1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

In the clouds...

Collapse
X
41 to 50 of 53 Previous 1 2 3 4 5 6 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
41 to 50 of 53 Previous 1 2 3 4 5 6 template Next
    #41
    Originally posted by Gentile View Post
    Frankly, I'd rather let a company that has dedicated their business model to providing a guaranteed uptime of 99.95% under their SLA look after the infrastructure that my solution runs on, than entrust the same responsibility to some underappreciated in-house techy.

    As for handing the keys to your system over, provided you've encrypted everything competently there shouldn't be any risk of handing your data or your code over to anyone.
    I wish I could agree; I've found in practice, over time that these SLA's are never met and just a marketing gimmick. 99.95% sla is less than 8 hours a year. The only major player I've worked with thats met SLA without cheeky exceptions is rackspace (if I am allowed to mention them).

    A SLA of 99.95% with a small financial penalty is often a sales gimmick, I've not seen many providers meet SLA unless they cost an absolute bomb.

    Regarding encryption, its a grey area - technically the DOJ can request anything thats hosted by a US company under the patriot act.

    I hope that isn't FUD, but its certainly my impression over the past 4 years.

    I've heard some real crap too, like "you can work without a net connection" "yes you can work on the train without wireless" etc etc.

    Terminal services over 3g isn't a great idea.

    Comment

      #42
      Originally posted by Scoobos View Post
      I wish I could agree; I've found in practice, over time that these SLA's are never met and just a marketing gimmick. 99.95% sla is less than 8 hours a year. The only major player I've worked with thats met SLA without cheeky exceptions is rackspace (if I am allowed to mention them).

      A SLA of 99.95% with a small financial penalty is often a sales gimmick, I've not seen many providers meet SLA unless they cost an absolute bomb.

      Regarding encryption, its a grey area - technically the DOJ can request anything thats hosted by a US company under the patriot act.

      I hope that isn't FUD, but its certainly my impression over the past 4 years.

      I've heard some real crap too, like "you can work without a net connection" "yes you can work on the train without wireless" etc etc.

      Terminal services over 3g isn't a great idea.
      They can request it all they like. All they're going to get is a hash of the data. As long as you take certain precautions, such as encrypting the data locally before storing a hash of same (as opposed to allowing SQL Server to do the hashing itself, which would involve you sending plaintext and would leave you open to a side-channel attack), even the NSA couldn't break data encrypted with 256-bit AES at the present time.

      Comment

        #43
        Originally posted by Scoobos View Post
        I've heard some real crap too, like "you can work without a net connection" "yes you can work on the train without wireless" etc etc.
        Of course you can't do that just by using the Cloud to store your data. But you certainly can do that, whether or not you're using Cloud data storage, if you design a Smart Client that keeps a local data store and is designed to facilitate synchronisation when you do have an internet connection.

        You have to be careful how you design it, though: basically, no two people must be able to edit the same record offline, or you need to include some way to resolve conflicts after the fact (usually the former works better). It's been a while since I was asked to design something like that, though. In the present age of near-ubiquitous HSDPA and GPRS people just don't need it.

        Comment

          #44
          Originally posted by Gentile View Post
          They can request it all they like. All they're going to get is a hash of the data. As long as you take certain precautions, such as encrypting the data locally before storing a hash of same (as opposed to allowing SQL Server to do the hashing itself, which would involve you sending plaintext and would leave you open to a side-channel attack), even the NSA couldn't break data encrypted with 256-bit AES at the present time.
          They don't have to break it. They ask you for the key, you refuse, you end up in prison.

          Comment

            #45
            It wasn't called cloud when I knew it...
            Brexit is having a wee in the middle of the room at a house party because nobody is talking to you, and then complaining about the smell.

            Comment

              #46
              Originally posted by Churchill View Post
              They don't have to break it. They ask you for the key, you refuse, you end up in prison.
              Of course, then you get into the realms of plausible deniability. If you really want to, you can have a hash that decrypts to more than one plaintext you know.

              Not that HMG is ever likely to entertain a request for a British bank or business to hand over its encryption keys to a foreign power without a very good reason to do so.

              Comment

                #47
                Originally posted by Churchill View Post
                They don't have to break it. They ask you for the key, you refuse, you end up in prison.
                I put my data in a cloud
                That floats on high in the USA,
                When all at once I saw a crowd,
                A host, of Yankee security men;
                Beside the house, beneath the trees,
                Demanding my security keys.

                ..



                For oft, when in my cell I lie
                In vacant or in pensive mood,
                I think about that SLA
                I think of that 0.5 percentile;
                And as the waterboarding begins,
                Thanks a fckng bunch. gentile



                EO Worsdsworth

                (\__/)
                (>'.'<)
                ("")("") Born to Drink. Forced to Work

                Comment

                  #48
                  Originally posted by Gentile View Post
                  Of course, then you get into the realms of plausible deniability. If you really want to, you can have a hash that decrypts to more than one plaintext you know.

                  Not that HMG is ever likely to entertain a request for a British bank or business to hand over its encryption keys to a foreign power without a very good reason to do so.
                  By the time you're asked for the key the evidence has already been obtained.

                  There's a reason why so much money gets thrown into places like Menwith Hill, Pine Gap etc.

                  Comment

                    #49
                    Originally posted by Gentile View Post
                    Of course, then you get into the realms of plausible deniability. If you really want to, you can have a hash that decrypts to more than one plaintext you know.

                    Not that HMG is ever likely to entertain a request for a British bank or business to hand over its encryption keys to a foreign power without a very good reason to do so.
                    Of course it would, it quite happily hands over its citizens...
                    Brexit is having a wee in the middle of the room at a house party because nobody is talking to you, and then complaining about the smell.

                    Comment

                      #50
                      Originally posted by darmstadt View Post
                      Of course it would, it quite happily hands over its citizens...
                      Yup, they'd hand you or me over without stopping for lunch. But the politicians wouldn't dream of handing over their banking bosses' data to the 'Merkins. Who'd fund the Labtorycrats then?

                      Comment

                      Reply to Thread
                      41 to 50 of 53 Previous 1 2 3 4 5 6 template Next

                      Advertisers

                      1. Contracting
                        1. General
                          1. Brexit
                        2. Business / Contracts
                          1. Coronavirus Assistance
                        3. Accounting / Legal
                          1. Umbrella Companies
                          2. HMRC Scheme Enquiries
                          3. The Future of Contracting
                          4. IR35 Reform
                        4. Technical
                        5. Welcome / FAQs
                      2. Social
                        1. Light Relief
                        2. Social / Events
                      Working...
                      X