For a while now, we’ve been reporting how cloud storage vendors such as Google and Microsoft have been dropping their prices, and wondering when Dropbox — which is rumored to be working on an IPO – was planning to follow suit. This week we learned: It ain’t.
“We’re not cutting prices right now,” Drew Houston, CEO of Dropbox told Re/code’s Liz Gannes and Walt Mossberg at the organization’s Code Conference, writes Re/code. Instead, the company is planning to compete not by cutting prices but by offering a better product with more features. What a concept.
Which features? “One is a photo sharing app called Carousel,” writes Re/code. “Another is a yet-to-launch collaboration tool built atop Microsoft Office called Project Harmony; Houston said it should be out by end of year.”
It will be interesting to see whether new applications will encourage more people to pony up money, or if cloud storage will stay a commodity and people will simply go for what’s cheapest. If the latter is the case, Dropbox is in for a problem. Companies like Microsoft and Google can afford to have their other revenue streams support cheap online storage, but for Dropbox, cloud storage is all it has.
On the other hand, this week Dropbox announced, sort of, that it was up to 300 million users, after having hit 200 million users in November 2013 and 100 million in November 2012, according to The Next Web. This wasn’t terribly surprising; the company had announced in April that it had 275 million users.
The question, though, is how many of Dropbox’ users actually pay for the service. Users get up to 2 gigabytes of storage for free, plus bonuses for referring friends and so on. Mark Rogowsky of Forbes did an interesting analysis last fall that, tl; dr, boiled down to this: “That leaves the company with at most 2 million paying customers, or barely over 1% of the total customer base. Given that it mentions having ’4 million businesses,’ the likelihood is that the actual conversion ratio of ordinary folks is worse than this.”
In other words, if Dropbox were to drop its prices, it may cost it most of the little revenue it has — not a good idea when one is contemplating an IPO in an uncertain market (as Box has already discovered).
It’s been an interesting month for Box. Heck, it’s been an interesting year.
- June 2013 — OpenText files suit against Box
- December 2013 — Box raises $100 million in series F funding, giving it a total valuation of $2 billion
- January 2014 — Box secretly files for an IPO
- January 2014 — First OpenText/Box hearing
- March 2014 — Box formally files for IPO to raise $250 million
- March 2014 — OpenText claims $268 million in damages
- May 2014 — Box postpones its IPO, citing unfavorable market conditions
- May 2014 — GE announces agreement to implement Box for up to 300,000 customers, for unknown revenue
Now, according to Silicon Valley Business Journal, the Box IPO may be on again, thanks to stronger-than-expected IPO results for Zendesk. In fact, it could be announced soon after the Memorial Day holiday, writes SVBJ’s Cromwell Schubarth. Quartz also predicted that Box would do its IPO around Memorial Day, while Bloomberg expects it to happen in June.
Box was criticized for losing money, particularly on marketing, after postponing its IPO (though the company said it didn’t really count as a postponement, because it had never set a date in the first place). On the other hand, it’s not really fair to blame Box for the postponement; Schubarth notes that as many as a dozen other companies — and that’s just the ones with public IPOs — are in a similar predicament.
The GE deal, coming just one day after the IPO postponement, provided a much-needed shot in the arm for the company. Makes you wonder why Box even postponed the IPO in the first place, knowing this was coming down the pike, though as the Wall Street Journal pointed out, several other technology IPOs raised less money than they expected.
If Box does end up going IPO in June — let alone late May — it’s going to be the capper to quite the year.
You’d think the bad guys — let alone the good guys, and it’s not always easy in Captain America: The Winter Soldier to know which is which — would have figured it out by now: Lock down the damn USB slots already.
You’d especially think they’d have figured this out given that the same plot point was used in Iron Man 2. Admittedly, Captain America might not have had a chance to watch Independence Day yet — it wasn’t scribbled down in his little notebook of Things to Catch Up On, though Star Wars was — but Iron Man 2 is in the same universe. Didn’t Tony Stark ever mention, “By the way…” to Nick Fury when setting up his supersecret organization? “You know, you’ve got this security hole here big enough to drive a tank through. Might want to look into that.”
