 |
|
I understand the general sentiment here, and don't disagree. But I think ultimately this is about dollars.There is a LOT of money in the government defense sector. AWS is in an excellent position to capture a lot of that money, but their primary competitor in this space, Microsoft, has been preventing a complete domination and monopoly by Amazon. With Alexander on the board, this will ultimately lead to different/better insights for how Amazon positions itself in this government sector. Alexander can bring a ton of value, just with his contacts and networking alone, let alone the insight into how security and data operations work in the intelligence community. Ultimately, this isn't a step towards more government surveillance. The government can't coerce Amazon any more with Alexander on the board or not; the rules are still the same. This is fundamentally about Amazon's desire to get in on the lucrative big dollar contracts that would otherwise end up going to traditional defense contractors like Lockheed, Boeing, Northrop.
|
|
|
|
> For those keeping score, not only does Amazon own the The Washington Post and oversees the CIA’s Commercial Cloud Enterprise, it now has on its powerful board of directors the most visible figure from the NSA who illegally spied on Americans for the better part of a decade.This sounds tinfoil hat crazy, but here we are. Not so crazy now. Man in a position to have reams of compromising intel on the current president hired by a man in an ongoing battle with the president.
|
|
|
|
This: This sounds tinfoil hat crazy, but here we are. Not so crazy nowAt some point we need to just say it some of the largest tech companies are basically NSA+CIA partners and we're well on our way to having Big Tech completely integrated into NSA and CIA and DoD
|
|
|
|
The government created Silicon Valley: https://www.youtube.com/watch?v=ZTC_RxWN_xoI have no evidence other than the sheer obviousness of it, but the ties still continue to this day. I have no doubt it is kept hidden from most employees due to the general political leanings of most Valley engineers. For instance, my work does a ton of work for the DoE and you hear them mentioned all the time. The DoD is also a customer and you never hear their name.
|
|
|
|
|
|
Allegedly, Schmidt also games politics, albeit unsuccessfully, he spent millions on The Groundwork trying to prop up Hillary's 2016 campaign only charging them ~$700k (at one point they had 70 SWE/SRE on staff with most focusing on her campaign's needs for an entire year, they were only a couple blocks away in NYC from Hillary HQ). The company he invested in, Timshel, folded the same year as Hillary lost the election. I'd bet anyone money he wrote off his illegal in-kind contributions as 1099 losses. Check out his emails with Robby Mook.
|
|
|
|
Coincidentally, it was his daughter who pushed for Cambridge Analytica's parent company to connect with Palantir while she was an intern.
|
|
|
|
|
|
More history about Google's mapping products is available in Bill Kilday's book "Never Lost Again: The Google Mapping Revolution That Sparked New Industries and Augmented Our Reality". Kilday was a founder at Keyhole, the startup acquired by Google to become Google Earth.
|
|
|
|
Remember the Google I/O when the presentation included a mom waiting in a queue inside a park ride and maps calculated that it's enough time to have another ride and then go somewhere else?This was the moment I got afraid of every single Android device that's already on the market, sniffing around for everything they can find. If private people do this, they get jailed. If google does it, nobody gives a damn about it. There is no privacy, as everybody around you is compromising it without themselves knowing.
|
|
|
|
|
|
Regarding [2], the sensationalized, alarmist way the media reported this was not remotely accurate, nor would the conspiracy theory angle on this story make any practical sense.
|
|
|
|
Sorry, what's not practical about Google increasing their location accuracy for the benefit of both the consumer and the government?
|
|
|
|
The second link isn't about that, it's about Google stealing information from insecure WiFi using Street View vehicles.
|
|
|
|
Is there a solid source on what was actually collected?
|
|
|
|
Google’s official statement admitted to collecting payload data from unsecured WiFi networks but said it was a mistake from including a library with extraneous code. [1]The statement also linked to a third-party analysis of the relevant code which concluded: [2] "Gslite is an executable program that captures, parses, and writes to disk 802.11 wireless frame data. In particular, it parses all frame header data and associates it with its GPS coordinates for easy storage and use in mapping network locations. The program does not analyze or parse the body of Data frames, which contain user content. The data in the Data frame body passes through memory and is written to disk in unparsed format if the frame is sent over an unencrypted wireless network, and is discarded if the frame is sent over an encrypted network." [1]: https://googleblog.blogspot.com/2010/05/wifi-data-collection... [2]: https://static.googleusercontent.com/media/www.google.com/en...
|
|
|
|
|
|
JEDI has been headline news on CNBC for the last year. DARPA has numerous highly public initiatives and partnerships with SV darlings. Working with the DoD is almost never a secret, it just isn't sexy.The government didn't create Silicon Valley, Robert Noyce and the rest of the Traitorous 8 did. They did however bankroll semiconductor fabs here and in Texas for a few years but the world is better for it.
