Update on Backups, Passwords, and Chinese Hacking

Several days ago I dispensed "mainly good news" from the tech world, about cloud-backup systems and ways of designing passwords.

These updates from readers. [Housekeeping note: I will be doing mainly reader-reaction items, and at a stately and limited pace, for the next week or two, with other projects afoot.]

1. A different backup scheme: Backblaze. A reader in New Mexico writes:

>>You should check out Backblaze. (The Gizmodo review was pretty sparse in terms of overall coverage, missing Backblaze, Carbonite, and a host of others).  It offers truly unlimited backup of one machine for $5/month. Unlimited really means unlimited - if you have the drives on the machine (even external drives) and the patience to send the data over your connection, they'll back it up. They keep all the different backed up copies for a couple of months, so you can not only find files you've accidentally erased, but even previous versions of files. The restore interface uses your browser and is quite easy to use. In the event of a disastrous loss, they will write your backup to USB hard drive and FedEx it to you (for a price, of course, but a not-unreasonable one.) 

Wile Backblaze isn't designed to be a synch program, since the recovery interface is web-based, you can grab files from anyplace you can find a browser.

How can they do [unlimited-scale backup] for $5/month? They actually explain all this in their blog. They build their own storage modules, which are incredibly dense. They have  published the plans for the modules so that others can duplicate them if they want (and a few people have reported doing so, mostly for scientific data storage.)

Another cute tidbit - some Backblaze users have found their stolen laptops through Backblaze. In fact, they now offer an online capability for locating a stolen computer that runs Backblaze.<<

2. Or, Crashplan, according to a reader in Georgia:

>>Sugarsync is reported to be good, but Gizmodo did not look at all the plans available, specifically not Crashplan, the one I use.

It is significantly cheaper than Sugarsync, whose low end 30 GB plan is the same price as Crashplan's family unlimited plan -- as many computer as you have with as much data as you need to back up...

Crashplan has another killer feature -- local backups to either a hard drive or another computer for free. I have three machines just in the family room and I have them backing up to each other in a round robin fashion. You could also conspire with a friend to both download the free Crashplan application and back up to each other. If I were a college student, that alone would sell me. It is one of the few systems that covers simultaneously Windows, Mac and Linux....

What sold me on Crashplan was cross platform compatibility, with speedy local backups and secure remote ones. To my knowledge, they're rather unique in that regard. For $5/month.<<

3. And, from a reader in California, a fascinating online calculator of the mathematical complexity of various passwords. The "password haystacks" site, from Gibson Research Corporation, makes it very easy to compare the difficulty-of-guessing for various password approaches, and it is full of links to other informative discussions on the topic. For instance, the calculator shows that my main Gmail password, which is very easy for me to remember, would take "1.09 hundred thousand trillion trillion centuries," at a hacking rate of 1,000 guesses a second. So get busy! And if you really can't get enough of the theory of password construction, I invite you to read this discussion from a few months ago, between Leo Laporte and Steve Gibson. (And, for a different view on this whole topic, see Troy Hunt.)

4. As for the "smoking cursor" video from the Chinese military that appears to show them in the middle of launching a hacking attack on U.S. sites, I encourage you to follow Andrew S. Erickson's ongoing reports and analyses, which go into this in very great depth and are based on original Chinese-language sources. Here is the most comprehensive one, by Erickson and Gabriel Collins, in PDF form.


They explain what there is to worry about -- and also the reasons to think that the video now getting so much attention is at least ten years old. Nonetheless:

>>However modest, ambiguous--and, from China's perspective, defensive--this is possibly the first  direct  piece of visual evidence from an official Chinese government source  to undermine Beijing's official claims never to engage in  overseas  hacking of any kind for government purposes. Clearly, Washington and Beijing have much to  discuss  candidly  here if they are to avoid dangerous strategic tension.<<

As mentioned previously, I have an article on general cloud-security issues coming out in the magazine fairly soon.