The conveniently-located-thumb-drive plot was even used around the same time in the penultimate episode of this season’s Agents of SHIELD television program. But it seems like that program in general doesn’t have a real good grasp of storage technology, confusing, as it does, the difference between hacking and decrypting.
Anyway, in case you haven’t seen the movie (and yes, there’s spoilers here), here’s what happens. Captain America and Black Widow are rescuing a S.H.I.E.L.D ship, and in the process Black Widow casually plugs a USB drive into the ship to download all its files. Needless to say, Captain America is kind of perturbed by this — not by the security flaw, but by the fact that nobody had told him she was going to do this, and she was on his team.
The thumb drive then plays a prominent role throughout the movie, being hidden and getting lost in various odd places, and then gets used, in all places, in both an Apple store and to boot up a mainframe. Because all mainframes came with drivers for a USB drive, and of course file structures between Apple computers and mainframes are compatible. And as with Agents of SHIELD, there was a lot of handwaving around the notion of whether the flash drive was encrypted and how to get it decrypted.
I wasn’t the only one who had trouble with this part. “And this magical thumb drive that sets all this would-be intrigue into motion is a helluva head scratcher,” writes Sean Erickson in Trash Art Movies. “There’s just no getting around that fact when it comes down to this thumb drive that Nick Fury and his supercomputers can’t figure out but Black Widow and a display MacBook at the Apple Store can, you’re making the bad guys far dumber than they should be.”
“Why was Fury locked out of decrypting the thumb drive on his own authority?” concurs Jed Hartman. “Why was the data (that ended up on the thumb drive) on that SHIELD ship in the first place?” “Most everything about that thumb drive baffled me,” agreed one commenter. “I don’t know how that was supposed to help them read the data (even if you assume that a 1970s computer was equipped with a USB port).”
Needless to say, plugging in the thumb drive also gave the bad guys location and time information for targeting the heroes with one humungous cruise missile, which should also serve as a lesson about why plugging thumb drives into strange USB slots might be a Bad Idea.
(Incidentally, if you’re looking for a thumb drive to keep handy just in case you need to steal files from a supersecret quasigovernmental agency, you can actually get one that looks like Captain America. $9 on Amazon. No word on whether it’s explosion-proof like the one in the movie.)
Now, we know that movies aren’t necessarily the best place to pick up good habits — did you see the unsafe way those guys drive? Oddly, few other reviewers seemed to have the same issues I did with the flash drive aspect. But one does hope to achieve willing suspension of disbelief, even if we’re talking about a world with secret military bases and a massive government surveillance project.
Hmm. Maybe it’s not so unrealistic after all.
A few months back, when the New York Times wrote an article on how many government agencies were still using 3 1/2-inch disks, I wrote about it, saying, “Thank goodness it’s at least 3 1/2-inch disks, and not 5 1/4-inch (which, incidentally, were designed to be the size of a cocktail napkin because they were invented in a bar), or, Lord preserve us, 8-inch disks.”
Little did I know.
It turns out there actually is still a part of the U.S. government that operates on 8-inch floppy disks: Our missile defense system. Lord preserve us, indeed.
“But the equipment is ancient,” reads the transcript. “This, for example, is one of the computers that would receive a launch order from the president. It uses floppy disks! The really old, big ones.” Deputy Dana Meyers, 23, dutifully reported that she had never seen one before working in the missile silo.
This is not to say that using the 8-inch disks was a bad thing, Stahl reported. “I’ll tell you, those older systems provide us some — I will say huge safety when it comes to some cyber issues that we currently have in the world,” explained ICBM forces commander Major General Jack Weinstein to her, adding that the systems were not on the Internet. “A few years ago we did a complete analysis of our entire network. Cyber engineers found out that the system is extremely safe and extremely secure on the way it’s developed.”
Naturally, the grizzled denizens of the Internet were overtaken by a wave of nostalgia that made the one they had about 3 1/2-inch disks seem puny, such as the nearly 500 comments posted to the Slashdot posting of a story about the episode.