|
|
|
|
well why wouldn't they? Every government would love to have silicon valley. The question is why the rest of the world blindly trusts the narrative about data security
|
|
|
|
All these 3-letter acronyms exists to further American interests - for a long time that was primarily the military/industrial complex followed by oil/gas. We're now just seeing the focus switch to supporting big tech as a priority.
|
|
|
|
>All these 3-letter acronyms exists to further American interestsThat's a strangely Aristotelian view of organizations. It is as if you are suggesting that the 3-letter agencies have a fundamental essence outside of the intentions of the people who work there.
|
|
|
|
It's still distressing to see those intelligence agencies further entrench themselves into fields perfectly suited for a surveillance state. Their reputation makes trusting that they won't abuse it difficult.It may suit national interest, but it bodes poorly for the public interest.
|
|
|
|
They help the companies, who help the Government in return. And the whole conspiracy is carried on via the revolving doors of influence and networks of who knows who.Where the public suffers is that it's their tax money that funds this rather than going towards education, health, essential services, better wages, social and economic mobility - the list goes on.
|
|
|
|
>They help the companies, who help the Government in return. And the whole conspiracy is carried on via the revolving doors of influence and networks of who knows who.Except now one of the ways the companies can help the government is with readymade worldwide surveillance. That is much scarier than anything Dole could offer.
|
|
|
|
|
|
East India Company - been the case for a long time.
|
|
|
|
"The sinister Huawei has close ties with the Chinese government. Our companies can't compete on a level playing field!"
|
|
|
|
Tech is in bed with the government everywhere on the planet, and has been for a long time. The question has never been about fairness, it is: who has your interests in mind?
|
|
|
|
None of them particularly care about the average citizens interests, so treating the two similarly seems fair.
|
|
|
|
Who would you rather have logs of all your Internet activity: your own government, or another government thousands of miles away that is increasingly at odds with country's?
|
|
|
|
Over ehre in Small Belgium it doesn't feel like it.
In bed with big internationals for other reasons some of which local like de beers sure tho but that just smells more of corruption than anything protectionist or intelligence based
|
|
|
|
Because EU countries don't have mammoth sized, trillion dollar SW companies with a global monopoly.If your country's software industry is comprised mostly of 10-200 person web shops and consultancies there's no real gain for the Goverment agencies to be in bed with them.
|
|
|
|
Err... https://en.wikipedia.org/wiki/SAPBillion, trillion, shmillion, lose some, win some, it's all virtual. Not backed by anything real. I mean, you can see the house of cards falling down because of a sneeze right now :-)
|
|
|
|
If you follow that thought through to other industries, what do you think Denmark learns of US military movement and equipment from the armies biggest heavy lifter, Danish Maersk shipping? It can't be much since outside the software world companies don't sift through every single piece of "cargo" and goes to show why you shouldn't trust foreign software companies at all, allies or not.
|
|
|
|
In this case the US really doesn’t have my interests in mind.
|
|
|
|
As hard as it may be to accept, this is the reality we live in.
|
|
|
|
The government has used Big Tech forever. Oracle, Microsoft, Apple products have been used by NSA+CIA for about as long as those companies have had products. Yes, those companies sell to the government. They want to make money and the government has money.
|
|
|
|
|
|
Yep, and IBM helped nazis to run their concentration camps.Technology is power.
|
|
|
|
There is a difference between selling your product to government and working with government.I am pretty sure USA government buy's plenty of stuff from Chinese companies like everbody else does. Doesn't mean Chinese companies are working with it.
|
|
|
|
Even if they weren't explicit partners it seems highly likely that intelligence agencies would get covert access to the resources of the main web companies - they are just too tempting a target not to.
|
|
|
|
Well on our way?
lol... I wish we were only still in that stage...
|
|
|
|
It sounds tinfoils hat crazy because it is.No we do need to say that because is patently untrue.
|
|
|
|
Hey, want to hear something else a little tinfoil hat crazy and also 100% true?- Checking out on Amazon was always encrypted. - Browsing on Amazon was not encrypted until quite recently. Add To Cart wasn't encrypted. - High end network equipment includes support for monitoring your browsing on the guest wifi to send URLs from you browsing Amazon to price-compare or buy. See, for instance, Cisco Analytics for Retail.
|
|
|
|
> Browsing on Amazon was not encrypted until quite recently. Add To Cart wasn't encrypted.What do you mean by this? HTTPS has always been supported for browsing and adding to cart.
|
|
|
|
I think this varied by country. I was working on some HTTPS advocacy targeted at web sites before it was so ubiquitous, and I remember Amazon in the U.S. not allowing you to browse items with HTTPS probably sometime around 2010 (I think they would send a redirect back to the HTTP site).
