Insights For Success

Strategy, Innovation, Leadership and Security

Cloud computing

Google to rebrand music service to Youtube Music

GeneralEdward Kiledjian

It seems not a week goes by without Google renaming, cancelling or somehow changing one of its services. Google will update its music service with the hope of dethroning  Spotify and Apple Music. 

Google will leverage its most recognized media brand to give music a fighting chance. So you will soon welcome YouTube Music into this world. 

On Tuesday, May 22, we’ll be changing that by introducing YouTube Music, a new music streaming service made for music with the magic of YouTube
— Elias Roman, Product Manager - YouTube Music


Early information suggests it will marry the substantial unique music of Youtube (live performances, covers, etc.) to advanced discovery probably powered by AI. 

This new service will (eventually) replace Google Music. Taking a page out of the Youtube and Spotify playbooks, they will offer a limited ad-supported free tier. Music lovers will be able to buy a $9.99 per month subscription to YouTube Music Premium which will offer ad-free listening. 

Youtube Music will firsts roll out to the U.S., Australia, New Zealand, Mexico and South Korea. Once again Canada is a second-class citizen. Other key markets will launch "soon" including Austria, Canada, Denmark, Finland, France, Germany, Ireland, Italy, Norway, Russia, Spain, Sweden, Switzerland and the United Kingdom. 

You can sign up to their availability tracker here music.youtube.com/coming-soon

Source : Youtube blog

Review of SpiderOak encrypted online storage

GeneralEdward Kiledjian

Right or wrong, Edward Snowden has become the poster child for online privacy. He has been adamant that anyone interested in true online security should stay away from the name brand online services : Dropbox, Facebook, Google, etc.

Trust No One Security

Before we talk about SpiderOak, this is a good time to write about TNO (Trust No One Security model). This is a philosophy that dictates that anytime security is needed, strong encryption must be applied and the keys to that encryption must be kept in the hands of the user. 

As an example, anytime you conduct online transactions with your bank, you connection is encrypted using end-to-end encryption (TLS) but the keys are held by the bank and created by a certificate authority. Either of those 2 can therefore intercept and decrypt the traffic if they have malicious intent. 

In the TNO model, the provider does not hold the keys to the kingdom and cannot therefore decrypt or access the data in its native format. 

Anytime a provider has the capability of resetting your password, it means it is NOT TNO and it means the provider can access your data. If they can access your data, that means a hacker may also be able to compromise their systems and access your data.

What is SpiderOak?

Unless you are a techie or a security person, you probably haven't heard about SpiderOak. Short of rolling your own cloud service, SpiderOak is the most secure commercially available TNO cloud service around.

The key to the magical security they provide is that your client encrypts all of the data on your computer before being sent through the security hostile internet to SpiderOak. They cannot see the content and if you love you password (aka encryption key), you have to create a new account and restart from scratch.

So you get Dropbox, Google Drive and Microsoft OneDrive like features, without having to trust the provider. 

Why is TNO important?

Governments are becoming very hostile towards individual privacy. The Snowden leaks have shown that the secret FISA courts allow law enforcement to compel the turnover of user data without having the ability to notify them. With most cloud storage companies, this means they (or a hacker) can gain access to your data and then do with it whatever they want.

With SpiderOak's encryption model, they can turn over your encrypted data but they do not hold the decryption keys. The encryption is strong enough to make forced automated decryption unpractical. This means they would have to secure a court order and force you to hand over the decryption keys.

If a hacker does compromise the SpiderOak servers, the data is once again encrypted and therefore unusable by these bad actors. 

It also means they are not and cannot use your data to profile you. 

SpiderOak features

So you are convinced they offer the kind of security you want. What about features you say.

First and foremost, they offer automatic (on change) backups. This is a set and forget model that works in the background.  There is no file size limit. There is no file type restrictions. No bandwidth control or throttling on their end (some providers slow down your connection if you try backing up large amounts of files to protect the responsiveness of their service for their entire user population). 

