Reply to Message
The cloud WON'T go offline unless...
basically it cannot go offline, as long as you have one computer that is already participant to your personal cloud. So the key to make it work is synchronization and redundancy. May be a single host (the one you are currently using when trying to reconnect to the rest of your cloud) cannot store everything (notably if you're using a small smart phone with limited capacity), but the number of possible access points should be increasable, and the level of reduncancy, replication, synchronization should be controlable. You should also be able to designate some hosts as definitely trustable (this should be the hosts that you personnaly own, such as your home PC or your mobile phone, or a host in which you can insert a strictly personal electronic ID card), so that in case of failure of one of them, you can use the alternate trusted hosts as another main point of consolidation or administration. and you should still be able to make as many packups as needed within your cloud, including separate online services.
So unless you are completely unable to connect to any ISP or mobile phone network, you should still be able to reach your own cloud, and be able to repair or rebuild the redundancy or restore/increase its full performance.
Even if your main trusted device is a smart phone that gets stolen, it should just contain a certificate that could be revoked, and you should be able to reconnect to your own data on your own cloud, using a strictly personal identity card plugged into the new device, or using a third-party trust service that will assert that you are effectively the right person owning all the trusts in your own cloud.
Imagine that this could be your bank that would deliver you a id card (with a backup card safely kept by your bank, in the case you loose it, you can go to your bank office and ask for the delivery of a new card, and invalidate the existing one, just like your credit card). This card would validate the encrypted authorization requests that are used to verify the trusts presented to the various hosts or services that are containing personal data from your initial id card. This card should be able to take the form of an USB key (because many PCs or devices can provide such a connector). Once a device has been added to your cloud by plugging your key to it, it will keep the authorization, and will (through the network) assert regularly if the authorization kept in it is still valid (if it has been revoked, the data on it would become unusable by anyone, even if it is kept on it, in an encrypted way, that could allow restoration later once you find again a new ID card to plug onto it.)
My opinion is that the main trusted device that controls the creation of the cloud or its maintenance should not be any mobile device, and it should be either a single PC at home, and a terminal in a safe place like your bank (for the data related to interaction with public/governmental services like social security, taxes, police, the main place could be your local city office where your ID card is delivered, or the local police office, or your local tax office where your declarations are recorded; the id card or the green card or your passport could contain a RFID ship that an USB key could read and that you could decide to plug in your personal cloud to declare it as a secure proof of identity, but you may decide to just create your own Id card yourself, using some device that is to be sold like a card reader with a small chip similar to the one for GSM phone, then you create your own passphrase for convenience and will keep this card in a safe place of your choice, if the passphrase gets invalidated due to too many errors; the passphrase could be replaced by a fingerprint or some biometric reader on your PC). The other devices would be configured by connecting them to the first PC's you've used to create the cloud: you could connect NAS, online backup services. The number of levels for which this transfer of trust from one device to another should be also strictly controled: after that point, the trust will no longer be transferable without reconnecting the initial secure card, or connecting to one of the initial PCs that are at the lower level. Then you could connect to other personal clouds as if you accepted to make a personal social trust with some other persons: this could be to the cloud owned by your company, or your government, or your favorite merchant site. But none of them would have the level of trust sufficient to control what is in YOUR cloud, and to know which are the other clouds that you have agreed to connect to, only you would know the tree of trusts created this way, even if the tree data is also saved online on an encrypted backup that can be decrypted only with your strictly personal ID card and only on a first-level device that you have added to your cloud since its creation, or on a device that belongs to the organization that delived you the personal ID card and your first USB card reader.
You should also be able to choose which kind of proof you want to be considered the most secured and owning the cloud; it could be your bank/credit card, a fingerprint, some future biometric analyzer, or a specific ID card from a trustable source (police, government), and which kind of proof you will reject (such as passwords or too short passphrases or PIN numbers, or simplified procesures like the WPS button of WiFi access points)
Given that such cloud should necessarily offer redundancy of your data, it should never go offline, unless you have never taken the step to extend it since its creation to other independant locations. After the creation of the cloud, it should be able to replicate the data automatically without additional maintenance, and below some level of replication and synchronization, the cloud should be able to inform you preventively that your cloud needs independant backup.
The cloud will then go offline ONLY if you have lost EVERY device and lost the right of access to ALL your ISP(s) or online backup services and lost ALL your storage medias or devices.
But yes it's true that adding redundancy on a cloud will have a cost for its maintenance by third-parties (they will effectively want you to pay subscriptions for the backup space they will host online for you). For small spaces, there will always be free subscriptions, or spaces available with no additional cost at your ISP. Or you'll have to buy your own backup storage solutions (like a NAS, if you want a fast replication with small delays for the synchronization).
Some services will accept to host it (Google, and so on) provided that you accept some sort of payment like viewing ads by connecting to it regularly, or using their online search tools, or viewing your mails online, or buying some other services featuring a bonus subscription period).
This will work well as long as the synchronization mechanisms are enhanced. For now the backup solutions are completely stupid and so not allow you to select the level of synchronization for each ressource you want to restore: there can exist good backup solutions, but you can't work sirectly on the backup, or if you can, you are left without ways to synchronize multiple storage places that may contain different modifications.
The synchronization should be able to work also on things smaller than full files: office documents can track the history of modifications, and there should exist a way to consolidate conflicting modifications, and then resynchronize automatically all the available backups.
The storage medias traditionally used for long term conservation (CD/DVD, tapes, opto-magnetic discs) should also be synchronized almost automatically.
We should be able to synchronize databases record per record (if the databases have such capabilities in their record fields), or after executing a difference report where you can filter/sort/rearrange subselect the records or fields you want to synchronize in progressive multiple steps (the conflicting records should be extractable and preserved separately for later use after finishing a synchronization).
There should be no problem in synchronizing address books, most media files (videos, photos, TV records), emails sent or received, shared document templates, activity logs (for those you want to keep at least for some time), and there should also exist ways to cleanup the unnecessary data after some time (to avoid or limit the out-of-control explosion of the data volume to maintain permanently in the redundant cloud for some kind of files you almost never need or that will not cause you problems if you loose them).
But things that your cloud should be able to maintain with high redundancy level (and maximum accessibilty from most points of access) should include all the secure authorization keys, the list of granted certificates or authorizations and to whom you've delivered them, the license keys for your files, applications and medias, and most probably the various settings for your favorite applications.
If a file or media is not directly accessible from a point of access, for technical or physical reasoins, the cloud should still be able to indicate where they can be accessed and how they are labelled (for example storage backup medias like tapes and CD/DVD, or on a network share accessible only from your work office).
A heterogeneous cloud that does not feature high redundancy and easy and fast synchronization will not be useful. This is the only case where a classical centralization to a single server will be useful (if the server is better managed than many individual PCs in an organization with a pure hierarchical distribution of access rights and a single or few "power user(s)", something that should no longer exist today as it exposes the organization to very high risks of complete failure).
Ideally in an organization the cloud should not become so big and managed by a single person so that a failure will cause that single person be become responsible of everything in it, without being able to restore or rebuild it. The responsabilities must instead be distributed in small packages shared by a limitee number of persons working collaboratively in a way that, in case of failure, either the cloud can reuild it itself for small or moderate crashes, or work without it for some time that allows to rebuild the missing information from other means (including printed paper archives or scanner archives on opto-magnetic storages or archives kept in other offices). A power user cannot safely manage the critical access rights of more than about 50-100 persons (except possibily the list of generic roles coming from the basic job descriptions): after some points you need to delegate trusts. But when the tree of delegations becomes complex, each level must still be manageable by some person at each level of trust (that knows enough from the upper and lower level of trust with also a limited list of persons they can know and recognize). The same is true for the trust in a large internet, but most internet service forget it, and in fact users don't even know who is managing the service or who is responsible in case of problems. A "cloud" is more personal, but is exposed to exactly the same problem as the internet as a whole: if you need trust, you need to be able to manage delegation, maintain privacy, limit the dissemination of data, but at the same time, you need to manage some level of reduncancy and integrate the functions for the backup, restoration and synchronization of the data, as well as the multiplication of access points from which the data can be exchanged securely.
The cloud is then the intermediate level between the "all on one PC" which is really very risky as the data is never consolidated and severely exposed to disasters, and "all on the internet" where data is completely out of control, as nobody is responsible of anything and everyone can use the data at any time without informing any one (including the owner or creator).
Given that the level of trust we need in a cloud is strictly personal, it's unbelievalbe that Microsoft has designed its solutions for backup, redundancy, management of trusts, recoverability, management of the storage space, extension of the computing environment and capabilities only for the corporate users in the "Pro" versions of Windows. This is clearly stupid, and it continues to maintain the myth of the "power user", where the power is in the hand of some unknown individual in a super-power organization that wants to know everything about its users.
Really, I think that the "Home" version are made for the organizations that use the old model, and the "Pro" versions are better tuned for the individual users, including at home, but the arrangement of the features is so bad that this was done only to let users buy a very costly "Ultimate" version at unreasonable cost (and with lots of FUD in Microsoft speaches and untaken promisses).
The "cloud" is then definitely not the definition that Microsoft gives to its customers (and it's probably not the one also promoted by Google for now, but it may change if Google Chrome OS changes the way we perceive and manage our computers and devices).
Let's think personal just like in usual social life and trust people we know and can meet personnally. The cloud will build on this level of trust, but not directly on the Internet or on a local PC or even on a Windows domain. This kind of cloud can be very useful and really offer the best of the "plug-n-play-n-unplug" experience (still not managed correctly in the pseudo-"universal" UPnP specification built on the Microsoft model) and with added security (because all data will be handled at a distance manageable by the user itself, and not by unknown third-parties within unbalanced contracts or usage agreements/licences where one knows much more than all others).
So unless you are completely unable to connect to any ISP or mobile phone network, you should still be able to reach your own cloud, and be able to repair or rebuild the redundancy or restore/increase its full performance.
Even if your main trusted device is a smart phone that gets stolen, it should just contain a certificate that could be revoked, and you should be able to reconnect to your own data on your own cloud, using a strictly personal identity card plugged into the new device, or using a third-party trust service that will assert that you are effectively the right person owning all the trusts in your own cloud.
Imagine that this could be your bank that would deliver you a id card (with a backup card safely kept by your bank, in the case you loose it, you can go to your bank office and ask for the delivery of a new card, and invalidate the existing one, just like your credit card). This card would validate the encrypted authorization requests that are used to verify the trusts presented to the various hosts or services that are containing personal data from your initial id card. This card should be able to take the form of an USB key (because many PCs or devices can provide such a connector). Once a device has been added to your cloud by plugging your key to it, it will keep the authorization, and will (through the network) assert regularly if the authorization kept in it is still valid (if it has been revoked, the data on it would become unusable by anyone, even if it is kept on it, in an encrypted way, that could allow restoration later once you find again a new ID card to plug onto it.)
My opinion is that the main trusted device that controls the creation of the cloud or its maintenance should not be any mobile device, and it should be either a single PC at home, and a terminal in a safe place like your bank (for the data related to interaction with public/governmental services like social security, taxes, police, the main place could be your local city office where your ID card is delivered, or the local police office, or your local tax office where your declarations are recorded; the id card or the green card or your passport could contain a RFID ship that an USB key could read and that you could decide to plug in your personal cloud to declare it as a secure proof of identity, but you may decide to just create your own Id card yourself, using some device that is to be sold like a card reader with a small chip similar to the one for GSM phone, then you create your own passphrase for convenience and will keep this card in a safe place of your choice, if the passphrase gets invalidated due to too many errors; the passphrase could be replaced by a fingerprint or some biometric reader on your PC). The other devices would be configured by connecting them to the first PC's you've used to create the cloud: you could connect NAS, online backup services. The number of levels for which this transfer of trust from one device to another should be also strictly controled: after that point, the trust will no longer be transferable without reconnecting the initial secure card, or connecting to one of the initial PCs that are at the lower level. Then you could connect to other personal clouds as if you accepted to make a personal social trust with some other persons: this could be to the cloud owned by your company, or your government, or your favorite merchant site. But none of them would have the level of trust sufficient to control what is in YOUR cloud, and to know which are the other clouds that you have agreed to connect to, only you would know the tree of trusts created this way, even if the tree data is also saved online on an encrypted backup that can be decrypted only with your strictly personal ID card and only on a first-level device that you have added to your cloud since its creation, or on a device that belongs to the organization that delived you the personal ID card and your first USB card reader.
You should also be able to choose which kind of proof you want to be considered the most secured and owning the cloud; it could be your bank/credit card, a fingerprint, some future biometric analyzer, or a specific ID card from a trustable source (police, government), and which kind of proof you will reject (such as passwords or too short passphrases or PIN numbers, or simplified procesures like the WPS button of WiFi access points)
Given that such cloud should necessarily offer redundancy of your data, it should never go offline, unless you have never taken the step to extend it since its creation to other independant locations. After the creation of the cloud, it should be able to replicate the data automatically without additional maintenance, and below some level of replication and synchronization, the cloud should be able to inform you preventively that your cloud needs independant backup.
The cloud will then go offline ONLY if you have lost EVERY device and lost the right of access to ALL your ISP(s) or online backup services and lost ALL your storage medias or devices.
But yes it's true that adding redundancy on a cloud will have a cost for its maintenance by third-parties (they will effectively want you to pay subscriptions for the backup space they will host online for you). For small spaces, there will always be free subscriptions, or spaces available with no additional cost at your ISP. Or you'll have to buy your own backup storage solutions (like a NAS, if you want a fast replication with small delays for the synchronization).
Some services will accept to host it (Google, and so on) provided that you accept some sort of payment like viewing ads by connecting to it regularly, or using their online search tools, or viewing your mails online, or buying some other services featuring a bonus subscription period).
This will work well as long as the synchronization mechanisms are enhanced. For now the backup solutions are completely stupid and so not allow you to select the level of synchronization for each ressource you want to restore: there can exist good backup solutions, but you can't work sirectly on the backup, or if you can, you are left without ways to synchronize multiple storage places that may contain different modifications.
