And since people tend to rely heavily upon their Zip and Jaz cartridges for the storage of their important data, this typically results in spontaneous, catastrophic, irreversible, loss of all their data.”

On the other hand, Phin still used them for some time after they were superseded by technology. “Even once hard disks became so big in relation to the capacity of the original hundred-meg Zip disk, I still used them to store specific projects,” he writes. “There was and is something satisfying about compartmentalizing jobs, and there’s something far more conceptually agreeable about taking a case down from a shelf, slotting a disk into a drive and so being prompted mentally to change gears into a particular work mode than there is about just double-clicking a folder on a multi-terabyte external RAID or NAS.”

And even though they haven’t been made in more than ten years, they’re still in use – and not just for communicating with other outdated systems. In Ada County, Idaho, which contains the capital city of Boise, Zip disks are still used as part of the election system.

At times, this can be a challenge.

“The disks had a high failure rate, are no longer made and are hard to find,” writes Cynthia Sewell in the Idaho Statesman. ”When the county heard the Boise School District was jettisoning its Zip disks, the county snatched them up. It also scours eBay and Craigslist for Zip drives.”

That said, people still feel nostalgic about Zip drives. “Nowadays, I can stuff a 32GB USB thumb drive in my pocket, making the bulky 100MB Zip disks seem even more antiquated,” writes Eric Bangeman in Ars Technica. “But for a few short years, the Zip Drive hit a sweet spot in the market, which is why I still have fond memories of it.”

February 24, 2015  12:40 AM

Google’s Dropcam acquisition is creeping people out

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
privacy, Security, Storage, Surveillance

If you’re worried about people spying on you, you might want to think about the sorts of surveillance you’re conducting on yourself.

In 2009, a company called Dropcam formed to sell surveillance cameras to people. But like razors and razor blades – and like the police body cams we wrote about earlier this month – the company was also in the business of selling cloud storage to the people who bought the cameras, so they could look up the footage the cameras recorded. Reportedly, 40 percent of Dropcam customers did this.

Last year, Dropcam was purchased by Nest, reportedly for $555 million. By this point, Nest itself had been bought by Google, for $3.2 billion. Since then, the companies have undergone some reorganization; former Dropcam CEO Greg Duffy left last month, and other reorganizations may follow.

In other developments, the company has said that some of its older models of camera will stop working in April, but is offering free updated versions to those users. While this might seem generous, recall how many people were paying for storage for their archived data, and keep in mind that only a few months’ worth of data storage would pay for a new camera.

Some people had always been a little weirded out about Dropcam. “Watching a room in your house 24/7?” wrote Liz Ganne in Re/Code2012. “Why would normal people want to do that?” The people who bought the cameras typically did it to watch over their houses, their babies, or their pets, she continued. Other people use them to keep track of what’s going on in their neighborhoods.

But as time goes on, some people are getting more interested in the sort of data that Dropcams collect. Police, for example. In several cases, law enforcement people have reportedly come to Dropcam with search warrants to gain access to stored data.

People have also found Dropcams in other places, such as in Airbnb rooms they’re renting – purportedly for security. And the law on monitoring people in your own home is not entirely settled. “You’re allowed to record yourself in your own home, of course,” writes Kashmir Hill in Fusion. “But when others share your space, the legal issues get murkier.”

But it’s the Google acquisition that is making some people nervous. “The reality of the situation, however, is that Google now has a way to look inside your home,” writes Simon Sharwood for Register UK. Not that that’s necessarily a bad thing, he hastens to add. “There’s plenty to like about that: a camera that can detect a very bright day and and talk to home automation kit that moves powered louvres to block out extra light and cool a house to remove the need for air conditioning is a fine application. Other applications may be more … ahem … chilling.”

Sometimes, people even end up accidentally spying on themselves. “You still get periodic emails when the camera senses activity and it’ll send a medium sized low-res picture several times a day embedded in the message,” explains Dropcam user Matt Haughey. “I never thought much of this until I opened an email to see a photo of me completely naked walking by the camera, on my way to grab from a pile of recently folded clean clothes after I took a shower.”

Oops. (And yes, he included a copy of the picture – with strategically placed black bars – to back up his account.)

So that’s why the fact that Google now owns that data is concerning some people. “I realized that image is on Dropcam’s system,” Haughey continues. “And Google bought Dropcam so my photo is somewhere in Google’s cloud. There’s a web-accessible photo of my naked ass (with no black bar added above) somewhere and I have no idea where it is or how easy it is for anyone to find. Wonderful.”

February 16, 2015  10:36 PM

Body Camera Storage Could Cost Police Millions

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
privacy, Security, Storage

A flurry of incidents involving police and suspects, and even innocent bystanders, is causing many police departments to implement body cameras to help collect records of the incidents – or, hopefully, forestall them. But police departments that have implemented the body cameras are finding out that the cameras themselves are just the half of it. The data they collect has a lot of cost and issues of its own.

“The storage expenses — running into millions of dollars in some cities — often get overlooked in the debates over using cameras as a way to hold officers accountable and to improve community relations,” write Brian Bakst and Ryan J. Foley for the AP. Some police departments are having to choose between hiring officers and storing the data, they continue.

  • Baltimore officials estimated costs up to $2.6 million a year for storage and the extra staff needed to manage body camera data
  • Duluth’s 110 officer-worn cameras generate 8,000 to 10,000 videos per month that are kept for at least 30 days
  • Wichita estimates that its program will cost $6.4 million over the next ten years
  • Berkeley expects to spend $45,000 a year to store and manage data, and that the time required for officers to manage the cameras is the equivalent of five full-time officers, for a total of almost $1 million
  • San Diego would pay $267,000 for five years, but $3.6 million for storage contracts, software licenses, maintenance, warranties and related equipment
  • Des Moines is looking for $300,000 to start a program
  • Las Vegas estimates that data storage could cost $1 million per month
  • Muskogee, Okla., paid  $278,000 for cameras for 70 officers, as well as storage space for five years – which was most of the cost

In fact, like razors and razor blades, some companies are reportedly giving police departments the cameras for free or at a discount in return for contracts to store the data, which could amount to $20 to $100 per officer per month, the AP writes. Duluth, for example paid $5000 for its cameras but is paying $78,000 for data storage.

In addition to the cost of storage are all the security and privacy complications involved any time you have a lot of stored data. Who’s allowed to look at it? Who’s allowed to copy it? How do you keep people from hacking into it? How long are you supposed to retain it? What about the feelings of the families of the people shown in the films? What are the civil liberties issues associated with it? “Departments are being swamped with public records requests from watchdog groups,” reports ABC News. And police departments don’t always have the IT expertise to deal with these questions.

“Imagine a hacker who edits the data to change the identity of an assailant or leaks the footage of a victim immediately following a violent crime,” writes the Christian Science Monitor. “The concern is not speculative – at least one white hat hacker has shown he can break into a police video system and criminals have demonstrated the ability to penetrate police department networks.”

Just managing the data is a hassle. In Pittsburgh, for example, footage of a homicide scene is required to remain in the system forever, while traffic stops are automatically deleted after one year. But only a supervisor can manually delete footage — after the police chief and the lieutenant sign off on a memo, writes Action News. The city also hasn’t determined whether it has the bandwidth to send the camera data to the cloud.

Hastings, Minn., found that body camera data would be considered a public record, and was concerned about the privacy of crime victims, as well as records of innocent people. “I don’t want to have a bunch of pictures of Hastings residents doing nothing wrong sitting in our files,” Mayor Paul Hicks told the Hastings Star Gazette.

In response, the Minnesota state legislature is considering a bill to limit access to the data to law enforcement personnel and people actually in the video – though how you’re supposed to know if you’re in the video without looking at it, I don’t know. Organizations such as the ACLU are also concerned that such laws would defeat the purpose of having the body cameras in the first place.

February 10, 2015  5:35 PM

Jeb Bush’s Partial Email Dump Answers Some of Our Questions

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Email, privacy, Security

As you may recall, former First Brother and potential GOP Presidential candidate Jeb Bush announced in December that he intended to release “all,” for some definition of “all,” the email messages from when he served as Governor of Florida from 1999-2007. And when this was announced, I came up with some questions about this email dump, wondering about some of the details – and the pitfalls.

Well, Governor Bush has now released his email. (Ironically, this is all happening against the backdrop of the revelation that the Bush political action committee’s newly hired CTO, Ethan Czahor, spent the weekend scrubbing his Twitter feed of some of his youthful indiscretions, like his belief that women were sluts and gay men were looking at him.) So we now have answers to some of the questions.

