[LINK] Cloud Computing Definition

stephen at melbpc.org.au stephen at melbpc.org.au
Fri Jul 26 20:42:11 AEST 2013 

Roger notes, (on the Link ANU mailing list)

> The NZ CloudCode v.2.0 has plenty wrong with it:
> http://www.thecloudcode.org/upload/files/NZCloudCode.pdf
>
> "Cloud Computing is on-demand scalable resources such as networks, 
> servers and applications which are provided as a service, are 
> accessible by the end user and can be rapidly provisioned and 
> released with minimal effort or service provider interaction".
>
> As they say, 'Discuss' ...


IMHO, this CloudCode V2 is dramatically flawed. 

As a supposed "CLOUD COMPUTING CODE OF PRACTICE", it's a joke. 

Not once does it appear to demonstrate any knowledge of, or consideration 
of, "zero-knowledge" cloud services in terms of current service providers.

By zero-knowledge, specifically I mean, protecting the service operators 
from the dangers of having readable databases of end-user data, and also 
simultaneously protecting the end user from a service provider amassing a 
collection of the user's data and history. 

For example, there is fully developed and about-to-be-released open source 
options for building secure cloud applications. 

One such is Crypton at https://crypton.io

Crypton is a framework that lets applications encrypt data in the browser 
before it is sent to a remote server.

For example: <http://www.arnnet.com.au/article/522058/open-
source_project_crypton_seeks_make_encryption_easier>

"Advancements in web browsers over the last few years have made Crypton 
possible .. engines in web browsers are now more powerful and can handle 
intensive encryption tasks such as generating the key needed to lock and 
unlock encrypted data," says SpiderOak CEO Ethan Oberman.

Users have peace of mind that even if a company was subpoenaed by a court, 
the company would not be able to decrypt the data, making it useless, 
Oberman said.

How secure data is from prying eyes and spies has become increasingly 
discussed after extensive U.S. government surveillance programs were 
revealed in June by former NSA contractor Edward Snowden.

"There are portions of our digital lives or our documents or things that 
are important to us that we do really want to retain privacy over," Oberman 
said. Crypton will work with desktop, web and mobile applications.

An early version of the code is already on GitHub, and a more complete 
version should be available in about six weeks. SpiderOak plans to license 
it under the AGPL version 3, which allows people to use Crypton for open-
source projects for free.

If a company wants to build a closed-source commercial service with Crypton 
and not contribute code changes back to the community, it can choose to pay 
SpiderOak a license fee, Oberman said ..

Cheers,
Stephen



Message sent using MelbPC WebMail Server

More information about the Link mailing list