In addition, they argued about the veracity of Weinstein’s claim, with some of them agreeing because the systems couldn’t be penetrated by a USB, nor could the disks easily be stolen or read. Others said Weinstein was just using a sophisticated version of the security-through-obscurity argument. The phrase “if it ain’t broke, don’t fix it” also cropped up a number of times.
If Sony quit making 3 1/2-inch disks in 2010, one wonders how the federal government continues to find 8-inch floppy disks — unless, of course, as one poster suggested, they “have a six acre warehouse full of eight inch floppy disks that’s fully climate controlled and guarded by snipers and dogs.”
Turns out, however, that 8-inch disks are readily available on eBay; they seem to go for about $15-$25 a box.
The Office of the Privacy Commissioner of Canada had to admit last week that it had, uh, lost an unencrypted hard drive containing the personal data of up to 800 current and former federal employees from as far back as 2002.
“I believe this falls under category of #youhadonejob,” Tweeted Forrester analyst Cheryl McKinnon, who’s based in Ottawa.
“The office lost an unencrypted hard drive containing employee names, official ID numbers, salary information and details on overtime while moving headquarters in mid-February,” wrote Graham Lanktree in the Canadian newspaper The Star. “Those affected are current or former employees of the Office of the Privacy Commissioner and the Office of the Information Commissioner.”
180 current employees have been informed; another 800 former employees remain to be informed. Well, unless they read about it in the newspaper, apparently.
“IT staff first noticed the drive was missing in mid-March when they had trouble setting up their servers after the move from Ottawa to Gatineau, Que., on Feb. 14,” Lanktree wrote. “It wasn’t until April 9 that they realized the drive contained personal information.”
One does wonder. The agency moved in mid-February, didn’t try to set up the servers til mid-March, and it was almost mid-April before it knew what was on the drive? How did the agency move, load up the back of somebody’s Suburban over a weekend?
The other interesting aspect is that the data, which was only supposed to go back seven years, actually dated back to 2002, which is more like 12 years.
The good news, the agency assures staffers, is that the data is in such a raw form that “only someone with the right software and technical expertise can read it,” Lanktree wrote.
You know, somebody like Simson Garfinkel, who used to hang out on eBay buying up discarded hard drives to see what sort of information he could collect. (For research purposes only. He studies this stuff for a living.)
An internal investigation was supposed to return its findings by April 25 — like, maybe, was the thing lost or stolen or what? — but the Star hasn’t done any followup articles and the office has no information on its website yet.
On the other hand, this all transpired a month after the office investigated a loss of a similar hard drive from Employment and Social Development Canada with the personal information of 583,000 student loan recipients.
The official report on that loss is quite hair-raising, noting that “the hard drive was left for periods of time (weeks) without being stored in a locked filing cabinet. Even when stored in the cabinet, the cabinet was not always locked and other employees involved in the data migration project were aware of the location of the keys” and “The access log report for the period of August 2012 — November 2012 revealed that over 200 different employees had access to the CSLP controlled area. ESDC’s review confirmed that all individuals had approved access” and “The information contained on the hard drive was not encrypted and was not protected by a secure password.”
Seriously, though, the investigative report is a thing of bureaucratic beauty, and one can only hope that the agency’s report on its own loss is as thorough. Incidentally, they never found out what happened with the student loan hard drive, either.
That loss “underscores the need to ensure that formal privacy and security policies are more than simply words on paper, an investigation has found,” according to the agency — which apparently needs to take its own words to heart, eh?
Okay, this is really bad.
A California court, the Sixth District Court of Appeal, has ruled that email messages and other forms of electronic communication about public business are not subject to the state’s Public Records Act as long as they’re conducted on a private computer or device.
“We conclude that the [California Public Records] Act does not require public access to communications between public officials using exclusively private cell phones or e-mail accounts,” wrote the three judges in their unanimous ruling.
Do we really need to talk about how really bad this is? Basically, the court has just given California public officials carte blanche to do anything illegal, unethical, secret, or just plain weird, and their constituents have no way to find out about it.