  1. “Will he really release all of the email?” Not even close, reports the Associated Press.They account for a sliver of the Bush archive, and don’t include emails sent to and from his official government email address, as well as other records such as office notes and calendars.” The email messages had already been obtained, analyzed and published by media outlets, including CNN, and Democratic opposition research group American Bridge, noted CNN.  Which makes sense. As we said in December, for someone who claims to have a 30-hour a week email habit, 250,000 or even 300,000 email messages for eight years doesn’t sound like much. I’ve had my Gmail account since April, 2004, and I have 336,404 messages in my inbox – and I’m not a Governor.
  2. “Did he ever use any unofficial or personal email address?” So far, the email messages appear to be to and from jeb@jeb.org. Was that really the official Florida gubernatorial email address?Millions of emails came in through our website, but it was when I made my personal email – jeb@jeb.org – public that I earned the nickname ‘The eGovernor,’” Bush writes in his ebook. Current Gov. Rick Scott has a form on his website you fill out to send him email – though he also notesUnder Florida law, all correspondence sent to the Governor’s Office, which is not exempt or confidential pursuant to Chapter 119 of the Florida Statutes, is a public record. All public record electronic mail sent through this website will be posted to Project Sunburst athttp://www.flgov.com/sunburst, and will be accessible to the public.”
  3. “What format will it be in?” There’s two ways to get the email: You can search by day with the website (between January 4, 1999 to January 3, 2007, though there is in fact no email after December 31), or you can download half dozen Outlook .pst files. Which, incidentally, have been compressed using .rar format, which is more advanced but more arcane than .zip files, so people will need to figure out how to unpack it first. Certainly setting it up that way makes it more challenging to find any good stuff in it; you can’t search by subject, and you have to know how to download the .pst files and set them up in Outlook to be able to search through them – not to mention the difficulty in juggling a half dozen of them. So it’s certainly not set up to make it easy for people to search for things.
  4. “Will it be full-text searchable?” It’s straight text. It shows you a screen of about 20 email subject lines, you click on one, and then you get a single email message per screen. You can click to the next one, or the previous one, without having to go back through the calendar. You can cut and paste it. But there’s no provision for searching for text that I found.
  5. “So, where is this email now?” Not clear.
  6. “How is it that the Governor has it in the first place?” It’s a public record. That means he can publish it? Is he paying for it? Can anyone else publish it, perhaps in a more usable interface? Hmm. Interesting questions.
  7. “Is personal information going to be redacted?” Apparently not. <facepalm> The stuff’s only been out a few hours and reporters have already found personally identifiable information (PII) such as names, addresses, and even Social Security numbers in clear text. “Bush not only published every email, he published every email address—and many personal names, physical addresses and personal phone numbers, that people include in their email footers,” writes Newsweek. “The archive contains thousands upon thousands of personal identifying details about Floridians.” Fortunately, Florida just updated its data breach legislation last year; we are sure that the Governor will rapidly be informing the state of his breach, as required by the new law. But hurry, identity thieves; having the problem called to their attention, the Bush campaign is apparently going to remove it somehow – though, a spokeswoman noted, it’s still available under public records laws.
  8. Is the metadata going to be in there?” In the database, there’s the from email address, the to email address (including those of all the cc:ed people), the date, and the subject. The email messages quoted in his ebook don’t have email addresses. It’s certainly tempting to email people like Army Sgt. Travis van Buren, who emailed Governor Bush on December 31 to tell himIf you ever do decide to run for President, you’ve got my vote, hands down!” to see if he still feels the same way. Incidentally, the email doesn’t seem to include attachments; at least, there was no sign of Ed Moore’s dissertion questions, which he said on December 31 that he was sending.

There’s certainly a small army of people who have divided the messages up between them and are looking up anything good, at least if there’s anything that hasn’t already been revealed before. So the challenging aspects of searching this email trove will probably be dealt with through crowdsourcing. But since it’s already clear that it doesn’t really include everything, its “proof” of Bush’s transparency is, to put it kindly, limited.

January 31, 2015  4:50 PM

Here’s a Backup Job: the Entire Internet

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Think your backup job is tough? How about backing up the entire Internet?

That’s the role fulfilled by the Internet Archive, which is suddenly getting a lot of attention these days, with major articles in publications such as the New Yorker and Medium.

You may wonder, what’s the point of archiving the Internet? Do we really need to save all those memes and cat pictures? But the Internet is more than that, insist preservationists.

Jill Lepore leads off her New Yorker article by noting that the Internet Archive’s web preservation service, known as the Wayback Machine, was the only remaining source of evidence that Ukraine separatists had posted that they had shot down Malaysia Airlines Flight 17 on a Russian social media site – a site that the Internet Archive had begun saving just two weeks before.  “On July 17th, at 3:22 P.M. G.M.T., the Wayback Machine saved a screenshot of Strelkov’s VKontakte post about downing a plane,” she writes. “Two hours and twenty-two minutes later, Arthur Bright, the Europe editor of the Christian Science Monitor, tweeted a picture of the screenshot, along with the message ‘Grab of Donetsk militant Strelkov’s claim of downing what appears to have been MH17.’ By then, Strelkov’s VKontakte page had already been edited: the claim about shooting down a plane was deleted. The only real evidence of the original claim lies in the Wayback Machine.”

