Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Fair points. I've thought a lot about the security aspects, not as much about the DDOS aspects. Lets start with the only port this private cloud thing shows to Internet is the equivalent of a key authenticated SSH port. You're chrome book or laptop or phone can connect securely, everyone else is rather stuck. DDos is pretty easy to do address/port banning but not pure traffic banning. An IP transit provider could simply not pass traffic that wasn't SSH tunneled which could help.

So if you're in that world, now the attack vector is to get you to download something to your phone which can then use the tunnel to look at other stuff in your cloud. This isn't a whole lot different than now, phishing out your gmail password for example or keylogging it. VPN key stealing might be made more complicated by an authenticator type device (that may be too complex for Grandma though)

On the platform itself the OS isn't exposed. Not fun for computer people but better for Grandma. Jails/containers what not for apps which keep execution domains isolated, and resource consumption managed, Etc.

But to your point it isn't an "easy" solution to the problem of the ephemeralness of the cloud :-) but it does keep your access to stuff around. When I look at things like blu-ray players which run the script code in Blu-ray disks I think about virtual machines as containers might be an option here. Also running win98 in a vmware player. It is entirely concievable that some sort of environment is always virtualized for "long lived" compatibility.

Of course if I had all the answers I'd be hiring to build it rather than just making notes in my notebook :-)



> Lets start with the only port this private cloud thing shows to Internet is the equivalent of a key authenticated SSH port. You're chrome book or laptop or phone can connect securely, everyone else is rather stuck.

That makes your "cloud" into something more like an encrypted storage container than what we currently think of as a "cloud." How would something like, say, Flickr work on that? How would other people see the pictures you share?


Well the way I think about it Flickr is still a 'publication' service rather than a storage service. So you store your pictures in your cloud, you upload the ones you want to share to Flickr. This is the model my Dad uses for example (pushing images he wants to share to Picasa but leaving the bulk of his photos on a storage unit at home). His challenge was he decides he wants to share one while not at home, and he can't, but with this private cloud abstraction he can, he just shares it like it would from home, except rather than being at home and uploading it from his storage stack he is on the road and uploading from his storage stack.

When Picasa loses favor with Larry and gets shut down, his data is still safe he has just lost his ability to point people at Picasa and can switch to Flickr. My assertion (which I agree is yet unproven) is that we didn't start designing things this way because bandwidth to the cloud was always better than bandwidth to your 'home' (which was largely dial-up early on).

But unlike a pure storage container I'd love to be able to use an email service which will 'drop off' my email into this infrastructure, which I can read at my leisure but not have it stored in the 'cloud' where it can get lost (or perhaps spied upon).

In some ways your satellite TV receiver (especially if it has 'sling box' type capabilities) is sort of along the system design models of having a captive bit of compute/storage in your home that offers you service on the road and at home, and the vendor can push content into. Think about that for services other than just TV.


Beyond my expertise, but I think a (cryptographically sound) distributed publishing system would be possible. It looks like Freenet is a project doing something like this, but more as a way to anonymous and decentralized way to publish information. The kind of implementation I'm thinking of would have to allow for updates to propagate, or for pages to be deleted (at least in the sense that you can with Flickr, even though someone else might have made a copy).

http://en.wikipedia.org/wiki/Freenet#Distributed_storage_and...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: