Comments on: Krunch? Try “Thud” http://www.brendonwilson.com/blog/2006/05/30/krunch-try-thud/ The personal web site of Brendon J. Wilson, a software developer, technologist, and entrepreneur living in Vancouver, British Columbia, Canada. Wed, 18 Jan 2012 10:11:14 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Brendon http://www.brendonwilson.com/blog/2006/05/30/krunch-try-thud/comment-page-1/#comment-3904 Brendon Thu, 08 Jun 2006 02:19:05 +0000 http://www.brendonwilson.com/?p=311#comment-3904 Yes and no. Yes, I wrote it as a person in computing - but no, that's not a full and accurate description of the motivation. I work in information security field - if you knew about the kinds of tricks people play to get personal information through online scams and their rates of effectiveness, you'd be concerned as well. It's not a question of "if", it's "when". Everything from fake websites that ask you for your passwords, to targeted thefts of executive laptops - just look at the malware epidemic. The motivation is that information is worth money: don't be a victim. That said, it's true that no data can ever be 100% secured. Do you know who made your keyboard? Your motherboard? Your CPU? Are you 100% certain that they don't have backdoors to allow a nefarious attacker to access your data. It doesn't bring our world to a grinding halt that we can't be 100% certain, because the probability is that there's enough people involved in developing those systems that any such purpose would come to light eventually. Contrast that with a web site run by a single person - not a lot of tongues to go wagging there. To be clear, I don't think that's what's going on here in this case, but it just shocks me that people would even consider uploading anything to some unknown party. Sometimes the obsession with new technology (for example: web applications attempting to transplant client/desktop software), overshadows the risk, or even the lack of benefit, of the solution that is developed. At best, it's a useful utility, but for only a very small set of people. Yes and no. Yes, I wrote it as a person in computing – but no, that’s not a full and accurate description of the motivation. I work in information security field – if you knew about the kinds of tricks people play to get personal information through online scams and their rates of effectiveness, you’d be concerned as well. It’s not a question of “if”, it’s “when”. Everything from fake websites that ask you for your passwords, to targeted thefts of executive laptops – just look at the malware epidemic. The motivation is that information is worth money: don’t be a victim.

That said, it’s true that no data can ever be 100% secured. Do you know who made your keyboard? Your motherboard? Your CPU? Are you 100% certain that they don’t have backdoors to allow a nefarious attacker to access your data. It doesn’t bring our world to a grinding halt that we can’t be 100% certain, because the probability is that there’s enough people involved in developing those systems that any such purpose would come to light eventually. Contrast that with a web site run by a single person – not a lot of tongues to go wagging there.

To be clear, I don’t think that’s what’s going on here in this case, but it just shocks me that people would even consider uploading anything to some unknown party. Sometimes the obsession with new technology (for example: web applications attempting to transplant client/desktop software), overshadows the risk, or even the lack of benefit, of the solution that is developed. At best, it’s a useful utility, but for only a very small set of people.

]]> By: William http://www.brendonwilson.com/blog/2006/05/30/krunch-try-thud/comment-page-1/#comment-3899 William Wed, 07 Jun 2006 20:23:42 +0000 http://www.brendonwilson.com/?p=311#comment-3899 You wrote this diatribe like a true computer person. Just because something could, maybe, possibly happen to the data if someone, somewhere, happened to be looking in the right direction while it sailed through the net doesn't mean that it will. If computer people designed cars we'd all be wearing crash helments and five point harnesses and be seating in gel filled capsules just to drive (at 5 km/h) to the corner store. You wrote this diatribe like a true computer person. Just because something could, maybe, possibly happen to the data if someone, somewhere, happened to be looking in the right direction while it sailed through the net doesn’t mean that it will. If computer people designed cars we’d all be wearing crash helments and five point harnesses and be seating in gel filled capsules just to drive (at 5 km/h) to the corner store.

]]> By: Ryan http://www.brendonwilson.com/blog/2006/05/30/krunch-try-thud/comment-page-1/#comment-3754 Ryan Fri, 02 Jun 2006 20:31:32 +0000 http://www.brendonwilson.com/?p=311#comment-3754 Precious data? 9 times out of 10 this will be used to un-archive software installs. Like the other day when I downloaded something (snort, I think) that was stored as a .tar.gz onto Windows XP. Instead of having to install WinZip just to handle the tarball I could have used Krun.ch (I'm assuming). Handy. Nevermind the fact that any reasonable operating system should be able to deal with every archiving system known to man. The real problem is that most people have little idea how to safeguard sensitive data in the first place. Even classifying what is sensitive is difficult, since often it's the aggregation that's sensitive rather than any individual piece. r. p.s. Whether your webmail provider or your ISP is reading your email is pretty much moot point. Precious data? 9 times out of 10 this will be used to un-archive software installs. Like the other day when I downloaded something (snort, I think) that was stored as a .tar.gz onto Windows XP. Instead of having to install WinZip just to handle the tarball I could have used Krun.ch (I’m assuming). Handy. Nevermind the fact that any reasonable operating system should be able to deal with every archiving system known to man.

The real problem is that most people have little idea how to safeguard sensitive data in the first place. Even classifying what is sensitive is difficult, since often it’s the aggregation that’s sensitive rather than any individual piece.

r.

p.s. Whether your webmail provider or your ISP is reading your email is pretty much moot point.

]]> By: Kailash Nadh http://www.brendonwilson.com/blog/2006/05/30/krunch-try-thud/comment-page-1/#comment-3722 Kailash Nadh Thu, 01 Jun 2006 20:13:33 +0000 http://www.brendonwilson.com/?p=311#comment-3722 Well its true that I can't physically prove that the user data won't be compromised. Who can actually? What's happening inside 'giant' mail services? :) Anyway, I am going to do my best to improve Krun.ch's functionailty and security. Its getting an SSL certificate installed pretty soon. Well its true that I can’t physically prove that the user data won’t be compromised. Who can actually? What’s happening inside ‘giant’ mail services? :)

Anyway, I am going to do my best to improve Krun.ch’s functionailty and security. Its getting an SSL certificate installed pretty soon.

]]> By: Brendon http://www.brendonwilson.com/blog/2006/05/30/krunch-try-thud/comment-page-1/#comment-3720 Brendon Thu, 01 Jun 2006 15:53:21 +0000 http://www.brendonwilson.com/?p=311#comment-3720 I would never dream of suggesting that you would go through these files yourself. You're a programmer - you'd write a piece of software to do it. ;-) I would never dream of suggesting that you would go through these files yourself. You’re a programmer – you’d write a piece of software to do it. ;-)

]]> By: Kailash Nadh http://www.brendonwilson.com/blog/2006/05/30/krunch-try-thud/comment-page-1/#comment-3684 Kailash Nadh Wed, 31 May 2006 10:52:47 +0000 http://www.brendonwilson.com/?p=311#comment-3684 Hello Brendon, your suspicions are natural. I wouldn't put forward a dispute. But its highly unlikely that, I, personally would go through the sensitive user data and cause any potential damages :) Regards, Kailash Nadh http://krun.ch Hello Brendon,
your suspicions are natural. I wouldn’t put forward a dispute.

But its highly unlikely that, I, personally would go through the sensitive user data and cause any potential damages :)

Regards,
Kailash Nadh
http://krun.ch

]]>