In addition to web pages, the Internet Archive – which, incidentally, is hosted in a former Christian Science church because it looked like the organization’s logo — also hosts books, videos, “ephemeral” films such as advertising, audio recordings, concert recordings, audio books, television news broadcasts, and historical software (including Oregon Trail and Leisure Suit Larry in the Land of the Lounge Lizards), writes Andy Baio in Medium. Altogether, it includes 500,000 pieces of software, more than 2 million books, 3 million hours of TV, and 430 billion web pages, writes Justin Ellis. “In a single day, they digitize more than 1,000 books. They capture TV 24 hours a day. In a week, they save more than 1 billion URLs.”

So how do pages get saved into the Wayback Machine? There’s three ways, Lepore writes:

  • There’s a crawler that attempts to make a copy of every Web page it can find every two months or so, though she points out that the New Yorker’s home page gets saved about six times a day
  • Librarians choose certain pages to be archived in certain subject areas, through a service called Archive It, at archive-it.org, which also lets individuals and institutions build their own archives
  • Anyone who wants to can preserve a Web page, at any time, by going to archive.org/web, typing in a URL, and clicking “Save Page Now,” which is how five of the twelve screenshots of the Malaysian Airlines post were made

At this point, the Wayback Machine has archived more than 430 billion Web pages, comprising 20 petabytes of storage – which is double its 2012 figure, Lepore writes. 600,000 people use it every day, conducting 2,000 searches a second, she adds.

That said, it’s not difficult to keep the Wayback Machine from trawling a site; all it takes is a single text file, Lepore writes – which has the effect of deleting all the archives as well. “Blocking a Web crawler requires adding only a simple text file, ‘robots.txt,’ to the root of a Web site,” she writes. “The Wayback Machine will honor that file and not crawl that site, and it will also, when it comes across a robots.txt, remove all past versions of that site. When the Conservative Party in Britain deleted ten years’ worth of speeches from its Web site, it also added a robots.txt, which meant that, the next time the Wayback Machine tried to crawl the site, all its captures of those speeches went away, too.”

The biggest problem with the Internet Archive is that it’s so big it’s really difficult to search, Lepore writes, because it lacks the tools. “You can do something more like keyword searching in smaller subject collections, but nothing like Google searching (there is no relevance ranking, for instance), because the tools for doing anything meaningful with Web archives are years behind the tools for creating those archives,” she writes. “Doing research in a paper archive is to doing research in a Web archive as going to a fish market is to being thrown in the middle of an ocean; the only thing they have in common is that both involve fish.”

To this end, the Internet Archive was recently one of 22 organizations to share in $3 million of grants from is the Knight Foundation through the Knight News Challenge, towards projects that provide new tools and ideas for making libraries more accessible. “The Internet Archive will get $600,000 to develop new technology to give users more control over how materials are uploaded, categorized, and curated in the archive,” Ellis writes. “What they plan to do with the funding from Knight is create a simpler upload system that works across any browser, a contributor management system that lets one or many people work on collections, expanded search functions, and improved tools for organizing what material can be added to certain collections.”

Including cat pictures, one presumes.

January 29, 2015  5:06 PM

Law and Order: HP-Autonomy Unit

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Not with a bang, but with a whimper. After HP’s monstrous $10 billion acquisition of Autonomy in 2011, for which nearly everyone agreed it overpaid, it took an $8 billion writedown on the deal, a whole bunch of people threw lawyers at each other, and some of those proceedings are still dragging on.

First, there was the lawsuit of HP stockholders suing HP. Turns out that some HP shareholders took exception to the whole sorry incident and sued, claiming current and former H-P executives and directors, including CEO Meg Whitman, failed to heed warning signs about problems with Autonomy’s business, writes the Wall Street Journal.

Because that’s the way these things are done, HP is attempting to settle, but keeps being shot down by the courts, because its proposed settlements have been too nice to HP. District Judge Charles Breyer said in December that “the proposed settlement improperly protected the H-P directors, officials and professional firms from a wide swath of potential future shareholder litigation, including some suits that might not be related to the Autonomy deal,” writes the Journal.

This is after a similar decision in August, where Judge Breyer criticized an earlier version of the settlement because of the proposed fees for the shareholders’ lawyers, and a different list of protections from future lawsuits against the H-P officials and others, the Journal continues.

