Tag Archives: cloud

What happens when the cloud disappears?

Excellent post by Dave Winer on Gizmodo

Back then all this was much smaller. There were far fewer bloggers. Maybe thousands. Today there are millions. None of them are thinking about what happens when Tumblr or Blogger or WordPress or Facebook disappear. But come on — we almost know for certain that one of them will. Given enough time they will all disappear. Doesn’t it make sense to think, in advance about what will happen then? Technically there are good practices that exist right now, that could ameliorate the problems. Don’t we have a responsibility to implement them?

Which gets me to the beginning. Yesterday I wrote a piece where I said that the web is socialist. I strongly believe if you try to turn a community of bloggers into a property, someday you’ll wake up to the realization that you bought a bag of air. There’s nothing inside the walls that’s worth anything, from a dollar standpoint. What happens then dear blogger? Do you think anyone is going to subsidize the hosting? You will be on your own that day. And you very likely won’t have any recourse, any more than my users had in 2003. I promise you I was well-intentioned, but that didn’t save the sites. Good intentions are no answer. Saying they’re not your users won’t help either. In 2003 they weren’t mine because I was no longer employed by the company. No salary. No upside. Nothing. I quit for a very good reason. So why me? It was basically an accident that the hits were coming to my server. That didn’t matter to the users. Were they right? Hard to say. But it didn’t matter.

Hacked

A couple of weeks ago I logged into my Gmail and saw a warning that my account had been access by someone in Serbia.  I quickly changed my password and looked at my usage files and saw that yes my account had been access for a while from someone in Serbia.  I didn’t look like they sent any email but I have been finding a lot of email in my spam lately and people have been asking me about email and I hadn’t gotten it.  It was getting frustrating but I use Gmail so I would just blame SaskTel, Shaw or their own business email.

I don’t keep a lot of confidential emails in my account.  Wendy has access to it so and I have a pretty mundane life.  I do keep a tight track of my personal ID numbers and none of that is kept in my account but I never ever thought that could save me.  It looks like it did.

I contacted Google and thought about contacting the RCMP but at that time I wasn’t even sure at that time what had been done.

Google got back to me and outside of my spam folder being wrecked, a lot of emails had been trashed which were recoverable.  It wasn’t that bad.  What was bad was my password.  I was one of the first wave of Gmail users and switched right away.  I entered in a password and never changed it.  Over time what was a strong password had become a weak password and I paid the price.

Since that day my password has become a letter/number combo which is case sensitive.  There is no way to connected it to anything I have written or done.  It’s a strong password.  I have also enacted Google’s double verification for my email which means that when I log in to a strange computer, it sends a code to my cell phone which I have to enter.  Annoying but way more secure.

I am not alone in this, James Fallow’s wife went through a much worse experience than I did.  Here is what Fallows learned and I ignored.

But there is a middle ground, of passwords strong enough to create problems for hackers and still simple enough to be manageable. There are more details on our site, but strategies include:

• Choose a long, familiar-to-you sequence of ordinary words, with spaces between them as in an ordinary sentence, which more and more sites now allow. “Lake Winnebago is deep and chilly,” for instance. Or “my favorite packer is not brett favre.” You could remember a phrase like that, but a hacker’s computer, which couldn’t tell spaces from characters, would see only one forbiddingly long password sequence.
• Choose a shorter sequence of words that are not “real” English words. I once lived in a Ghanaian village called Assin Fosu. I can remember its name easily, but it would be hard to guess. Even harder if I added numbers or characters.
• Choose a truly obscure, gibberish password—“V*!amYEg5M5!3R” is one I generated just now with the LastPass system, and you’re welcome to it—and then find a way to store it. Having it written down in your wallet is one, though the paper it’s on shouldn’t say “Passwords” at the top. The approach I prefer, and use for some passwords, is to entrust them to online managers like LastPass or RoboForm. Even if their corporate sites were hacked, that wouldn’t reveal all your passwords, since the programs work by storing part of the encoding information in the cloud and part on your own machine.

At a minimum, any step up from “password,” “123456,” or your own birthday is worthwhile.

Finally, use different passwords. Not hundreds of different ones, for the hundreds of different places that require logins of some kind. The guide should be: any site that matters needs its own password—one you don’t currently use for any other site, and that you have never used anywhere else.

“Using an important password anywhere else is just like mailing your house key to anyone who might be making a delivery,” Michael Jones of Google said. “If you use your password in two places, it is not a valid password.”

I asked my experts how many passwords they personally used. The highest I heard was “about a dozen.” The lowest was four, and the norm was five or six. They all stressed that they managed their passwords and sites in different categories. In my own case, there are five sites whose security really matters to me: my main e‑mail account, two credit-card sites, a banking account, and an investment firm. Each has its own, good password, never used anywhere else. Next are the sites I’d just as soon not have compromised: airline-mileage accounts, Amazon and Barnes & Noble, various message boards and memberships. I have two or three semi-strong passwords I use among all of them. If you hacked one of them you might hack the others, but I don’t really care. Then there is everything else, the thicket of annoying little logins we all deal with. I have one or two passwords for them too. By making it easy to deal with unimportant accounts, I can concentrate on protecting the ones that matter.

I wish I had taken his advice.  What a mess and I got off lucky.