The synchronization should be able to work also on things smaller than full files: office documents can track the history of modifications, and there should exist a way to consolidate conflicting modifications, and then resynchronize automatically all the available backups.
The storage medias traditionally used for long term conservation (CD/DVD, tapes, opto-magnetic discs) should also be synchronized almost automatically.
We should be able to synchronize databases record per record (if the databases have such capabilities in their record fields), or after executing a difference report where you can filter/sort/rearrange subselect the records or fields you want to synchronize in progressive multiple steps (the conflicting records should be extractable and preserved separately for later use after finishing a synchronization).
There should be no problem in synchronizing address books, most media files (videos, photos, TV records), emails sent or received, shared document templates, activity logs (for those you want to keep at least for some time), and there should also exist ways to cleanup the unnecessary data after some time (to avoid or limit the out-of-control explosion of the data volume to maintain permanently in the redundant cloud for some kind of files you almost never need or that will not cause you problems if you loose them).
But things that your cloud should be able to maintain with high redundancy level (and maximum accessibilty from most points of access) should include all the secure authorization keys, the list of granted certificates or authorizations and to whom you've delivered them, the license keys for your files, applications and medias, and most probably the various settings for your favorite applications.
If a file or media is not directly accessible from a point of access, for technical or physical reasoins, the cloud should still be able to indicate where they can be accessed and how they are labelled (for example storage backup medias like tapes and CD/DVD, or on a network share accessible only from your work office).
A heterogeneous cloud that does not feature high redundancy and easy and fast synchronization will not be useful. This is the only case where a classical centralization to a single server will be useful (if the server is better managed than many individual PCs in an organization with a pure hierarchical distribution of access rights and a single or few "power user(s)", something that should no longer exist today as it exposes the organization to very high risks of complete failure).
Ideally in an organization the cloud should not become so big and managed by a single person so that a failure will cause that single person be become responsible of everything in it, without being able to restore or rebuild it. The responsabilities must instead be distributed in small packages shared by a limitee number of persons working collaboratively in a way that, in case of failure, either the cloud can reuild it itself for small or moderate crashes, or work without it for some time that allows to rebuild the missing information from other means (including printed paper archives or scanner archives on opto-magnetic storages or archives kept in other offices). A power user cannot safely manage the critical access rights of more than about 50-100 persons (except possibily the list of generic roles coming from the basic job descriptions): after some points you need to delegate trusts. But when the tree of delegations becomes complex, each level must still be manageable by some person at each level of trust (that knows enough from the upper and lower level of trust with also a limited list of persons they can know and recognize). The same is true for the trust in a large internet, but most internet service forget it, and in fact users don't even know who is managing the service or who is responsible in case of problems. A "cloud" is more personal, but is exposed to exactly the same problem as the internet as a whole: if you need trust, you need to be able to manage delegation, maintain privacy, limit the dissemination of data, but at the same time, you need to manage some level of reduncancy and integrate the functions for the backup, restoration and synchronization of the data, as well as the multiplication of access points from which the data can be exchanged securely.
The cloud is then the intermediate level between the "all on one PC" which is really very risky as the data is never consolidated and severely exposed to disasters, and "all on the internet" where data is completely out of control, as nobody is responsible of anything and everyone can use the data at any time without informing any one (including the owner or creator).
Given that the level of trust we need in a cloud is strictly personal, it's unbelievalbe that Microsoft has designed its solutions for backup, redundancy, management of trusts, recoverability, management of the storage space, extension of the computing environment and capabilities only for the corporate users in the "Pro" versions of Windows. This is clearly stupid, and it continues to maintain the myth of the "power user", where the power is in the hand of some unknown individual in a super-power organization that wants to know everything about its users.
Really, I think that the "Home" version are made for the organizations that use the old model, and the "Pro" versions are better tuned for the individual users, including at home, but the arrangement of the features is so bad that this was done only to let users buy a very costly "Ultimate" version at unreasonable cost (and with lots of FUD in Microsoft speaches and untaken promisses).
The "cloud" is then definitely not the definition that Microsoft gives to its customers (and it's probably not the one also promoted by Google for now, but it may change if Google Chrome OS changes the way we perceive and manage our computers and devices).
Let's think personal just like in usual social life and trust people we know and can meet personnally. The cloud will build on this level of trust, but not directly on the Internet or on a local PC or even on a Windows domain. This kind of cloud can be very useful and really offer the best of the "plug-n-play-n-unplug" experience (still not managed correctly in the pseudo-"universal" UPnP specification built on the Microsoft model) and with added security (because all data will be handled at a distance manageable by the user itself, and not by unknown third-parties within unbalanced contracts or usage agreements/licences where one knows much more than all others).
Posted by PhilippeV
13th Jul 2009