Hoping that the third time’s the charm, HP filed a third settlement attempt last week. If you’re just dying to look it up for yourself, it’s In Re Hewlett-Packard Co. Shareholder Derivative Litigation, 12-cv-06003, U.S. District Court, Northern District of California (San Francisco), according to Bloomberg. Reportedly, it protects the company officers – including those of both of the new companies, too – only from future lawsuits that have to do with Autonomy.

Second, there was the matter of HP suing Autonomy, which was complicated by the fact that HP is based in the U.S. and Autonomy was based in U.K. Earlier this month, the U.K.’s Serious Fraud Office (no word on whether there’s an Insignificant Fraud Office to go with) ruled that it had closed its investigation, which it began in early 2013 following a referral from HP. “The SFO has concluded that, on the information available to it, there is insufficient evidence for a realistic prospect of conviction,” the organization reports.

Naturally, there’s still an ongoing investigation on the U.S side, the SFO reports. The U.K. Financial Reporting Council is also still investigating, reports Bloomberg.

And in an amusing sidenote, the SFO (which has come under some criticism of its own) itself uses the Autonomy software, which the office assures us is not a conflict of interest. “Throughout the investigation we have kept the potential for conflict of interest under review,” the organization writes. “Such a conflict of interest does not exist, nor has it ever existed, and the matter played no part in any decision concerning this investigation.”

All righty then.

So, what next? There was some talk two years ago that HP might sell Autonomy, talk that has been revived this year as HP undergoes its own split. But there’s been nothing definitive.

Heck, Autonomy’s still even listed in the Leaders section in the 2014 Gartner E-discovery Magic Quadrant.

But fear not, attorneys. The lawsuits are ongoing. Your jobs are still safe.

January 27, 2015  4:54 PM

Will the Box IPO Be Able to Keep It Up?

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Box, cloud, Storage

If you’d invested $1,000 in Box’s IPO last Friday, you’d have $1554.29 now.

At least, as I write this. Who knows. It may have gone up another 50 percent by now.

After what seems like years (and it may be almost exactly a year, given that the initial filing was seekrit, though the formal filing was on March 24) and the on-again off-again IPO as the stock market waned and rose, the cloud storage company finally went public. After estimating it would be priced at $11 to $13 a share, the company decided on $14, but never mind; it blew through that on the first day, gaining 66 percent (after opening 44 percent higher at $20.20), and is currently plotzing around in the low $20s.

It turns out that Box needed to go public sometime this year; a $150 million funding round from last summer would have imposed fines if the company didn’t do so. (Also, TIL that Box was originally funded on poker winnings. Seems appropriate.)

On the other hand, Shawn Tully of Fortune points out that if Box had priced its offering at $20 or so in the first place, it would have made another $120 million; it chose to forego that in favor of having a big attention-getting pop.

Well, that worked. “Call your broker immediately!” advised Mad Money host Jim Cramer, though he was thinking in terms of $18 or less per share. Still, he thinks it’s going to go higher.

So now there’s two questions. The first is, can they keep it up? The second is, what next?

As far as the first question, well, that’s the rub, isn’t it? “Many remain skittish about the company’s precarious financial health and ability to compete in an increasingly crowded pool of rivals,” writes the San Jose Mercury News. “Although it has spent the last year reining in spending, Box is still burning through cash and spending far more to acquire customers — through marketing and other means — than many of those customers initially pay for Box’s services, some experts say.”

One of those experts quoted by the Mercury News said that Box would have one year to prove itself. And the Motley Fool advises people to stay away. Indeed, by the second day, sales were flat.

Even stock boosters point out things like, “Box is at the forefront of cloud sharing and collaboration, only rivaled by a few products from Google, Microsoft and Cisco.”

Those are big opponents to have.

Analysts say that Box’ ability to keep it up will depend on how it does not on the cloud storage service per se, but on the tools it is adding to the service. The problem with depending just on the service itself is that “larger competitors have moved in with offerings that are often significantly cheaper,” writes the New York Times.

And getting cheaper all the time. Microsoft, for example – following the lead of some of its other products, such as Internet Explorer – is offering its OneDrive service for free. And as we all know from Internet Explorer, if it’s free, it doesn’t need to be as good – just good enough.

Others expect Box to be bought. “Despite Box’s initial success on Wall Street, I remain skeptical of its long term viability as an independent company,” writes Forbes’ Kurt Marko, noting that only 10 percent of the company’s customers actually pay for the service. “In the months since my initial column on Box’s IPO, I believe events support my thesis that ‘cloud storage and file sharing isn’t a product, it’s a feature.’”

For now, there’s this: Box was valued at $2.4 billion in July, and had dropped to $1.67 billion at the opening, but after opening day was worth $2.78 billion. The company also raised at least $175 million and as much as $201.3 million if bankers exercise options to sell more shares, the Mercury News writes.

