Given how hard it is to save data you want (see The Universe hates your data) to keep, losing data on the web should be easy. It isn’t, because it gets stored so many places in its travels.

Problem
But the power of the web means that silliness can now be stored and found with the speed of a Google search. You don’t want sexy love notes – or pictures – to a former flame posted after infatuation ends.

Or maybe you want to discuss relationship, health or work problems with a friend over email – and don’t want your musings to be later shared with others. Wouldn’t it be nice to know that such messages will become unreadable even if your friend is unreliable?

Researchers built a prototype service – Vanish – that seeks to:

. . . ensure that all copies of certain data become unreadable after a user-specified time, without any specific action on the part of a user, without needing to trust any single third party to perform the deletion, and even if an attacker obtains both a cached copy of that data and the user’s cryptographic keys and passwords.

That’s a tall order. Their 1st proof-of-concept failed. But they are continuing the fight.

Vanish
In Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu, Tadayoshi Kohno, Amit A. Levy and Henry M. Levy of the University of Washington computer science department present an architecture and a prototype to do just that.

Ironically, the project utilizes the same P2P infrastructures that preserves and distribute data: BitTorrent’s VUZE distributed hash table (DHT) client.

The basic idea is this: Vanish encrypts your data with a random key, destroys the key, and then sprinkles pieces of the key across random nodes of the DHT. You tell the system when to destroy the key and your data goes poof!

They developed a data structure called a Vanishing Data Object (VDO) that encapsulates user data and prevents the content from persisting. And the data becomes unreadable even if the attacker gets a pristine copy of the VDO from before its expiration and all the associated keys and passwords.

Here’s a timeline for that attack:

DHT overview

A DHT is a distributed, peer-to-peer (P2P) storage network. . . . DHTs like Vuze generally exhibit a put/get interface for reading and storing data, which is implemented internally by three operations: lookup, get, and store. The data itself consists of an (index, value) pair. Each node in the DHT manages a part of an astronomically large index name space (e.g., 2¹⁶⁰ values for Vuze).

DHTs are available, scalable, broadly distributed and decentralized with rapid node churn. All these properties are ideal for an infrastructure that has to withstand a wide variety of attacks.

Vanish architecture

Data (D) is encrypted (E) with key (K) to deliver cyphertext (C). Then K is split into N shares – K₁,…,K_N – and distributed across the DHT using a random access key (L) and a secure pseudo-random number generator. The K split uses a redundant erasure code so that a user definable subset of N shares can reconstruct the key.

The erasure codes are needed because DHTs lose data due to node churn. It is a bug that is also a feature for secure destruction of data.

Prototype
They built a Firefox plug-in for Gmail to create self-destructing emails and another – FireVanish – for making any text in a web input box self-destructing. They also built a file app, so you can make any file self-destructing. Handy for Word backup files that you don’t want to keep around.

The major change to the Vuze BitTorrent client was less than 50 lines of code to prevent lookup sniffing attacks. Those changes only affect the client, not the DHT.

The Vanish proto was cracked by a group of researchers at UT Austin, Princeton, and U of Michigan. They found that an eavesdropper could collect the key shards from the DHT and reassemble the “vanished” content.

Who is going to collect all the shard-like pieces on DHTs? Other than the NSA and other major intelligence services, probably no one. For extra security the data can be encrypted before VDO encapsulation.

The StorageMojo take
The Internet is paid for with our loss of privacy. Young people may think it no great loss, check back in 20 years and we’ll see what you think then.

It is slowly dawning on the public that their lives are an open book on the Internet. Expect a growing market for private communication and storage if ease-of-use and trust issues can be resolved.

You don’t have to be Tiger Woods to want to keep your private life private. I hope the Vanish team succeeds.

Courteous comments welcome, of course. Figures courtesy of the Vanish team.

Related posts:

1. MaxiScale’s Web-scale file system A new web scale – they claim linear scaling to...
2. Avere Systems: dynamic tiering for the masses – of data? Last week RisingTide Systems, a stealth startup with no web...
3. Why private clouds are part of the future James Hamilton, Amazon architect and a very smart guy, recently...

Related posts brought to you by Yet Another Related Posts Plugin.

1. MaxiScale’s Web-scale file system A new web scale – they claim linear scaling to...
2. Avere Systems: dynamic tiering for the masses – of data? Last week RisingTide Systems, a stealth startup with no web...
3. Why private clouds are part of the future James Hamilton, Amazon architect and a very smart guy, recently...

Greg Reyes, former CEO of Brocade, received a sentence of 18 months and a $15 million dollar fine for his conviction on 10 felony counts related to options backdating. Prosecutors had asked for 37 months and a $137 million dollar fine. Mr. Reyes was emotional at his sentencing:

When Reyes got his opportunity to address Breyer, he stood at the lectern silently for a few seconds, and then broke down sobbing. [His attorney] read his statement for him.

“I am a shell of the man I once was,” he read.

Breyer said he was quite moved by the 400 letters sent in on Reyes’ behalf, as well as the financial and emotional support he extends toward others. Yet a message must be sent to executives that deceiving the public markets is a serious crime, Breyer said.

The judge cited one more reason for a prison term.

“White-collar defendants, unlike most defendants I see in court every day, have choices,” Breyer said, adding that he had just sentenced a man to more time than Reyes because he illegally re-entered the United States to see his 5-year-old son.

In two weeks, Breyer will sentence another man whose drug addiction began when his father shot him up with heroin when he was 11.

“What choices did that young boy have?” Breyer said.

[From Law.com]

The best CEO of any high tech company?
I met Mr. Reyes a couple of times when both of us wanted Sun to buy FC switches to make Sun’s early FC array more maintainable. I was at Sun at the time. He was an excellent salesman, but some idiot had decreed no FC switches for the storage group.

Storage Newsletter had an odd bit of history as well:

In 2002, we asked Steve Duplessie, well known consultant, to told [sic] us who was the best CEO in the storage industry. His answer: “[The best CEO] would be Greg Reyes of Brocade.”"

The 2 critical success factors for salesman are: a capacity for self-delusion – so you can sincerely and honestly tell your prospects how good it is; and a resolutely short term focus, because making this quarter’s numbers is what counts. Don’t hire a salesman to design your products or your strategy.

The StorageMojo take
Given Brocade’s current problem – they’ve been for sale for over 9 months and there are no takers – and his own, Mr. Reyes was no strategist. But Brocade’s IPO timing made fortunes for Mr. Reyes and co-founders Paul Bonderson and Kumar Malavalli. Isn’t that what really counts?

But Mr. Reyes can be forgiven if he feels unfairly singled out. Here we are 2 years after after the big Wall Street meltdown, where the big ibanks were packaging and selling crap and calling it gold, when mortgage companies and rating agencies had gone wild, and who’s gone to jail for that?

At the same time, Maher Arar, a Canadian who was arrested in 2002 by U.S. officials while changing planes in New York on a trip to Montreal and then rendered by US officials to a Syrian jail was denied a hearing by the US Supreme Umpires. According to the findings of fact, Mr. Arar

. . . was in Syria for a year, the first ten months in an underground cell six feet by three, and seven feet high. He was interrogated for twelve days on his arrival in Syria, and in that period was beaten on his palms, hips, and lower back with a two-inch-thick electric cable and with bare hands.

So buck up, Mr. Reyes, things could be worse. In 18 months you will have paid your debt to stockholders and you will still be among the richest 30,000 or so people in the world.

Courteous comments welcome, of course. America is a nation of laws, not of men, unless the men are fighting terrorism.

Related posts:

1. Brocade’s ex-CEO convicted on 9 felony charges In a 2nd trial, Brocade’s former CEO Gregory Reyes was...

Related posts brought to you by Yet Another Related Posts Plugin.

1. Brocade’s ex-CEO convicted on 9 felony charges In a 2nd trial, Brocade’s former CEO Gregory Reyes was...

For an industry that stands to make billions of dollars on electronic health records (EHR) – if we can get people to use them – storage vendors are strangely passive on the issue of health privacy. Even the good guys like HP and NetApp are silent. What’s up?

The problem
According to Dr. Deborah Peel, a psychiatrist and founder of Patient Privacy Rights said in a recent column in the Wall Street Journal:

In 2002, under President George W. Bush, the right of a patient to control his most sensitive personal data—from prescriptions to DNA—was eliminated by federal regulators implementing the Health Insurance Portability and Accountability Act. Those privacy notices you sign in doctors’ offices do not actually give you any control over your personal data; they merely describe how the data will be used and disclosed.

But patients are right to fear the release of potentially embarrassing information on such health issues as STDs, depression or substance abuse problem, abortions or miscarriages and other issues that should be between a patient and their doctor – not a mortgage company or an employer.

Today our lab test results are disclosed to insurance companies before we even know the results. Prescriptions are data-mined by pharmacies, pharmaceutical technology vendors, hospitals and are sold to insurers, drug companies, employers and others willing to pay for the information to use in making decisions about you, your job or your treatments, or for research. Self-insured employers can access employees’ entire health records, including medications. And in the past five years, according to the nonprofit Privacy Rights Clearinghouse, more than 45 million electronic health records were either lost, stolen by insiders (hospital or government-agency employees, health IT vendors, etc.), or hacked from outside.

