> -----Original Message----- > From: Michael Militzer [mailto:mich...@xvid.org] > Sent: January 28, 2011 6:30 AM > To: p2p-hackers@lists.zooko.com > Subject: Re: [p2p-hackers] P2P file storage systems
[snip] > These businesses often have better internet connections while > the amount of data to be transferred (with differential backup > techniques) is not very high. However, setting up an own remote > storage infrastructure is usually not economic and relying on > cloud storage services introduces new trust problems. So small > businesses need simple-to-use, inexpensive and trustworthy > remote storage. Here's where you are starting to detach from the reality :) For an average sysadmin employed by a small business the promise of a "secure backup" from a larger company like CrashPlan is all that's needed. For those rare gems that are indeed worried about confidentiality of the data, the "your data is triple encrypted with not one, not two, but three DES keys" will do it. Even if there will be a sysadmin wise enough to consider only open source solutions with published (and peer reviewed) protocol specs, they will be at best ignored by the management as complete nerds. And that's not even considering finer aspects of the open source in its application to establishing a trust in the software. In short, open source != trustworthy. Consider this, if a software developer is malicious in nature, he could still release the software in an open source form. All he needs to do next is to initialize app's internal random number generator in a predictable way, and then make prebuilt binaries available for download. You can rest assured that these is what will be used by 99.9% of his users. The 0.1% that would opt for building the binaries from scratch - oh, well, not a big deal. Open source does not imply trustworthiness. Extensively peer- reviewed, built from scratch open source does, but that is not the reality of open source. So in the end one will effectively need to rely on developer's word that it's all kosher. And now the question is how's that different from relying on a word of a larger company offering closed source solution? > This is by no means a new idea and there are cloud storage > services under development or already available that provide > you exactly this. However, because such service requires rather > much storage you won't get this for free. Also, there's a trust > problem as well even though it's "just" media data: > > If a central storage provider knows which media you store in > his system he will be able to deduce your interests (and use > for advertising, for instance). Further, the storage provider > could be forced or feel compelled to delete some of your data > - for example because of alleged copyright infringement. A simple solution is to generate an RSA keypair (and, say, first seed the PRNG with a long passphrase to be able to re-generate the keys if lost) and then just encrypt all that goes into the cloud. See http://www.tarsnap.com for a working example. It does not eliminate the issue of such storage costing money, but that would be a different problem to solve. -- Just don't get me wrong. I've been through this before with my own projects. I would run into a technicaly exciting idea and then I would jump in and start prototyping it. And in a bit I would realize that noone needs what I am building because they don't see the problem I am seeing. So I would need to *educate* them first and that's a completely different ball game, not my thing at all. In other words - just make sure you know what you are getting yourself into :) Alex _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
