Just as a tangent to the little rant I posted a minute ago. We have another client, that uses Jungledisk. (A cloud storage product of rackspace.)
When you create a volume, you can create an encrypted volume, or unencrypted, and you have permissions about who can access, etc. Rackspace is just an intermediary, managing your Amazon S3 storage in the backend. (You have to provide S3 credentials to Rackspace, for them to use on your behalf.) So I created an encrypted volume, and stuck some files in there. God knows why I do this. I get products from vendors, and I just assume it's a complete piece of crap, and I test the hell out of every product before I deploy it to customers or users. It is absolutely *appalling* how many dismal failures of products exist on the market, and how horrible the general state of computing is, in terms of quality. But I digress. I decided to test rackspace in a way that I'm sure nobody has ever done before. I logged into S3, downloaded all the stuff that rackspace stored there, just to see what the supposedly encrypted backend looks like, and see if it met my standards for encryption. Sure enough, everything was obscured with some systematically generated filenames. I would never be able to find a specific file without them performing the intermediary translation layer for me. But I ran md5 on all my decrypted files, and all the supposedly encrypted files that junkle disk stored on S3 for me. And I found that some of the files were in fact, stored plaintext. I tried contacting their support once, for one ticket. Wasted time, got nowhere, they told me I'm simply mistaken, period. I told them they're simply wrong, period. And that was the end of it. Of course, I will not waste my time trying any more to improve their product or make them aware any further. I will just boycott their product(s) and tell everyone about it all the time. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