So, what next? Disappointed investors are already asking about the “next Box.” And after the company’s stellar debut, no doubt the “increasingly crowded pool of rivals” is considering its own moves. “That optimism may very well spill over to the entire sector of cloud-computing companies, which have drawn skepticism from investors over their financial vitality,” the Mercury News wrote in its followup story.

“Box is blazing a trail in terms of being the first company in this space to go public,” Anthony Foy, CEO of Workshare, a UK-based file sharing and collaboration company with an office in San Francisco, told the Mercury News. “Box going public … establishes that this is a many multi-million dollar marketplace that we are competing in.”

Ultimately, what could end up happening is that while Box itself might flame out and die, it could do so while being a trailblazer for other companies in the industry.

January 25, 2015  4:22 PM

BackBlaze Releases Drive Reliability Data, and Seagate Has a Sad

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Backup, HGST, Seagate, Storage, western digital

“If you are looking for good drive at a good value, it’s hard to beat the current crop of 4 TB drives from HGST and Seagate.” On the other hand, if you’ve got a 1.5 TB or 3.0 TB Seagate Barracuda, you might want to stop reading this, go back it up, and replace it.

That’s the conclusion from the most recent BackBlaze data about the failure rates of the 17 varieties of disk drives it uses.

BackBlaze, in case you’re not aware, is a backup service that, instead of using real real big storage, uses a whole whole lot of commodity storage devices hooked together into “pods,” with as much of the extraneous stuff stripped off as possible. This reduces costs and is more scalable than large storage systems that require forklift upgrades to be expandable. Companies such as Netflix are using it as well, and several vendors have started selling storage systems based on the Backblaze designs. While the company occasionally has trouble finding commodity disk drives, in general the system works pretty well.

Because BackBlaze uses a whole whole lot of commodity storage, it is in a good position to judge performance and failure rates of these commodity drives, as opposed to those of us who buy one or two every couple of years.

Some commenters pointed out, in various degrees of politeness, that BackBlaze is not a typical user. But absent a Consumer Reports study, a company that uses 41,213 of a thing can generally be thought of as having a reasonable idea of the quality of the thing. Or, as one commenter puts it, “Much more helpful than a guy/gal saying ‘I used this drive for a week and I give it 5 stars!’”

Plus, BackBlaze is pretty good about releasing its data in periodic blog posts. “As far as I know (and please educate me if I’ve missed one), there’s no other mass studies of hard drives that have been released to the public, naming specific brand names and models,” writes one commenter. “Google has a 2007 white paper on the topic, but like Backblaze’s, it’s based off of their data centers, plus they didn’t reveal names and models. While Backblaze’s data center doesn’t directly equate to your home PC’s usage, they have done one thing that’s super useful — gather a statistically significant amount of data in a relatively variable controlled environment.”

All that said, what about the results? At this point, BackBlaze has migrated many of its storage pods to 4.0 TB drives, writes Brian Beach, distinguished engineer. Part of this migration is due to what the company says is lower reliability of 3.0 TB drives. “The HGST Deskstar 5K3000 3 TB drives have proven to be very reliable, but expensive relative to other models (including similar 4 TB drives by HGST),” he writes. “The Western Digital Red 3 TB drives annual failure rate of 7.6% is a bit high but acceptable. The Seagate Barracuda 7200.14 3 TB drives are another story.”

Which gets back to the advice in the first paragraph. While the average failure rate of most of the disk drives the company has is in the single digits, two drives show double-digit failure rates: the 1.5 TB Seagate Barracuda 7200.11, with an average age of 4.7 years, and the 3.0 TB Seagate Barracuda 7200.14, with an average age of 2.2 years.

Frustratingly, BackBlaze doesn’t say what the problem is with the Seagate drives, indicating only that it will write about it in a future blog post. The good news is that the company reports it isn’t having the same problem with the Seagate 4.0 drives. “The Seagate Desktop HDD.15 has had the best price, and we have a LOT of them,” Beach writes. “Over 12 thousand of them. The failure rate is a nice low 2.6% per year.”

Seagate’s perspective is that BackBlaze is using commodity consumer drives for enterprise purposes, so naturally they’re going to fail more often. (Confirmation bias, but commenters went on to largely concur with BackBlaze’s experience, noting also that the other drives were running under the same condition.)

Moreover, Seagate’s 4.0 TB drives appear to be more reliable than the 3.0 TB drives, Beach adds. “You might ask why we think the 4 TB Seagate drives we have now will fare better than the 3 TB Seagate drives we bought a couple years ago. We wondered the same thing,” he writes. “When the 3 TB drives were new and in their first year of service, their annual failure rate was 9.3%. The 4 TB drives, in their first year of service, are showing a failure rate of only 2.6%. I’m quite optimistic that the 4 TB drives will continue to do better over time.”

The company also said last summer it was starting to test 6TB drives, and started to release that data in December.

So how did those 6 TB  drives do in terms of reliability? It’s a little early to tell, Beach writes. “Currently we have 270 of the Western Digital Red 6 TB drives. The failure rate is 3.1%, but there have been only 3 failures. The statistics give a 95% confidence that the failure rate is somewhere between 0.1% and 17.1%. We have just 45 of the Seagate 6 TB SATA 3.5 drives, although more are on order. They’ve only been running a few months, and none have failed so far.”

That said, because Western Digital drives use a little less electricity – “This small difference adds up when you place 45 drives in a Storage Pod and then stack 10 Storage Pods in a cabinet,” notes director of cloud storage Andy Klein – and load a little faster, the company is primarily going to migrate to the Western Digital 6 TB drives. However, it will still buy some of the Seagate ones for diversification purposes, he adds.

Meanwhile, the company is already testing pods made of 8 TB drives.

Disclaimer: I am a BackBlaze customer.

December 31, 2014  12:56 PM

Congress Fights FBI ‘Back Door’ Mandate

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
privacy, Security

A Democratic Senator from Oregon is attempting to prevent government agencies from requiring vendors to build “back doors” into their software and electronic products by playing two kinds of security fears against each other. Sen. Ron Wyden introduced the Secure Data Act earlier this month.

People supporting such “back doors” say they are necessary to help protect Americans from terrorists and other criminals. FBI director James Comey, among other law enforcement officials, called for them after vendors such as Apple and Google implemented encryption on their smart phones by default. But Wyden is saying such “back doors” also make it easier for hackers to break in – an increasingly major issue in the past year.

And Wyden isn’t just speculating about the possibility; he cited an incident in 2005 where “an unknown entity had exploited a ‘lawful intercept’ capability built into Greek cellphone technology and had used it to listen to users’ phone calls” — including those of dozens of senior government officials.

“Unfortunately, there are no magic keys that can be used only by good guys for legitimate reasons,” Wyden wrote in an op-ed supporting the bill. “There is only strong security or weak security.”

“Security is a lot like a ship at sea,” agreed Alan McQuinn, a research assistant with the Information Technology and Innovation Foundation, in a blog post in The Hill. “The more holes you put in the system—government mandated or not—the faster it will sink.” Just a few years ago, the FBI was encouraging Americans to use encryption to better protect their data, he noted.

Another major issue in the past year has been revelations about agencies spying on Americans, which Wyden said is eroding trust in the government. “Strong encryption and sound computer security is the best way to keep Americans’ data safe from hackers and foreign threats. It is the best way to protect our constitutional rights at a time when a person’s whole life can often be found on his or her smartphone. And strong computer security can rebuild consumer trust that has been shaken by years of misstatements by intelligence agencies about mass surveillance of Americans,” he said in a statement.

Requiring back doors would also make U.S. companies less able to sell their products outside the U.S., Wyden noted. This could exacerbate problems that vendors such as cloud storage companies are already having outside the U.S. due to agencies using the courts to claim access to such data, even when it’s outside the U.S.

Wyden isn’t alone. The Hill noted that there was bipartisan opposition to Comey’s proposal, which he said didn’t call for a back door but a “front door with clarity and transparency.” But security experts dismissed that as a semantical difference. “The notion that it’s not a backdoor; it’s a front door — that’s just wordplay,” Bruce Schneier, a computer security expert and fellow at the Berkman Center for Internet & Society at Harvard University, told The Hill. “It just makes no sense.”

Nothing happened with the bill in the lame duck Congress, but Wyden reportedly expects to introduce it in the new Congress in 2015. Lily Hay Newman notes in Slate, however, that such bills have typically faced an uphill battle. For example, a similar measure was passed on the House side earlier this year, but funding for it was stripped from the “cromnibus” bill. It also is expected to be reintroduced next year.

Moreover, the Secure Data Act doesn’t prohibit back doors—it just prohibits agencies from mandating them, Newman writes. “There are a lot of other types of pressure government groups could still use to influence the creation of backdoors, even if they couldn’t flat-out demand them.” There are other weaknesses in the bill as well, notes the Electronic Frontier Foundation.

On the other hand, this isn’t Wyden’s first cybersecurity rodeo; he also essentially singlehandedly killed two bills in the past several years that the computer industry said could give the government too much control over the Internet, as well as worked on other Internet control issues.