|
|
|
|
Except that The Washington Post operates independently, and has strong editorial standards, something that a lot of "news" sites on the Internet today don't even pretend to have. The Post continues to publish articles about surveillance, as well as articles critical of Amazon.For example, here's reporting on an interview with Martin Baron, the paper’s executive editor: Mr. Bezos holds conference calls with The Post’s leadership every other week to discuss the paper’s business strategy but has no involvement in its news coverage, Mr. Baron said. During his occasional appearances at The Post’s building, Mr. Bezos sometimes stops by a news meeting "just to thank everybody," Mr. Baron said. "I can’t say more emphatically he’s never suggested a story to anybody here, he’s never critiqued a story, he’s never suppressed a story," the editor said. "Frankly, in a newsroom of 800 journalists, if that had occurred, I guarantee you, you would have heard about it," he added. "Newsrooms tend not to like those kinds of interventions, particularly a newsroom that’s as proud as The Washington Post. "If he had been involved in our news coverage, you can be sure that you would have heard about it by now," Mr. Baron added. "It hasn’t happened. Period." Source: https://www.nytimes.com/2018/04/02/business/media/to-trump-i... (edited for formatting)
|
|
|
|
That's not how editorial pressure works. Chomsky detailed it quite well, but in a few words:The advertisers react to "wrong" coverage by withdrawing support, the chief editor is very attuned so he assigns the right people to the right jobs before trouble starts, and the journalists so assigned naturally work quite sincerely. No actual orders to publish or withdraw articles need to happen.
|
|
|
|
Unfalsifiable conspiracies are my favorite kind!There's got to be a natural law that, for any given situation, one can compose a scheme whereby no proof of anything would actually exist, but evil would still be done.
|
|
|
|
That's not unfalsifiable. A verifiable leak will suffice. Perhaps what you meant is "what has not been falsified yet"
|
|
|
|
> The advertisers react to "wrong" coverage by withdrawing supportEasily attributable to business decisions / climate. > the chief editor is very attuned so he assigns the right people to the right jobs before trouble starts Staff assignment as a smoking gun? That's going to be a stretch. > and the journalists so assigned naturally work quite sincerely Indeed, just people doing their jobs. Who, pray tell, is going to leak what?
|
|
|
|
They eliminated their Ombudsman position in 2013. Not to pick on them, as most publications, NYT included have as well. I'll read occasionally, but definitely don't trust any of these any more without checking sources.Just being the owner taints their coverage even with no direct influence (again, we can't just pick on Wapo here either). "So Joe, want to spend our time on researching this piece critical of Amazon or one the other hundred stories?"
|
|
|
|
Look at it this way: the next time Amazon is in the news for some scandal, WaPo won't be covering it.
|
|
|
|
C'mon man. I have firsthand knowledge of an editor asking a contributor to remove mentioning Amazon in a story because it cast the company in a negative light.
|
|
|
|
If a random guy online uses an account created a couple of days ago to say he has knowledge of something without providing any proof or substance then everyone should just blindly trust him and take his word for it.Right?
|
|
|
|
Well... You may have firsthand knowledge or claim to have firsthand knowledge, but the rest of us don't.When you saw that happening, did you just let it slide? Where did it happen? Was the story originally about Amazon or was it just an off-topic side remark that didn't really fit in?
|
|
|
|
Not everyone is willing to martyr themselves for a cause. Just because no such information has leaked yet does not mean it has not happened or that there will not be such leaks in the future.Why should I stop sawing this branch I am sitting on, I havent fallen yet ?
|
|
|
|
> Why should I stop sawing this branch I am sitting on, I havent fallen yet ?Your argument is that we can't prove the absence of a conspiracy. Hence, a better analogy would be "why should i stop sawing this branch? just because gravity has never left me suspended in thin air doesn't mean it can't or won't happen in the future"
|
|
|
|
>figure from the NSA who illegally spied on AmericansI like the way you included just 'Americans', may be because it's just the domestic spying which is against U.S. law, may be because you thought 'spied on Americans' hits harder for an American reader than just 'spied on everyone'. But, for someone outside USA or China; there's absolutely no difference between U.S. tech or Chinese Tech w.r.t Privacy, what U.S. does privately, China does openly and that's not limited to just spying.
|
|
|
|
America won't arrest you on your vacation here just because you criticized the country on social media. I'd take American hegemony over Chinese hegemony any day of the week.
|
|
|
|
This bullshit game of "which is worse" between the US and China, with both countries constantly moving the goalposts, is just tiring. Yes, China is currently worse. But with children locked up in cages and a massive prison-slavery industry, not to mention crazy NSA spying and so on, you're kidding yourself if you say the US is that far behind.You can say, as a US citizen, that all this stuff doesn't affect you much. But I can tell you, from considerable first hand experience, that the average Chinese citizen says the same about China.
