Tag Archive: xda developers


Megaupload’s demise: What happens to your files when a cloud service dies?

Filed under: COMPUTING, INTERNET, WEBLeave a comment
January 23, 2012

Surya R Praveen Megaupload gravestone: RIP

If you’re only just joining us, late yesterday the US Department of Justice shut down Megaupload, arrested seven employees, and seized assets worth more than $50 million (including three 82-inch TVs, two 108-inch TVs, 14 Mercedes, and other rich boys’ toys). This huge indictment poses many questions, but today we’re going to look at just one of them: What happens to all of those files that people had stored on Megaupload’s servers?

This morning the web is littered with hundreds of millions of broken Megaupload links. There was no warning, no preamble: If you stored files on Megaupload, they are gone — at least for now. So you have some idea of the scale of Megaupload, a quick search on XDA-Developers for “megaupload” returns some 226,000 hits. There are hundreds if not thousands of forums on the internet that are similar in scale to XDA-Developers.

It is possible that Megaupload’s servers will be brought back online, but only if Megaupload and its employees are found innocent — and in all likelihood, the trial and sentencing process will take months. Even if Megaupload does return, there’s no guarantee that your files will still be there.

In short, if you stored important files on Megaupload, I really hope you had an up-to-date backup on your computer.

Surya R Praveen Megaupload... timed out

The folly of cloud storage

There have always been two major concerns about cloud services in general, and cloud storage (Dropbox, Megaupload, SkyDrive, iCloud, and so on). The first is privacy: When you upload data to a third party, there’s always the risk that they can look at the contents of your files. Some cloud providers securely encrypt data, but many don’t. The second issue is data security and integrity: Does the third party keep a tight ship against hackers? What happens if a hard drive fails? What protections have the cloud provider put in place to mitigate against natural disasters, bankruptcy, or being shut down by the Feds?

For the most part, the only real way of ameliorating these concerns is by doing an awful lot of research before pushing in your chips. Even then, though, you would be hard pressed to find a cloud storage provider that offers an easy way to migrate your data in case of bankruptcy. If Dropbox decides to shut down, the only way to transfer data to another cyberlocker is to download it and re-upload to another service. If you’re an enterprise customer using Microsoft Azure or Amazon AWS, you should probably be given help to migrate your data to another provider. In the case of a federal indictment, though, I don’t think any cloud provider really offers a way out — and if there’s an earthquake, you better hope that they kept an off-site backup (and you can bet that consumer services like Dropbox or Backblaze don’t).

At the end of the day, though, the only other option is keeping your own backups on some kind of NAS and maintaining your own off-site backups — which is feasible, and how many companies and individuals choose to do it, but rife with its own issues. Cloud storage is so simple — it’s the epitome of fire-and-forget — that you forget about the risks… and then Megaupload gets shut down.

Surya R Praveen Modern kids are more attached to their computer than their familySo, what happens to my files when a cloud service dies?

Assuming the midden hits the windmill, then, and your cloud storage provider goes offline without notice — what happens to your files?

In Megaupload’s case, where some 1,000 servers (and thousands of hard drives) were seized, the Feds will probably pore through your files looking for evidence that improves their chance of a conviction. It’s almost guaranteed that Megaupload stored the IP address of file uploaders, and the Feds could pursue individual copyright infringement cases at a later date. If Dropbox was ever indicted of similar charges, the situation would probably be the same.

For consumer-oriented services that are more aboutbackup than file sharing — Backblaze, for example — your files would probably remain in the digital ether, encrypted for all eternity. It’s unlikely that a backup provider would ever be shut down, but it could go bankrupt. In such a situation, you would probably be given a week or month to grab all your data — and then that would be it. There is no chance of Backblaze sending you a hard drive with your data on, for example.

Finally, at the enterprise level — Azure, AWS, Rackspace, etc. — it’s likely that you would be given ample opportunity to recover your files, and you might even receive help in migrating your data directly to another cloud service. In this case, if you’re storing terabytes of data in the cloud, you could probably even request that your data be returned via FedExed hard drives.

Source

Tags: , , , , ,
Comment

Android for Dummies: Make your own build of CyanogenMod

Filed under: COMPUTING, MOBILE1 Comment
January 3, 2012

Surya R Praveen Android Development for dummies

For those of our readers that are looking to get into Android ROM development, but may not know where to start, there is a new tool created by XDA developer Lithid that will allow you to start some basic experimenting using the popular CyanogenMod ROM. The project, entitled CyanogenMod Compiler (CMC), allows users to tweak some simple settings such as wallpapers and language packs then compile ROM builds from the CM repository.

Built using Ubuntu, CMC is a simple Bash wrapper around the CM repo that uses pre-loaded scripts to allow small changes before compiling an updated nightly build of the CM ROM. For advanced users, this tool will seem very elementary as it really is geared towards the casual beginner. The changes that CMC allows a user to make are small and have very little impact on the ROM as a whole.

Surya R Praveen CyanogenMod Compiler

Novices will find CMC handy because of the simple GUI (pictured above) that the wrapper provides, eliminating the need to know command line syntax to make modifications or to initiate the build. A user simply has to type in the corresponding number of the operation they want run, then hit enter and sit back and wait for the build to complete.

The tool is in its alpha stages right now, and as such has some bugs to be worked out. Currently it is only usable in Linux or in a Mac OS X terminal application. Windows compatibility as well as the ability to use plug-ins to make further changes are on the long list of upcoming features to be added at a later time.

It needs to be stated that CMC is in no way affiliated with the CyanogenMod team or project, and isn’t endorsed by the CM team. That being said, CMC is a well-intentioned tool to help users create personal nightlies for their CM compatible device.

Read more at XDA Developers

Source

Tags: , , , , ,
Comment

EFF reverse engineers Carrier IQ

Filed under: COMPUTING, MOBILE1 Comment
December 23, 2011

Surya R Praveen Big Brother 1984, Ingsoc vs. Carrier IQ

At this point we have a fairly good idea ofwhat Carrier IQ is, and which manufacturers and carriers see fit to install it on their phones, but the Electronic Frontier Foundation (EFF) — the preeminent protector of your digital rights — has taken it one step further and reverse engineered some of the program’s code to work out what’s actually going on.

There are three parts to a Carrier IQ installation on your phone: The program itself, which captures your keystrokes and other “metrics”; a configuration file, which varies from handset to handset and carrier to carrier; and a database that stores your actions until it can be transmitted to the carrier. Now, the Carrier IQ program is a binary application and fairly hard to reverse engineer, and the database sounds like it’s stored in RAM and thus hard to obtain — but the configuration profile… well, it turns out that that is very easy to crack.

An EFF volunteer, Jered Wierzbicki, reverse engineered the format of these profiles — which were unencrypted — and now, if you understand the Forth programming language, you can see the rules that dictate when Carrier IQ transmits your data to the carrier, and in some cases a hint of what data is being captured. Better yet, Wierzbicki has shared his findings in the form of IQIQ, a program that parse your phone’s Carrier IQ profile into a human-readable XML format.

If you don’t read Forth, you can see an annotated version of the default T-Mobile Carrier IQ profile — but only the section that defines when a handset tries to send data home. The complete, uncommented profile contains rules about which data (“metrics” in codespeak) should be uploaded to the carrier, but as we have no idea what “SS10,” “SS2A,” and myriad other metrics are, we can’t draw many conclusions.

Surya R Praveen Carrier IQ network schematic/topography

The EFF now has a call-out on XDA-Developers asking Android users to upload their profiles so that Carrier IQ can be better understood. If you have a rooted phone, you’re strongly encouraged to help out — it doesn’t take long to scan your phone for the files, and there’s no risk involved. Don’t forget, though, if you already have CyanogenMod installed, Carrier IQ won’t be on there.

Ultimately, Carrier IQ — not the carriers — aren’t going to tell us the exact extent of the data being keylogged by our own phones. Senator Al Franken squeezed a fair bit of data out of the carriers and OEMs, and he’ll no doubt go back for more, but it’s almost guaranteed that the corporate overlords are holding data back. Hopefully, if the community can produce enough data points, and perhaps if the Carrier IQ software itself can be reverse engineered, we should be able to answer the remaining questions ourselves.

Read more at EFF

Source

Tags: , , , , ,
Comment