December 27, 2014  6:33 PM

Microsoft Brings Its Homies to Fight Ruling

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Apple, Microsoft

Microsoft is continuing its fight with the U.S. government regarding access to data located on the company’s servers outside the U.S. And this time, it brought some friends.

28 major companies, including Microsoft competitors such as Apple, Amazon, and AT&T (but not Google, surprisingly enough), filed friend of the court briefs on December 15, after Microsoft formally appealed the ruling on December 8. Other organizations filing briefs of support include the U.S. Chamber of Commerce, CNN, ABC, Fox News, the Guardian, and Verizon.

Altogether, ten briefs were signed by 28 leading technology and media companies, 35 leading computer scientists, and 23 trade associations and advocacy organizations “that together represent millions of members on both sides of the Atlantic,” noted Microsoft legal counsel Brad Smith. Signatories also included nonprofit organizations such as the Center for Democracy & Technology, the American Civil Liberties Union, the Electronic Frontier Foundation, the Brennan Center for Justice at New York University School of Law, and the Berkman Center for Internet & Society at Harvard.

If upheld, the decision “allows the government to adopt a ‘seize first, search later’ view of the Fourth Amendment, where the government can seize a computer, copy all of its data, and keep that information indefinitely—without a search warrant at all,” writes the EFF in explaining its support.

Why do news organizations such as CNN and ABC care? Because they want to protect their reporters and sources, Smith writes. “These organizations are concerned that the lower court’s decision, if upheld, will erode the legal protections that have long restricted the government’s ability to search reporters’ email for information without the knowledge of news organizations,” he writes.

In addition, the Irish government also stepped in, saying the ruling violated its sovereignty, as did a German representative to the European Parliament.

In case you’ve missed it, a judge ruled in May that a search warrant with which it was served also applied to data on servers in data centers in Dublin, Ireland. (The exact person and crime has not been revealed, but it is reportedly drug-related.) Microsoft is protesting this ruling. Another U.S. judge reiterated this decision in August.

There’s more than just data at stake. The ruling means that the U.S. government lays claim to any data owned by a U.S. company, no matter where in the world it is located — such as in the cloud on servers in another country. This has the potential to conflict with privacy laws in other countries, as well as makes it a lot less likely that customers outside the U.S. will be willing to put their trust into U.S.-based cloud companies. In addition, it opens the door for non-U.S. governments to make their own data demands of countries operating within their borders.

Microsoft’s appeal wasn’t a surprise; in fact, the company had said in May that it intended to appeal the decision. Several other U.S. companies had also announced their support of Microsoft in August, since the decision has such wide-ranging effects.

The notion of data sovereignty has been discussed for several years, and in fact Microsoft’s Dublin data center had been specifically cited as an example, before this case came up. “Microsoft, like other cloud providers, will need to clarify data sovereignty issues, if Office Live is to be taken seriously,” wrote Computerweekly presciently in June, 2011. “While it does have a datacentre in Dublin – so it can guarantee data resides in the EU – Microsoft is headquartered in the US and will be subject to US legislation, such as Homeland Security, as well as UK and EU law.”

Ireland, in its brief, indicated that it wasn’t unwilling to grant the U.S. government access to the data in question, but that the mechanism for doing so was the Mutual Legal Assistance Treaty (MLAT) between Ireland and the United States, and that it was up to the U.S. to ask first, not Ireland to stop the U.S. from taking the data. “Ireland respectfully asserts that foreign courts are obliged to respect Irish sovereignty (and that of all other sovereign states) whether or not Ireland is a party or intervener in the proceedings before them,” the brief warned, before going on to hint, “Ireland would be pleased to consider, as expeditiously as possible, a request under the treaty, should one be made.”

In addition, Jan Philipp Albrecht, a Member of the European Parliament (“MEP”) from Germany, filed his own brief urging the U.S. to use the MLAT mechanism, and warning that failing to do so could make it more difficult for European and U.S. companies to work together.

“European citizens are highly sensitive to the differences between European and U.S. standards on data protection. Such concerns are frequently raised in relation to the regulation of cross-border data flows and the mass-processing of data by U.S. technology companies,” Albrecht writes. “The successful execution of the warrant at issue in this case would extend the scope of this anxiety to a sizeable majority of the data held in the world’s datacenters outside the U.S. (most of which are controlled by U.S. corporations) and would thus undermine the protections of the EU data protection regime, even for data belonging to an EU citizen and stored in an EU country.”

Legal argument is expected this spring or summer, according to the EFF.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: