As someone else said, why are there passwords in the logs? If these were submitted via POST (multipart), they would not be visible, right?
Then there's the issue of permissions. That's how these logs were visible. Why can't we scrap this idea of permissions? Plan 9 did it. The shared computing era ended long, long ago. If permissions are too error-prone for even the admin at IEEE to get right, how can users ever be expected to master permissions? They're not even being used for their original purpose - use on systems that were intended to be shared. Instead they're being used on systems that are not supposed to be shared with anyone. Think about this. Why do you need to have permissions on a system that is _not meant to be shared_? Who would introduce that into the design? It is a (poorly) repurposed relic.
As for plain text passwords, unless I read this wrong, the passwords were gleaned from server logs not a password database. It seems that people want to discuss "storing plaintext passwords" even though that had nothing to do with this incident.
How do users behind NAT run their own tent servers? If they can manage to run their own HTTPS servers from behind NAT, if they have those skills (not to mention a reachable IP), then why do they need tent? Couldn't they just host all their content on their own server? I can see tent as providing some sort of coordination of user data hosted on different servers, but I'm not seeing how tent enables users to host their own content and have full control over it. Maybe that's not the goal?
Correct me if I'm wrong but what this tent idea seems to lead to is a proliferation of tent service providers, not independent users running tent servers behind consumer ISP accounts. If that's true, then how can we be sure these service providers will not adopt the same sort of annoying monetization strategies of providers like Facebook and Twitter?
By no means am I suggesting tent could not be useful. I just want some clarification of what problem they are trying to solve. (There is no shortage of problems to choose from. :)
If users have an Internet connection at their home and are willing to accept the potential reliability issues associated with hosting a server at home then, by all means, host a server at home. UPnP NAT traversal is decently-supported in many consumer-oriented routers, as is dynamic DNS.
I wish that the tech community hadn't lost sight of this and formed this artificial distinction between the Internet and the "home Internet". We could have been focusing efforts on making hosting services on servers in users' homes easier, but the siren-song of offering hosted services to create recurring revenue streams won out.
Do you think the possibility of "always on" computers at home (e.g., running low power ARM CPU's) is a real one?
Would this change the way we think about "reliability"? (Of course the canonical example of the need to be "always on" is email. We've come to expect that the server handling our mail is always up.)
I think that low-power computers are the future of "always on". I'm migrating the "always on" home computers I use, and those of my family members, in that direction.
I don't think email is a good "host at home" candidate, personally. Anti-spam services benefit too much from an economy of scale that comes from shared hosting. Having said that, though, I've hosted my email (SMTP and IMAP) on a consumer-grade Internet since June 2004. I've had outages because of service-provider issues (Time Warner) once in awhile, but the outages of significant duration (24 - 36 hours) have been either I was using unreliable old hardware. In those outages my secondary MX picked up my mail just fine and I worked from cached email on my personal computers.
Assuming I was using more robust hardware or, for that matter, more simple hardware (a plug-computer that I could swap with a spare, moving an SD card containing all my email and configuration between) I wouldn't have ever had an outage longer than 8 hours since 2004. If the server was in a larger city (rather than the rural setting where it's hosted) I don't think I would have suffered thru than 8 hour power outage, either.
The Tent protocol sounds like something that would work best hosted by your ISP, a third-party hosting service, or a rented platform in a third-party data center ("the cloud"). (It actually sounds like a naive re-implementation of some of the functionality of SMTP.)
The things I'm most interested in hosting at home are things like home automation and Internet-connected appliances / devices. These products typically aren't going to be receiving requests from a large number of Internet hosts, don't necessarily need 24 x 7 uptime, and, most importantly, won't work if the home's Internet connection or power has failed (and, thus, don't gain any reliability benefit by being "cloud"-based).
I have a Mac Mini on 24/7 that's a web/mail/file server. This is for my small business, so there is activity but nothing heavy. Absolutely more than capable of adding a dozen people for social networking.
This consumes 12W while idle, which is probably 99.9% of the day, these are just background daemons carrying out requests all day for loading the website and sending/receiving email.
It's cheaper than a hosting service and I have 100% physical control over my server. If it goes down for a power outage or whatever, the same exact thing happens on Linode every few months. Email will just start to backlog until your server comes back online.
You are at the mercy of your ISP though, the biggest hurdle is port blocking if they're bastards about it. Most of them are, but there are ways around it.
This is the answer I was hoping for. I know of at least one solution for your ISP concerns. I think it will work very nicely.
ISP's can obviously block anything they want to block. But with bigger bandwidth and things like VOIP services on the rise I would think that means letting some regular customer UDP traffic pass in/out. In your opinion, would you think that most ISP's would not allow customers to keep some long-term UDP "connections" open on any port? I have not had any trouble with this in the places I've tried, but it's hard to know what most ISP's do. Honestly I just can't see any reason they would block a low number of low traffic UDP peer-to-peer connections per customer (the customer's social network), when you consider they are allowing things like Bittorrent which are huge network hogs by comparison and are being blatently used for the sole purpose of downloading bootlegged entertainment media from random strangers.
The interesting thing is that if we can achieve this sort of peer-to-peer social networking, concerns about email servers being online, at least with respect to mail that you send to people on your social network, may turn out to be less of an issue. Why do I say this? Because the reason you want your email servers to always be up is so you can receive mail as timely as possible. Ideally you would like to have near "real-time" mail. Otherwise, if time is not an issue, then storing messages for pickup later on, e.g. in the cloud, should be fine. But if you and I are both on a private peer-to-peer social network, all that's required to send "real-time" email (or whatever format of bits you choose) is that we are both logged in. We might leave low power machines on in order to stay logged in over long periods. I would guess this might be a much more popular form of "email" between friends and family.1 Remember the UNIX programs talk and finger?
1. Obviously there is no spam. The only people who can send and recieve mail to members of the peer-to-peer private social network are those who are logged in. Spammers can't log in. Nor can they be bothered to try to crack their way into myriad disparate small p2p social networks.
I've been having a server "always on" at home since the early 2000s (in the 90s I would've run a BBS if not for the fact that Norway have never had free local telephone service -- and we only had the one phone line).
If I used that availability to host a web page and/or receive email via smtp -- such services would certainly be handled handily by a solid-state disk and an arm cpu -- maybe a rasperry pi? Or just a cheap, rooted, android phone plugged into the charger. Then I'd have redundant networking (4g and wireless to my adsl2-line -- shouldn't be too hard to whip up something that would work, perhaps using the android scripting framework [1]).
Currently I use it to have access to some of my (personal) files, schedule/check on downloads and updates, and haven't quite been able to whip my providers broadband router into shape (the box tends to go flaky every 7-10 days of uptime, probably due to buggy wireless) -- so it's nothing I consider "service grade" right now.
But distributed twitter done right, with several layers of caching (see the Fielding thesis on REST [2]) -- shouldn't really need much in terms of traffic to host my tweets/updates.
I still think an smtp/mailinglist/uunet/usenet design would work/scale better though.
But then how would we track users, spam them with ads and monetize something that takes so little infrastructure to run in a decentralized manner that there is no real need to monetize it? /rant
If you and I have a peer-to-peer connection and I queue up some content for you and possibly others who are on our private network, and you choose to retrieve it, is that "hosting"?
Are these rules about what belongs in the cloud and what does not published somewhere? Who drafted them? Marketers? Do they apply to both home and business consumers?
C'mon.
(Now there may be some interesting uses for the cloud, for sure. But to suggest I have to upload everything I want to send you to someone else's server in "the cloud" before you can access it makes little sense, unless of course you are working for a cloud provider.)
I'm not talking about someone else's cloud server; I'm talking about your cloud server. The one that you will control because you pay for it.
(Interesting that you went from complaining about NAT to assuming that a P2P connection is established. Which is it? Anyway, I cut the knot; my cloud server suffers no NAT.)
Yes, I'll admit I did jump from HTTPS to P2P. Although, I'm assuming that Tent is capitalizing on the term "decentralized" as in P2P.
I do believe in the idea of using the cloud and having your own server. I hear you. I cut the knot myself. I'm just not sure that such use of cloud servers has to include storing lots of (sensitive) data on them. We all know that's been the marketing push. But I'm not convinced it's the wisest thing to do.
Think of it this way. That cloud server you pay for gives you a reachable IP, something maybe your ISP does not give you. What can you do with a reachable IP? You can use it to traverse NAT. And once you can do that, then many possibilities open up to you. The internet becomes vastly more functional.
From perusing the website in your profile some years ago I know that you were once interested in P2P. Have you "given up" on it?
Another reason I prefer storing data on my cloud server is that my home computer is now a laptop and I put it to sleep when I'm not around. (I guess this is kind of irrational; it wouldn't hurt to leave it on.)
Yes, I have pretty much given up on P2P because the cloud dropped in price much more rapidly than residential broadband has increased in performance. I first realized this when I noticed that Megaupload/Rapidshare were faster than BitTorrent. The reason I was interested in P2P was because it was cheaper, but now it isn't.
This makes it easier for me to understand your comments on P2P. Thanks for filling me in.
I might have guessed (incorrectly) that the reason you would suggest the cloud over home is security. Is it easier for me to secure my laptop behind my home ISP connection (by just disconnecting it; or relying on the ISP's DMZ, NAT and the lack of any programs listening for connections) than it is to secure a cloud server that is always on, always connected and always listening for connections?
Random thought: Does anyone ever use Wake-On-Lan anymore? Could it be useful in some present day context?
I think disconnecting is only useful for forensics (kicking out the bad guys after being owned). The real problem in security is how to be connected yet secure and IMO that's a software problem that's the same regardless of where you're located. Even at home, Tent has to be listening on port 80.
Is there really even a "right" or wrong" in this process? Isn't it more of a matter of being able to support your choice of design trade-offs with cogent arguments? And being able to persuade others?
There is no doubt some amount of "Why" questions that a developer can ignore. The ones that come from people who have not done their homework and thus have failed to locate the (obvious) answers. But any developer who thinks he can ignore each and every "Why" question, even if he's highly competent, is not someone I would trust with really important stuff. Is it that he is afraid of being "wrong"? That he does not have a good argument to make? Is he hesistant to say, "Honestly, I don't know. That is just the solution I chose." I don't see anything "wrong" with that. No single developer is going to be able to think of everything, of every possible solution or scenario. I thought that is an important reason behind something like code review.
The thing with LFS is that it would cause Linux users to learn. Not necessarily a bad thing. And I would predict it could lower their tolerance for the lots of the garbage that many ditributions force on them. (Like this brilliant move by Ubuntu!) Who knows, it could lead to a more DIY capable userbase.
They would not have to ask anyone how to remove things or plead with decision-makers to implement their desired changes, they'd just do it themselves.
But yeah, from what I know the Arch Linux distribution imposes a very minimal amount of "pre-configuration".
I've always found it easier to add stuff to a bare bones OS configuration than to remove it from a pre-configured one (you have to thoroughly understand what you're removing first; it's easy to break someone else's delicate Rube Goldberg contraption). But maybe that's just me.
>The thing with LFS is that it would cause Linux users to learn. Not necessarily a bad thing.
This is exactly why I stopped using RHEL and other distros back in the late 90's. I am very interested in learning - to some extent. Writing my own goddamned drivers for my ADSL modem was not what I had in mind. Canonical and Ubuntu have made huge strides forward for Linux in the marketplace.
Yeah, but who said anything about writing drivers? Very few people can do that. How about just really basic stuff, like how to not have ads for Amazon popping up when there is no need?
The driver issue is, in my opinion, the single biggest problem with not using Windows or Mac. If you just jump right into that issue i.e. that the latest driver for your peripehral is not going to be available for some time and ignore all the other benefits of Linux and other UNIX-like systems, then you could pretty easily conclude these systems are worthless. Hardware manufacturers don't care about them.
They only care about Windows and Mac.
But we all know these other systems like Linux are far from worthless.
Clearly, there is some middle ground.
You can still do a heck of a lot without the source code for the 2012 driver for Whiz Bang Hardware Component.
If Canonical and Ubuntu decided not to accept any binary blobs I wonder if the "strides" would seem as huge.
These days Ubuntu has made some seriously poor decisions; I won't deny that (Unity is a joke, this Amazon thing is a huge lol). But Canonical was vital in the push to get Linux on the desktop and to be accepted as more than a "hacker's playground" that is too hard to use for the average person.
Chromebooks and other low-cost appliances like it are successful in large part because of how easy Ubuntu/Canonical made it to transfer into the Linux world from Windows.
I personally use an Ubuntu 11.x build for everything these days (minus some plain Debian builds on my ARM7 devices), and I really like what they've done for Linux - even if the present stuff they've done has been a little stupid.