It can backup mapped (external USB connected) drives. 

Any issues with SpiderOak?

Files are encrypted on your device and SpiderOak cannot access them unencrypted so they are unable to offer offline file delivery (sending you a hard drive with your files). 

Anytime my computer is disconnected for a while, Backblaze sends me alerts notifying me it hasn't been able to backup my files in XX days. SpiderOak has no such notification mechanism. They could implement this even with the TNO model.

During my testing, I simulated an unreliable WIFI connection to see how the client would react and eventually it hung. Even when the connection became stable and on for 8+ hours, the client stopped backing up. Rebooting didn't help. I was forced to uninstall the client, reinstall it and create a completely new backup set. This was a bit annoying. The doubly annoying issue was that support is only available through email. Support seems to be available during standard north american business hours and usually response takes 5-8 hours.

Another issue is that although they offer mobile clients (IOS and Android), those clients are read-only (aka you can't upload content). SpiderOak did say they are working to add this functionality but they didn't provide any timeline. "Currently, you are unable to upload documents using the Mobile Application. We are working on including this feature in a future release." (mobile info)

There is no way to identify a connection as "metered" and tell it not to backup using that connection (like a pay per use WIFI LTE hotspot).

Not a technical issue but the pricing is a bit more expensive than I would have hoped. I am willing to pay more for security but wish they offered more storage with each paid tier. 1TB of storage on Google and Dropbox costs $9.99 a month.

My experience

Overall my experience was good but not great. Because plans are capacity based, you can sync as many devices you want. Because everything is encrypted, there are no file type restrictions. 

Versioning worked well. They seem to use a bit level delta storage function which means you aren't consuming space for the entire file with every version.

SpiderOak provides tones of information about security. 

Files can only be permanently deleted from the original device they were uploaded from. This is a great feature.

You can right click on any folder (or file) in Windows explorer or the Mac finder and ask SpiderOak to back it up. Easy. 

You can download backed up files to any computer via the web interface.

Conclusion

There are small annoying things I would like them to solve but no major show stoppers. My biggest gripe is not being able to upload via mobile or Chromebook. I really wish they would solve this. 

Outside of that, I like everything else I have seen and think they should be your go to provider for safe and secure online storage.

Related articles:

  • Bruce Schnier on TNO here
  • Steve Gibson on TNO here.

Did iCloud just get hacked?

technologyEdward Kiledjian
Image by Johan Viirok used under Creative Commons License

Image by Johan Viirok used under Creative Commons License

Ordinarily, a bad actor would have to steal some of your information before breaking into your 2-factor protected iCloud account. They would need your AppleID, your password and a 2-factor authentication code (or a digital token stolen from an authenticated device like a laptop or desktop).

Now everyone's favorite russian purveyor of fine cracking software, Elcomsoft (link), has a tool called Phone Breaker. This new software requires the aforementioned information but then creates a permanent authentication token which means they won't have to re-authenticate until you change your password. 

It also has a long list of "wonderful" features to make stealing information easier. Sure law enforcement uses this but does anyone believe they use it for legal purposes with a warrant or that other more nefarious bad actors won't use it?

How BestBuy is preventing the sale of Google's Chromebooks

technologyEdward Kiledjian
Image by John Karakatsanis used under Creative Commons License.

Image by John Karakatsanis used under Creative Commons License.

What is a Chromebook?

Google's Chromebook is a specially designed internet connected computing device that run the search giant's ChromeOS operating system. Gartner, an industry think tank, believes Chromebook sales will triple to 14.2M units by 2017 (link). 

Chromebook were initially seen as the reincarnation of the dreadfully crappy netbooks so sales were slow but today many mainstream consumers see it as a viable alternative to expensive and difficult to maintain traditional desktops and laptops (running Windows or MacOS).

Manufacturers have really jumped on the Chromebook bandwagon by designing and selling well built, thoughtfully designed devices at very reasonable prices (HP, Dell, Acer, Asus, Samsung).