“That decision hews to the narrow language of the act, but it distorts the act’s larger purpose, which is to ensure that the public can scrutinize the actions of its employees when they are doing public work,” writes the Los Angeles Times (which filed an amicus brief in the case) in an editorial. “Indeed, the problem with the ruling should be obvious to all: As soon as a public official realizes that his constituents have no right to look at anything he says on his personal cellphone or laptop, he’ll simply do all of his sensitive or secret communications on those devices. With a flick of the wrist, public officials will exempt themselves from accountability.”
We’ve already done a number of stories about public officials behaving badly, ranging from erasing messages, using personal email addresses, and otherwise trying to evade proper oversight by the people. And that’s with public records laws applying to private devices. What’s it going to be like when they don’t?
No other state gives its public officials such latitude, writes Brian Heaton in Government Technology (though the ruling does mention a similar case in Pennsylvania). As California is often a bellwether in technology issues, it raises the spectre that other states could follow suit. Not to mention, if private devices are considered protected for public officials, how long is it going to take for employees in the private sector to make the same argument?
Obviously, governments aren’t using the argument that they want the right to give their officials free rein. Instead, the argument — by organizations such as the League of California Cities, writes the AP — is that having to maintain and produce these records, from employees’ private devices, would be too great an administrative burden. This is all happening at the same time that states are dealing with the issue of whether they need to retain texting information — including metadata — having to deal with public business, writes Heaton — which the cities are also saying is too arduous. In addition, the League expressed concern with violating California’s right to privacy, the ruling added.
Smith’s attorney James McManis told the AP that he will ask the state Supreme Court to review the case. “If it doesn’t, the 6th District’s decision would stand, creating a precedent for similar situations in the future,” Heaton writes.
“When you think about it — it’s just nuts,” McManis told the San Jose Mercury News. “If they can hide stuff by using their private devices, that’s no way to run a railroad.”
The California Legislature could also address the issue, and the Sixth explicitly brought that up as a possibility, writes William Adams in Public CEO. “We are bound to interpret statutory language as written and avoid any encroachment on the province of the Legislature to declare public policy,” the ruling reads, passive-aggressively. “Had the Legislature intended to encompass such individuals within the scope of ‘public records,’ it could easily have done so.” Really, though, how likely is it that the Assembly would take away from itself such a juicy privilege?
Cross your fingers.
In case you missed it, OpenText is known as the largest software company in Canada, and its CEO is Mark Barrenechea, which I mention only because I’m always delighted to see a good Basque name. Anyway, OpenText filed suit against Box last June, claiming patent infringement, for which the first hearing was held in January. A case management conference is scheduled for Thursday of this week. At the end of March, the company went on to claim $268 million in damages, the first time it had mentioned an amount. In addition, it asked for an injunction against Box that not only would forbid Box from selling its products and services but would demand that it go out to everybody it had sold them to and get them back, writes Tom Petrocelli at Neuralytix.
“OpenText doesn’t just want Box to stop selling their products,” Petrocelli writes. “They want them to “recall and collect from all persons and entities that have purchased any and all products”, “destroy or deliver all such infringing products to OpenText”, and “disable all applications providing access to all such infringing software; and destroy all infringing software that exists on hosted systems. Basically, they say they want Box to stop operating.”
Oh, and this all happened the same week that Box formally filed for its IPO, coincidentally valued at $250 million.
So, now what?
The big question, then (other than “Is ‘OpenText’ one word or two?”), is “What makes Box different from all the other cloud storage vendors?” In other words, why is OpenText picking on Box instead of Dropbox, Google, Apple, Microsoft, etc.? The patents we’re talking about, after all, include three called “System and method for the synchronization of a file in a cache” — surely that seems generic enough to apply to all the myriad cloud storage services out there. As John Coonen in CMS Connections writes, “Is this lawsuit a shot over the bow to Box competitors, with similar technology? In other words, if OT wins this
battle war, will DropBox or Syncplicity (now an EMC-owned technology) or Google be next in line to receive a registered letter from the IP folks from Waterloo?”