It's great to see Nature, itself a high-priced journal, running this story.
arXiv.org really makes downloading papers a breeze. If only it were so easy in other discliplines. It's a lot easier than downloading articles from, say, ScienceDirect. The latter is, despite its name, a lot less "direct" than former. Just count the HTTP redirects and the number of domain names looked up. And many journals seem to have their own idiosyncracies vis-a-vis downloading. arXiv is by comparison beautifully simple and reliable. It has a nice consistency about it.
If you wanted your personally identifiable data protected from public access (being cached by search engines), then presumably you would not submit it to a web site that is open to the public (not password protected).
If Craigslist changes its name or sells its SF apartment listings to some site with a name you do not like, what can you do? Answer: Nothing, because you gave them an exclusive nonrevocable license to your data. If you really wanted control over your personally identifiable data then it would probably be wise not to submit it to a site that gets scraped and cached by Google (from which anyone can make fair use) and certainly not under a license that gave you no control over the data after it's submitted. You would want a site that has some sort of protections like passwords, that allows some degree of pseudo anonymity so your name is not embedded in an evergreen search engine cache; and you would want the right to tell the site to remove/delete the data at your direction, if that became necessary (e.g. in your example scenario).
In short, Craigslist really isn't in the business of protecting your data for you. Its terms are what they are because it's seeking to protect its own business, which relies on your data.
I would expect that many users would feel this way.
I can guess why. But could you tell us specifically?
Assume for the sake of the question that whereever the data may appear on the web, it would always have a "Source: " line to indicate its original source, i.e. the site to which you submitted it. Assume that the integrity of the data could also be verified, e.g., through a digital signature.
A few reasons came to mind when I originally wrote it. I know that there are many tens of other reasons why it would make good sense to keep CL content CL-exclusive.
Of course, I realize that this must be tempered with the realization that there are situations where scraping CL and re-posting the information on another site may make sense for the original poster (e.g., a hotel ad).
Here are a few of the negative items that come to mind for just classified ads:
- When I complete a transaction and delete a CL ad, I do not want other interested parties calling, texting and e-mailing me hours, months or years afterwards
- I already dislike the 10-to-1-ish ratio of SPAM/scammer/nutjob banter to communications from legitimately interested parties. I suspect any proliferation of my postings beyond CL will only tend to increase this ratio.
- The text and images within my classified ads may be more easily accessible to scammers who just need some content to farm and post elsewhere (e.g., other classified forums, eBay, AirBnB, etc.)
- Sites which do the automated scraping of CL can directly be or can become a target and/or searchable repository for intelligence gathering and source for creating new or expanding existing personal identification databases
There are countless other scenarios ranging from good to bad regarding this subject. For now, I'm convinced that the potential for the bad, the incompetent, the annoying, the negligent, the criminal and other negative scenarios outweigh the good. This is really meant to apply to how I use CL. As I mentioned before, there are undoubtedly specific scenarios where many of the potentially negative items would be moot for specific CL users.
Obviously, there are other factors here too such as the commercial viability/legality/precedent of allowing non-CL entities to use CL resources with or without restriction to directly or indirectly profit. From my perspective as a user, it's not really that important other than an arguable matter of principle.
I fail to see a qualitative difference between "mobile", "laptop", "desktop" or "stovetop". Those are just form factors. They are all computers. We can put a computer inside almost anything nowadays. What matters to me besides what's on the motherboard are peripherals, drivers and access to networks.
Things got smaller. We all knew they would. But they should not become less functional. (Hello Apple.)
Then there's the issue of permissions. That's how these logs were visible. Why can't we scrap this idea of permissions? Plan 9 did it. The shared computing era ended long, long ago. If permissions are too error-prone for even the admin at IEEE to get right, how can users ever be expected to master permissions? They're not even being used for their original purpose - use on systems that were intended to be shared. Instead they're being used on systems that are not supposed to be shared with anyone. Think about this. Why do you need to have permissions on a system that is _not meant to be shared_? Who would introduce that into the design? It is a (poorly) repurposed relic.
As for plain text passwords, unless I read this wrong, the passwords were gleaned from server logs not a password database. It seems that people want to discuss "storing plaintext passwords" even though that had nothing to do with this incident.
How many commenters actually read the article?