As consumers rely more and more on internet based services (instead of traditional PC installed fat applications) the transition to these types of internet terminal devices becomes a much easier proposition.

Microsoft is now seeing Chromebooks as a real threat to its long term profitability and is trying to fight back by offering $0 Windows licenses on certain lower spec small screen devices. We have seen a handful of OEMs jump on the small free windows license bandwagon but it still hasn't set the world on fire. Microsoft should be worried because not only as consumers starting to move to Chromebooks but many schools are choosing to equip their students with them. They are cheap, low maintenance and kids aren't walking around with $600 highly desirable iPad tablet in their backpacks (making them targets for theft).

What can BestBuy do?

I went to a local BestBuy on Friday to pickup a tablet and while I waited for a rep in blue to serve me, I listened in on an interesting conversation between a BestBuy Canada associate and a customer. 

A mid 60's year old man had come into a local BestBuy store to look at the various Chromebooks. He explained to the rep that he had basic needs to browse the web and his son had recommended he get a Chromebook.

The rep started to explain how that was a bad idea. He explained that Chromebooks were underpowered glorified browsers. He then asked the customer if he would ever need to write documents using Microsoft Word and the customer said he does need need to write basic letters a couple of times a year. The rep then asked if the customer wanted to hookup an external display and the customer said yes. The rep then said for these reasons, he doesn't recommend a Chromebook and instead recommends he buy a $1000 Macbook Air.

Now I use a Macbook Pro at home and absolutely love it but man was this rep wrong. At some point the rep went to help a colleague find an item in the back store, at which time I interviewed. I explained how the Chromebook works, the fact that the device requires no maintenance. I explained that ChromeOS is much less susceptible to virus' and that in the event he "breaks" something, he could recover the machine to factory new in under a minute using PowerWash. 

I explained that Google offers a free online Word processor and showed it to him on one of the demo machines. I then explained how all of Google's services (including Google Play Music) work perfectly and seamlessly on the Chromebook.

I explained how you could hook up an external screen using the Acer C720P's HDMI port (which was the device he was standing in front of). I the walked him through the process of sending content to his TV using the $30 Chromecast.

Finally I showed him the remaining ports, explained how he could use this device to backup his pictures to the Google Cloud, explained how to hookup a printer using Google Cloud Print and the guy was sold.

A couple of minutes before, the customer was about to walk out of the store empty handed ($1000 was more than he wanted to spend) and now he was asking the associate for 2 Acer C720Ps. 

If Google wants the Chromebook to succeed, they need to work with their partner retailers to ensure all of the associates at least have a basic understanding of the technology. They should also offer free only courses on how to use a Chromebook and how to perform common important everyday tasks (setup a printer, connect a screen, stream content to a Chromecast, etc).

Court stops Bitcasa from deleting your cloud storage files

technologyEdward Kiledjian
Image by Emil Indricău used under Creative Commons License

Image by Emil Indricău used under Creative Commons License

Bitcasa was a digital fairy tale story. when most cloud providers were charging $10 a month for 100 GB of storage, Bitcasa shook up the model by offering unlimited online cloud storage for on $99 a year (early subscribers were offered a $79 deal). 

They explained that this "magic" was possible because of their deep-deduplication technology which worked even though they claim all data is encrypted before being uploaded. 

Fast forward to 2014 and the company made enemies when it announced the end of its unlimited storage plans forcing customers to move to a more expensive (less storage) solution or lose their files. This was doubly troubling since their initial pitch was to use their service to offload files from your computer to free up space. This means many users likely don't have local backup copies of their data.

Some very angry customers have filed a class action lawsuit against Bitcasa for alleged brief of contract. The court hearing the case has granted a temporary restraining order forcing the double crossing cloud provider to save all customer files at least until November 20. 

Funny enough, on November 15th, I received this email from Bitcasa

The above email makes it seem they extended the deadline out of the goodness of their hearts. You judge if this is above the board business practice

 

Source: 1, 2, 3