One poll found that 1 in 8 people have withheld information from doctors out of privacy concerns. Another poll found that fully 59% were not confident that their health records would be protected if stored electronically.

This is America, where non-compliance with “official” policy is a way of life. If you hope your company will make billions on the EHR market, maybe you think again.

The solution
Dr. Peel’s organization is lobbying Congress to protect patient privacy. Kudos to the ONLY computer or storage company that has joined her in the fight: Microsoft.

The StorageMojo take
Maybe I expect too much from vendors. Why should they care if rampant abuse hoses the EHR market and sours public attitudes towards major users of storage products?

But somehow it doesn’t seem like too much to ask for at least IBM, HP, Oracle and NetApp to get involved to ensure that massive data storage infrastructures are not abused. Having millions of consumers hate and fear your products – or their use – seems counter-productive.

I hope this is just an oversight and that vendors jump aboard. Vendors?

Update: Sign a petition to Congress for a Do Not Disclose law that gives you control over your health information. End update.

Courteous comments welcome, of course.

Related posts:

1. HCR: a great day for storage The historic Health Care Reform that Congress passed last night...

Related posts brought to you by Yet Another Related Posts Plugin.

1. HCR: a great day for storage The historic Health Care Reform that Congress passed last night...

In a 2nd trial, Brocade’s former CEO Gregory Reyes was convicted of 9 felony charges of fraud and making false statements. The jury deliberated for 4 days.

The jury acquitted him of a conspiracy charge. Sentencing is set for June 24. His lawyer will appeal for a new trial.

Mr. Reyes made some $380 million dollars off Brocade during the dot com boom. What investors didn’t know is that if he had followed the proper accounting rules Brocade’s $67 million FY2000 profit would have been a $950 million loss, at least on paper. Options are a non-cash expense, but so are a lot of other things on income statements.

Mr. Reyes was sentenced to 21 months in prison and a $15 million fine after the first trial, but that was thrown out on appeal and a re-trial ordered. However, that sentence was based on a calculation of “zero-loss” and now prosecutors say they can reasonably calculate loss.

Brocade paid $160 million to settle a class-action suit after Mr. Reyes first trial, a number likely to figure in the prosecutor’s calculations.

The StorageMojo take
Mr. Reyes can take solace in the fact that in America it is the size of your bank account, not the length of your rap sheet, that determines the esteem of your fellow citizens. On that measure Mr. Reyes will do very well, with even a fine of $100 million leaving him a very wealthy man.

There will be an all-expenses-paid stay at a Club Fed, but in 5 years that will be a fading memory. And he’ll tap a rich vein of Valley “there but for the grace of God go I” sympathy once he is out.

If he chooses to follow the well-worn path of public contrition – which he hasn’t yet – followed by good works all will be forgiven in a few years. It could be worse.

Courteous comments welcome, of course.

Related posts:

1. Geoff Barrall out as Data Robotics CEO I noticed this morning that co-founder Geoff Barrall is out...

Related posts brought to you by Yet Another Related Posts Plugin.

1. Geoff Barrall out as Data Robotics CEO I noticed this morning that co-founder Geoff Barrall is out...

The historic Health Care Reform that Congress passed last night puts America on a path to be competitive with every other industrialized nation. But it is good for the storage industry as well.

Why?

Electronic medical records
As I noted back in ’06:

Medical records are one of the biggest storage opportunities of the next decade – if Americans can be persuaded they are secure. Right now they aren’t, and with the continuing stories about lost laptops and illegal data access, there is no reason for people to get comfortable. Without public support electronic medical record systems are dead and millions of Americans will suffer from medical delay and even death.

HCR fixes part of the problem: outlawing insurance denials based on pre-existing conditions removes a big fear of electronic medical records (EMR). There is still the issue of medical privacy (see Medical privacy is a sick joke), but that is fixable.

Well implemented, EMR, along with other process re-engineering, can deliver the same results for citizens that it did for the Veterans Administration health care system (see Effect of the Transformation of the Veterans Affairs Health Care System on the Quality of Care from the peer-reviewed New England Journal of Medicine).

The net/net: a common, uniform, EMR takes better care of patients, virtually eliminates prescription errors, enables large-scale studies of treatment protocols, and ensures that a highly mobile population gets consistent care. It’s all good – and massive storage makes it go.

The StorageMojo take
EMR will drive massive growth of medical data, both locally in doctor’s offices and in hospitals, but also in the cloud. Large anonymized data sets will be popular for research – expect Amazon to store them for free – on everything from treatment outcomes to drug interactions and patient education techniques.

While political conservatives demonize science and data-driven policies, the real world work of doing more with less continues. Massive EMR data will be a key driver over the next decades for improving medical outcomes and reducing costs.