So what’s the deal? Is there something specific about Box’ product, such as more collaboration, that arouses OpenText’s ire? Does Box have a reputation for wussy legal counsel? Is it because Box tends to have more corporate customers? Does OpenText have a personal issue with flamboyant Box CEO Aaron Levie? Is OpenText hurt because Box didn’t cite it as a competitor in its prospectus? Is it concerned because KapitallWire said that Box’s IPO was most threatening to OpenText stock directly?
One could argue that it’s because Box was first to file for an IPO, and that OpenText would have nailed anybody who went public, but that doesn’t explain why OpenText initially filed suit last June against Box, and against nobody else that I could discover. On the other hand, the timing and amount of the injunction — almost the same that OpenText expects to raise with its IPO — are certainly suspicious (as Coonen also mentions).
What it will all boil down to is the issue of whether the patents are valid. While the vice president of investor relations claims they date back to the 1990s and 2000s, all three of the file synchronization patents were awarded after Box was founded. Now, nobody’s accusing OpenText of being a patent troll, but the notion of trying to patent cloud storage seems like a stretch. On the other hand, while the Electronic Frontier Foundation has been running around looking for overbroad patents to help topple (and succeeding at it, thanks very much), it hasn’t said anything about this one yet. And, of course, the whole issue of software patents in general is an open legal question.
And this is the argument that Box is making, Petrocelli writes. “They claim that the file synchronization patents are invalid due to prior art which means that the technology existed before inventor came up with the idea described in the patents,” he says.
(Ironically, OpenText’s own cloud synchronization product, OpenText Tempo Box — and how hard did it work to get “box” in the name of the product? — was announced in November , 2012, well after Box was founded in 2005.)
It’s been suggested that what the goal really is here is to shake down Box for a licensing agreement, which Cantech Letter said could add as much as $2 per share to the value of OpenText stock. “The devastating demand that Box stop selling their product is pretty common language in patent infringement suits: The complainant demands death for the competitor but they end up with a settlement of some sort, often a cross-licensing deal or an on-going royalty payment,” Petrocelli writes. “A fair monetary settlement that comes short of beating Box to death with a club is in the interest of both parties.”
And perhaps the whole goal of the injunction is to get Box to settle before the court issues its ruling on the original patent infringement — especially if OpenText were to lose. If the court were to find that the patents are invalid, it would not only be a big win for Box but for the entire computer industry, writes Petrocelli, because the industry could then run out and develop cloud storage apps with impunity. On the other hand, if the settlement is made, OpenText could then run out to all of Box’ competitors and try to get the same licensing agreement with them, he continues — before they have a chance to go out and find a bunch of prior art with which to attack any follow-on lawsuits by OpenText.
The crumpled wrapping paper litters the floor, and tomorrow is half-price chocolate disk drives. Yes, another World Backup Day — the fourth — has come and gone.
The World Backup Day website explains it all, right down to defining “backup” — “A backup is a second copy of all your important files. Instead of storing it all in one place (like your computer), you keep another copy of everything somewhere safe.” It then goes on to explaining why — because people lose their files, and it lists a bunch of statistics about that — and several different ways that people can back up their files, ranging from external hard drives to services.
Finally, you’re asked to take “The Pledge”: “I solemnly swear to backup my important documents and precious memories on March 31st. I will also tell my friends and family about World Backup Day – friends don’t let friends go without a backup.” As of the end of World Backup Day, more than 1800 people had taken the pledge — a big drop from last year, unfortunately.
The website also contains flyers, t-shirt ordering, social media links, and so on. Interestingly, it didn’t seem to include information on World Backup Day sales, a major benefit to the holiday. (There is, however, a Backing Up song, which dates from 2010.) That said, many backup vendors — who don’t usually get a lot of press attention — were ecstatic at the opportunity to promote themselves, such as with a “Gremlin Defense Kit.”
Why March 31? In case there’s a virus or something on April 1 that destroys files. (According to Tom Coughlin in Forbes, in 2005 there used to be a backup awareness month but apparently it was decided that just one day would provide enough awareness.)
Earlier this month, a number of websites went gaga over something called dataSTICKIES, a graphene-based storage system that would enable you to store up to 32 gb on a narrow multicolored Post-It that could upload data simply by being stuck anywhere on a particular conductive material on a computer.
What could go wrong?
Admittedly, this is something we aren’t going to have to worry about right away; it’s a “concept” with no date or price yet, though it does have a website, and lots of pretty, colorful pictures. And sure, I’m not the only person who has run into the 3-sided USB problem.
“dataSTICKIES solve this problem by carrying data like a stack of sticky-back notes,” explains the website. “Each of the dataSTICKIES can be simply peeled from the stack and stuck anywhere on the optical data transfer surface (ODTS), which is a panel that can be attached to the front surface of devices like computer screens, televisions, music systems, and so on. The special conductive adhesive that sticks the dataSTICKIES to the ODTS is the medium that transfers the data.”
But really? USB drives don’t have enough security issues? Now we’re going to have a big conductive area on a computer, and anybody can come up and stick a Post-It on it?
Not surprisingly, none of the articles raving about the ease of use of dataSTICKIES get into the security aspects. “It’s an interesting idea and one that demonstrates the imaginativeness of designers who are trying to make our lives just that bit simpler and better designed,” writes Huffington Post UK. “Whether or not it’s possible to make something like this remains to be seen, but it’s an incredibly cool concept, and it’s being worked on by expert industrial designers who truly believe this is a possibility,” writes Dvice. And UberGizmo writes, “As to the possibility of this happening, it remains to be seen, but considering how we’ve sent man to the moon, why not?”
Hmm. Why not. Think think think.
- Considering companies are already failing at locking up USB drives, do we really want it to be that much easier to upload and download data?
- People already lose thumb drives at an alarming rate; do we really want to make thumb drives the thickness of a piece of paper?
- What a great way to steal data! Get a handful of these things, wander through a building, slap them on a computer, and then wander back and peel them all up again!
- Alternatively, what a great way to spread malware!
- “You could hide porn literally anywhere,” reports the one site that had any skepticism about the notion at all, which went on to point out other issues such as lossage, fragility, loss of stickiness, dust and pet hair problems, confusion with non-data Post-Its, and the inability for Microsoft Windows to deal with more than a few of them. “Have you ever wanted to store critical information on the most disposable looking item in your office? Well, now you can!” noted one commenter. “No matter how hard I’d try to keep track of these, they’d end up stuck to the bottom of my shoe,” replied another.
On the other hand, think how much easier this would have made things for Jeff Goldblum in Independence Day.
So it turns out making music with floppy disk drives is a thing. Who knew?
Reportedly developed in 2007, the process now has a whole group of people who use from four to 40 floppy disk drives to create music by telling the read/write head on the drive to go back and forth at the frequency described by each note — 400 Mhz for an A4, for example.
“The floppy drives are fairly cheap,” says Martin Fischer, who as Devils Child created the 40-drive array that plays songs such as the Pirates of the Caribbean theme. “You can get used ones on eBay.” He describes the process on his website, as do other creators, some of whom even demonstrate the development process on YouTube. One developer, George Whiteside, refers to the devices as “diskette organs.” Other developers include Mike Kohn and MrSolidsnake745.
Obviously, the real trick here is the converter that takes the music and tells the floppy drives how fast to move back and forth for each note, not to mention coordinating this activity between up to 40 floppy drives. “In my previous versions (1 and 2) I had to type every note,” Fischer says. “The third version supports MIDI playback. A C# application converts the MIDI files to a C++ include file.”
Many of the floppy drive musicians are now using an Arduino electronics prototyping platform to communicate with the drives. Fischer is using an Arduino, but not directly, he says. “Playing the MIDIs directly on the Arduino would require far more storage and parsing,” he says. “Since parsing MIDIs in C# is fairly easy with the right library, I decided to convert them instead of directly playing them.” Similarly, he has an array of the conversion charts between the frequencies and the notes, instead of expecting the Arduino to do the conversion itself. “An Arduino is not really fast in that manner,” he admits.
Keeping the vibration from “walking” the disk drives off the table is probably a good trick, too.