Note: Data geeks will like this: Florence Nightingale was not only a public health reformer, but a statistician and pioneer in data visualization. Check this out for details.

Courteous comments welcome, of course. Kudos to the Republicans for their principled work to protect campaign contributions every American’s God-given right to a premature and bankrupt death. But they lost, and a bit of our freedom dies with them.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Today is Memorial Day in America. For StorageMojo.com’s international visitors, this is the day Americans remember those who have fought for our liberty and our ideals.

But many of our ideals are older than America. Others have shared them, beginning in ancient Athens, the first democracy.

2500 years ago Athens was fighting for its life against its polar opposite, Sparta. Athens, the world’s only democracy, cultivated trade, learning, arts and politics. In contrast the Spartans lived as a military state on a permanent war footing, for some 90% of their population were slaves, always tempted to revolt.

After an early battle the Athenian leader Pericles spoke of his city’s ideals at a memorial service for the dead. The text is from The Peloponnesian War by Thucydides. The words are his, the bolding and editing mine.

Our constitution does not copy the laws of neighbouring states; we are rather a pattern to others than imitators ourselves. Its administration favours the many instead of the few; this is why it is called a democracy. If we look to the laws, they afford equal justice to all in their private differences; . . . advancement in public life falls to reputation for capacity, class considerations not being allowed to interfere with merit; nor again does poverty bar the way. . . .

The freedom which we enjoy in our government extends also to our ordinary life. There, far from exercising a jealous surveillance over each other, we do not feel called upon to be angry with our neighbour for doing what he likes. . . . [We] obey the magistrates and the laws, particularly such as regard the protection of the injured, whether they are actually on the statute book, or belong to that code which, although unwritten, yet cannot be broken without acknowledged disgrace.

Further, we provide plenty of means for the mind to refresh itself from business. We celebrate games . . . all the year round, and the elegance of our private establishments forms a daily source of pleasure . . . while the magnitude of our city draws the produce of the world into our harbour, so that to the Athenian the fruits of other countries are as familiar a luxury as those of his own.

If we turn to our military policy, there also we differ from our antagonists. We throw open our city to the world, and never by alien acts exclude foreigners from any opportunity of learning or observing, although the eyes of an enemy may occasionally profit by our liberality; trusting less in system and policy than to the native spirit of our citizens. . . .

We cultivate refinement without extravagance and knowledge without effeminacy; wealth we employ more for use than for show, and place the real disgrace of poverty not in owning to the fact but in declining the struggle against it.

…[O]ur ordinary citizens, though occupied with the pursuits of industry, are still fair judges of public matters; . . . and, instead of looking on discussion as a stumbling-block in the way of action, we think it an indispensable preliminary to any wise action at all. . . . [T]he palm of courage will surely be adjudged most justly to those, who best know the difference between hardship and pleasure and yet are never tempted to shrink from danger.

. . . And it is only the Athenians, who, fearless of consequences, confer their benefits not from calculations of expediency, but in the confidence of liberality.

May it be ever so.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Free the American worker!
After a truly wretched New England winter, news that EMC’s David Donatelli is moving to HP’s sunnier climbs isn’t a total surprise. Nor is it surprising that EMC is trotting out its noncompete agreement to keep Dave from HP.

Bad public policy
The theory behind noncompetes is that a company is protecting its intellectual and commercial property such as customer relationships and product plans. But we already have laws protecting intellectual and commercial property — laws that are quite regularly enforced through civil and sometimes criminal action. Nor is it difficult to suss out who major customers are or what v6.4 of product X will look like.

The problem with noncompetes is twofold. First, they interfere with the free movement of labor to the highest and best use. Shouldn’t Mr. Donatelli be free to take his talents to the highest bidder for the maximum benefit of the free enterprise system?

Second, non-competes are bad for the US economy. Unlike Massachusetts California does not honor them. Yet California has managed to create many more jobs and much more wealth than Massachusetts in the postwar period – despite the Bay state’s early lead in computers and telecommunications as well as DoD and DARPA funding.

Looks like EMC lost this one
If you are a California company following HP’s example could be profitable. As a law firm noted:

If an employee with a noncompetition agreement . . . joins a California company, there is a good chance that the California employee and the new employer may sue in California to invalidate the agreement . . . . The former employer will opt to sue in a state that enforces noncompetition agreements. . . . [U]ltimately, it may come down to whichever side can first obtain a judgment in its favor.

In other words: “you have a good case Mr. Donatelli. How much justice can you – and HP – afford?”

Bay state readers: throw off your chains
Bay state readers: contact your state rep and state senator to support House Bill 1794 that would outlaw all non-competes in the state. Yay!

Somehow I doubt EMC’s top brass is supporting this long overdue reform. But it will be good for you and and your children. Maybe EMC and other companies will be more considerate of employees if it is easier to leave.

The StorageMojo take
There is no evidence that non-competes have helped the economy or the companies that employ them, while hurting labor mobility. Let’s end this relic of medieval serfdom and give labor the same freedom accorded capital.

Hiring companies should also think hard about whether EMC execs are worth the hassle. I’ve seen too many EMC long-timers make a mess at their new company because of cultural differences. EMC’s unique culture has served them well, but it isn’t like most other tech companies.

Courteous comments welcome, of course. I wish HP luck with their new hire. Expect culture shock on both sides.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

I’m at SNW and learning a lot about the latest and greatest, including wordpress hacking.

I found this helpful Google warning when I went to the site this morning:

Oh, goodie.
Running the latest version of wordpress, so I *hope* that isn’t the problem.

Combed through the site files and found a few hundred suspicious cache files, which I deleted.

Also appears that my new theme, Thesis from DIYthemes, was hacked as well. Still sorting that out.

Update: It appears the culprit was a hacked “creative” coming in from IDG’s advertising network which reps for StorageMojo. I looked at the source and found no way to determine that.

So how does a “creative” get hacked? Are ad agencies being infiltrated by hackers? Did some idiot download a cute graphic and paste into a layout?

While I like my new theme, I’ve realized that its developers it know way less about security and software development than the WordPress team. And that gives me pause. End update.

Update II: Got another Google malware warning Saturday afternoon and was able to pull the offending script v fast. Also found a “WordPress” document that wasn’t part of WordPress at all. I hope that does it. End update II.

The StorageMojo take
The crack StorageMojo security team is on the case. Sorry for the disturbance.

Now back to our regularly unscheduled program.

Courteous comments welcome, of course.

Related posts:

1. StorageMojo back up! Nothing malicious going on, AFAIK. The latest version of the...
2. Price lists down up? Update: All -I think – the links have have been...
3. StorageMojo traveling Off to Boston for a group blogger tour today and...

Related posts brought to you by Yet Another Related Posts Plugin.

1. StorageMojo back up! Nothing malicious going on, AFAIK. The latest version of the...
2. Price lists down up? Update: All -I think – the links have have been...
3. StorageMojo traveling Off to Boston for a group blogger tour today and...

Or a reasonable facsimile thereof
If you are interested in Disaster Recovery check out Axxana. They solve the limited synchronous data copy distance problem with a black box designed for data. Concept is simple but getting the details right is hard.

The problem
Synchronous replication requires that apps wait until the remote site completes the write. Given the speed of light, that means that synch sites can’t be very far away. Certainly not the 300 miles the SEC would like to see for financial institutions – we still have a few of those, don’t we?

Axxana’s answer
No matter what happens in a plane crash, they always seem to be able to recover the “black box” that tells them what the plane was doing shortly before the crash. Axxana has developed a black box for data centers.

Here’s how they describe it:

The Phoenix Black Box is located near the storage system at the primary data center and records a synchronous data stream from the storage. At the same time, an asynchronous data replication system is moving data to a secondary data center (the remote recovery site). The Phoenix Black Box has to protect only the Gigabytes of data that would have been lost in a typical asynchronous replication scenario. Data is protected inside the Black Box during the course of the disaster and can be immediately extracted.

Data extraction is achieved either by:

• Physically locating the system by tracking the homing signal and connecting a laptop with an Axxana software component to the Phoenix System™ at the disaster site, or
• The self sufficient and well protected system transferring the data to the secondary site using highly resilient cellular broadband technology.

Your data phones home after a disaster.

Compelling economics
It will take a while to suss out all the implications, but one simple scenario is a company with 3 data centers around the world could in-source their DR strategy with the equivalent of synchronous data recovery. How much would that save?

Distribution
They are working with as many of the major vendors as they can to get the product to you through people you already deal with. Expect to see some announcements.

The StorageMojo take
They are in contention for StorageMojo’s “coolest new product as SNW” award. It looks like they can handle anything up to an A-bomb blast. If that happens even synchronous data replication may not work. Besides, a dirty bomb is much more likely. Happy thoughts, eh?

Comments welcome, of course. Guys, sorry if I jumped the gun. But when I saw the web site was up . . . .

Related posts:

1. StorageMojo@SNW next week Finally, SNW is back in Phoenix, an easy 2 hour...

Related posts brought to you by Yet Another Related Posts Plugin.

1. StorageMojo@SNW next week Finally, SNW is back in Phoenix, an easy 2 hour...

Stepping beyond marketing green-washing, the folks at Wikibon have done something. Tomorrow morning they’ll announce, along with California-based PG&E, Conserve IT,

. . . a first-of-its-kind service that accelerates the qualification of storage products for energy rebates and provides independent validation of energy efficiency for storage platforms from a number of leading vendors, spanning emerging Web 2.0 suppliers to the most recognized brands in the business.

Conserve IT was launched on behalf of IT customers in the Wikibon community who wanted to take advantage of the excellent programs PG&E and other utilities have put in place to conserve energy. The community felt that it could help to dramatically increase the participation of storage technologies which are major consumers of power and cooling in data centers. PG&E responded to Wikibon by allocating resources to help qualify additional storage technologies and providing guidance to the storage industry at large.

A watt saved is a watt earned
3PAR, Compellent, DataDirect Networks, EMC, Hitachi Data Systems, Nexsan and Xiotech, have signed on to the program. Customers who want PG&E’s incentives must be accepted into the program before buying new equipment.

PG&E has long understood that conservation cuts their marginal cost of power. Since that power is the most expensive they buy – usually natural gas-fired turbines – it is cheaper for them to pay customers to conserve power than building more power plants. Faster and better for the environment too.

The StorageMojo take
Kudos to Wikibon for sheparding this program and to PG&E and the storage companies for their support. Now it is up to the customers to take the next step.

Of course, looking at the companies involved, you are wondering “where are HP, IBM, Sun and NetApp?” I hope they are already in process, but if not, get the lead out. Company reps are invited to comment to update StorageMojo readers on your progress.

Comments welcome, of course.

Related posts:

1. WD’s new 2TB drive delivers on green promise Triple your data center’s storage capacity – without increasing power...

Related posts brought to you by Yet Another Related Posts Plugin.

1. WD’s new 2TB drive delivers on green promise Triple your data center’s storage capacity – without increasing power...

Getting rid of the hacked files and spam links wasn’t the end of it
Dreamhost notified me that the load on my server was excessive and they’d disabled StorageMojo.

Yikes! Had I been hacked again? DDOS attack? What?

Building the correct mental model
In short order I brought up my SFTP client, my tracking site, the Dreamhost webpanel and my son on chat. He had me toss a new index.html file into the site folder to let people know that the problem was getting addressed.

On to problem solving
It took a while to figure it out because I’d never seen it before.

The load was coming from Google referrals for charming search terms that I’m going to misspell on purpose in hopes of not attracting similar traffic:

• download sh*mail
• downlode free 1ndian s3x movies
• pharmasuitical affiliate prom0
• 0rgish/behe*ding
• h1nd1 p0rn m0v1es

*Lots* of pee-oh-rn requests for many different ethnic types. Some things are universal – at least among guys.

There were no hacked files still on StorageMojo – I’d gotten them all last week and they were still gone. But the tracking site was referring to them, so for a while I thought they were there but that for some reason I couldn’t see them.

But then my son checked what happened when someone tried to go to the spam links. The site was delivering a “system error” message – not the static 404 page I’d expect – so the site wasn’t delivering the spam content and it really was gone. Presumably processing for the “system error” page created much of the extra overhead Dreamhost was seeing.

For a while StorageMojo was getting thousands of hits an hour from these Google referrals. At some point Google must have crawled the site again, saw the content was no longer there, and stopped referring people.

Not a moment too soon!

So what was this all about?
My son hypothesized:

This looks like a two-step scheme…step one is that they hacked your site and got all those bad SEO files uploaded. Step two is to send lots of fake Google traffic through your site to increase PageRank.

Then I went one step further and checked out one of the spam pages that Google had cached. In big bright colors it told me that my XP system was infected with viruses and I should download their *free* virus scanner.

Whoa, scary. Except I’m on a Mac.

Botnet recruitment? I don’t know.

The StorageMojo take
I’ve made a number of changes to tighten up StorageMojo. As I was researching this I found that there are many security “folk remedies” out there, but very little on what the high priority issues are.

Keeping software up to date seems to be the critical success factor – and sad to say, I’d been lax. In addition to keeping current I’m now checking my site files more often among other changes.

Hopefully these requests will tail off as Google stops referring people. And StorageMojo can go back to being a quiet little site.

Thank you for your patience.

Comments welcome, of course.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

I had a con call with Chris Gladwin and Russ Kennedy of Cleversafe a couple of weeks ago. They’ve come to market with a product line that seeks to deliver:

• Massive scalability to meet growing digital content requirements
• Unprecedented Security and Privacy for critical digital assets
• Survivability against disasters, dishonesty and time
• Extremely cost-effective infrastructure compared to traditional methods

That’s a quote from their pitch.

Cleversafe’s product line
Cleversafe, IIRC, started as a software company, but their announced products come in nice rack-mountable boxes. There are 3 of them:

• CS Slicestor – Dispersed Storage server – $11.3k
• CS Accesser – Dispersed Storage router – $12.3k
• CS Manager – Dispersed Storage network manager – $12.3k

The Slicestor is a 1U storage server containing 4 disks. The Accessor slices up the data and distributes it – think slice router. The Manager works out of band to monitor and manage the storage network components.

I assume the pricing includes some room for volume discounts. There is an open-source version (c. 2006) of the software. The company intends to offer a software-only version as well.

Why hardware?
The Conventional Wisdom in VC circles is that tin-wrapped software ramps revenues faster – hey, you’re selling tin + bits – at the cost of lower margins and loss of focus.

Qualifying hardware is non-trivial; so you tend to stay on one platform longer than you should. At liquidity event time, software companies fetch higher multiples, so it may be a net loss. VCs live by the Golden Rule: he who has the gold makes the rules.

What it does
Cleversafe has an iSCSI or block storage interface. It takes the data, slices it into small pieces using Information Dispersal Algorithms and then ships the slices off to storage either locally or around the world.

In the latest version you can specify how many slices the system makes and how many slices are required to rebuild the data. If you have 11 data centers around the world, you can specify that, say, 6 are required to recreate the data.

You could lose access to 5 data centers and still recover. If the local controlling authority busts into 3 or 4 data centers, they get nothing. Pretty cool if you worry about corrupt government officials getting hold of your company secrets.

The company is planning on adding FTP, CIFS and NFS in the fullness of time.

How well it works
Cleversafe claims that given sufficient low-latency bandwidth the dispersed storage is as fast as a local disk. That’s a tall order, but for now I’ll take their word for it.

Who should buy it?
The company is aiming the Dispersed Storage Network at ISPs to offer as a service and multinationals with round the clock operations and critical data.

How it works
Cleversafe uses Cauchy Reed Solomon erasure codes to slice and dice the data. These codes have several advantages:

• More capacity efficient and failure tolerant than parity codes
• Doesn’t require a license
• Code and decode are faster than other stack operations

If you’d like to play with Cauchy Reed Solomon, check out Dr. Jim Plank’s software page which includes

. . . Reed-Solomon coding, Cauchy Reed-Solomon coding, general bit-matrix coding, Reed-Solomon coding optimized for RAID-6, and Liberation coding. The documentation provides some tutorial material on matrix and bit-matrix based erasure coding.

I met the good doctor at FAST, where he was delighted to find that Clevesafe – also a FAST presenter – was using techniques he’d worked on a decade ago.

The StorageMojo take
I’m impressed with what Cleversafe has done. They will look even smarter after EMC’s Hulk/Maui announcement this spring. I suspect they’ll be bought by year’s end.

Kudos to the Cleversafe team.

Comments welcome, of course.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

What’s wrong with White House backup?
I published a review of David Gewirtz’s book Where Have All the Emails Gone? over on ZDnet.

A quick overview:

• The White House may or may not have lost 5 million emails. They aren’t sure.
• Gewirtz, an email expert, started investigating the White House email infrastructure and found:
• The mail archiving process is unprofessional and unworkable.
• The claimed loss of email in a Notes to Exchange migration is highly unlikely.
• Over 100 million emails from the White House were sent through an insecure ISP in Chattanooga TN.
• Existing law – the Hatch Act – mandates an external email system for partisan political activity, a ludicrous requirement in a 7×24 Washington.

The Hatch Act prescribes what partisan political activities are acceptable for federal employees. One of the prohibitions is the partisan use of government property. While a good idea in general, in the case of telecom the prohibition is senseless.

White House communications need to be secure. When we force White House employees to use multiple email, IM and computer systems it is inevitable that material received on the internal system will go out over the external system. A single secure system is easier to achieve.

This isn’t about George Bush
This is about maintaining records so the next administration can know how policy got developed and what committments were made. I’ll let others worry about if the loss of the emails was part of a deliberate attempt to cover up criminal activity.

Ironic, isn’t it?
American companies are spending billions for backup and archive software and hardware. But the White House, head of an executive branch with a $3 trillion budget, can’t manage its email backups despite a clear legal requirement to do so under the Presidential Records Act?

The StorageMojo take
Gewirtz recommends that a professional, non-partisan IT organization be detailed with the job of protecting and archiving all White House email communications. There are many groups with the ability and the motive to snoop White House email going out over the public Internet. That has to stop.

Making a single entity responsible, as the Secret Service is for Presidential safety, is the best way to ensure that vital public records are protected. It will also help remind White House officials that they are accountable to the people of the United States.

Comments welcome, as always. BTW, Congress also needs to clean up its data protection act. It is less urgent thant the White House, but just as important.

Update: As luck would have it the New York Times reports another Bush attack on America’s right to know. After passing Congress unanimously he’s gutting the latest freedom-of-information law in the budget. A new high in bipartisanship! Less than a year to go!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

What’s the difference?
I came across a thoughtful essay on the “Top Ten Differences between Disk-based Archive & Disk-based Storage” in the MatrixStore blog. MatrixStore is a Mac cluster-based disk archive for Apple’s to-be-announced-RSN Final Cut Server.

MatrixStore is focused on one market segment – video content archiving – but their comments seem to be generally applicable. With 2008′s likely focus on the disk-based backup and archive market, it is worth starting the conversation now.

Key points
SANs aren’t designed for archiving.

Reason 1.

If you are archiving your data, it’s probably because you don’t want to lose it.

Raison d’etre for a disk based archive? To keep data – safe. For a SAN? Speed of delivery, QoS… You wouldn’t put 256 bit delivery checksums into a SAN; SANs cut corners on flushing to disk; SANs don’t build in search or audit-trails, or security; SANs can down completely because of single-points-of-failure in the hardware; a bad software update in a SAN and…. Don’t do it. With nursing care and attention they can run fine for years, but they are inherently tightly coupled, software version sensitive, high maintenance, error prone and hardware technology dependent… even if they are brilliant at fast storage and delivery of information…

A disk-based archive must be: loosely coupled and free from dependencies between hardware components on independent nodes (surely the greatest example of a loosely coupled solution is the world-wide-web; you have no fear on the www that a server going down, say, hosting an IBM site, is going to bring down another in Cupertino!); free from requiring constant latest updates to software/firmware; able to guarantee safe delivery and storage of data; and basically, able to safely, securely store and protect data for year upon year, without complications, manual intervention, spanners…

Archives must be engineered for easy adoption of new technology
In storage everything is cheaper next quarter. So why buy now?

Reason 2.

There’ll be bigger, better, cheaper, more efficient disks in 2009, and in 2010, and in 2011…

Will there be bigger, better, cheaper, more energy efficient storage devices coming out this year, and every year that follows? Yes, of course there will be.

In your SAN do you have to mirror between like-sized devices? What happens when one of those devices goes down in 2 years time? Do you end up throwing away the good device? In your SAN can you bolt on new technologies as they arrive; holographic disks that store 10TB a shot, or new fibre connectors?

In ZFS can you decommission a part of a storage pool, replacing it with new storage devices without significant bleeding edge techniques and without disrupting the rest? Ideally, it be great to bolt new technology into an archive, as and when they arrive, rolling out old technologies if they reach the point of diminishing returns; to be able to do that whilst always seeing a single archive storage cluster; and without a maintenance or data migration headache; or should I say; without risk. A disk based archive can achieve that, if selected carefully.

Vendor handcuffs
Long-term storage and proprietary products don’t mix. Along with upgradeability-in-place, this should be high on customer checklists.

Reason 3.

Vendor tie-in is more like Vendor hand-cuffs.

OK – this isn’t strictly about SAN vs Disk based archiving; but fact of the matter is that most SAN/any other disk-based storage solutions tie you in to a particular vendor, which is great when they are supplying the ‘best-in-class’ solution of the moment at time of purchase, but not quite so clever when you come to upgrade that solution a year down the line and they aren’t offering the best in class anymore.

The archive should be vendor independent otherwise, for many reasons, you’re just creating tomorrow’s headache with a solution from yesteryear.

Stability and security

Reason 5.

Viruses. Hackers.

Choice one:

“out of the box” configured with encryption, firewalled, data locked down, all access to data routed through PPK, all maintenance functionality requiring 256 bit passwords.

Choice two:

bolt on each of the above to your favourite SAN/filesystem. Wait five years as your conglomerate of software solutions evolve (along with the workforce) and cross fingers. A disk-based archive must be secure out-of-the-box.

There’s more, of course, and if you are interested please read the whole essay and respond here with your thoughts so every one can see and respond.

The StorageMojo take
EMC’s upcoming backup and archive cluster, code-named Hulk/Maui (HW/SW), will drive a lot of customers to think about this topic. Of course, EMC’s famously disciplined sales force will scrupulously limit Hulk/Maui sales to B&A applications for the first several months weeks days hours after its release. Once the customer utters the magic word “Isilon” Hulk/Maui will suddenly be ready for enterprise use.

[I hope someone has mentioned this to the Maui engineers: forget about summer vacation.]

Disk-based backup and archive is a fast growing application with very different requirements from SANs, arrays and fast NAS boxes. Data migrations will be increasingly infeasible. Management has to be stoner-on-the-night-shift-proof. And the data can’t be held hostage by proprietary standards.

Companies do discontinue products or go bankrupt, after all.

Comments welcome, of course. Anything else?

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.