|
|
|
|
The difference is that here we have the freedom to criticize and organize against it. One of the presidential candidates wants to tear down all the stuff you pointed out.I can say that the surveillance doesn't affect me because it's almost unheard of for Americans to get arrested with evidence that the NSA collected. The NSA is not a law enforcement agency. In China arresting people based on data from surveillance is the norm.
|
|
|
|
> The difference is that here we have the freedom to criticize and organize against it.Edit: I am mostly addressing the organize against it part. USA has far better free speech protections than China Do you ? As an outsider it doesn't really look that way.
After watching events and protest around BLM, suddenly all those rights have gotchas in them. Watching USA protesters and Honkong protesters, and goverment respones to them, there were far more similarities than differences. (Well china was still worse, but not by as much as most USA people seem to think). The biggest difference in USA and china at the moments is that in USA some Politicians still listen to people (if only mostly out of self interest)
|
|
|
|
If we were like China, Joe Biden would be in jail. It's a different level entirely. Also please use some judgment when seeing America through the lens of our news media. They have every incentive to exaggerate stories so they can get more clicks and sell more ads. The police brutality at the protests is bad, but it's in a different ballpark than the Hong Kong protests. Here protesters don't have a reasonable fear of getting sent to mainland China to be imprisoned for decades, gang raped by cops in jail, and murdered while cops fake your suicide.
|
|
|
|
Regarding the reality distortion fields of Phox Noise and friends, what makes you think the news you get from the HK protesters are any different? Furthermore, please explain why the cameras were off when Jeffrey Epstein died? And the autopsy has been... err 'inconclusive'?
|
|
|
|
Only the latter two, but at least you won’t get sent to mainland China by us police.
|
|
|
|
> One of the presidential candidates wants to tear down all the stuff you pointed out."All the stuff" that was either started or expanded while he was VP. Yeah, sure he wants to tear it down.
|
|
|
|
But the FBI has been trained to hide the source of information, probably because it is illegal in many cases (maybe comes from NSA)... they call it parallel construction but it probably should be called something much worst.https://en.wikipedia.org/wiki/Parallel_construction
|
|
|
|
> here we have the freedom to criticize and organize against itAsk those who wanted to protest against recent disproportionate police actions and those who did and became targets.
|
|
|
|
> you're kidding yourself if you say the US is that far behind.Living in Europe I have the pleasure of hearing these kinds of naive comparisons on a regular basis. Somehow it's always "the US is basically China and/or Saudi Arabia". It's exhausting having to explain to people who are seemingly only capable of operating with a binary black and white worldview that there is a massive difference between certain shades of grey.
|
|
|
|
>America won't arrest you on your vacation here just because you criticized the country on social mediaCan you say for sure, that the phone will not be seized, imaged and/or bugged at the airport/border? Anyways you are talking about differences in what they do with the data or the person to whom that data belongs and not contending the fact that tech companies from both the countries spy internationally.
|
|
|
|
In America you can buy privacy if you really want it. Buy a laptop here, install linux on it, and use a VPN. The NSA can't stop you if you really want privacy. This is illegal in China, where every VPN must be state sponsored and monitored.
|
|
|
|
>In AmericaSee, that's what I'm trying to tell, What about 'Not in America'? Before I proceed further, I want to categorically state that I don't intend to come off as supporting privacy violations by one country vs another; My argument over this entire thread has been that it sucks for someone not in any of these countries as they all spy on us and it's taken for granted in this kind of discussions. That said, >use a VPN. The NSA can't stop you if you really want privacy. Because they have 'No logs' policy? Come on, don't be naive. Even the trillion dollar fruit company has been part of the program according to documents which hasn't been disputed. >This is illegal in China, where every VPN must be state sponsored and monitored. So you do agree that the Amercian VPN companies or any American company have double standards when it comes to China? Btw, almost every outsider in China installs a VPN to access content outside Great Firewall once they arrive, several U.S. services work without a VPN e.g. iMessage, Skype etc. I have heard of targeted deportation/arrests at airport, but never heard of random phone seizures at Airports.
|
|
|
|
>What about 'Not in America'?Same advice, buy a VPN if you want the services that it provides. >Because they have 'No logs' policy? Come on, don't be naive. Contract with a VPN that is audited and resides in a legally favorable country. I hesitate to endorse any particular company, but they're out there. Maybe privacy just isn't convenient enough for you. >So you do agree that the Amercian VPN companies or any American company have double standards when it comes to China? What are you talking about? >very outsider in China installs a VPN to access content outside Great Firewall once they arrive You are allowed to do this at their law enforcement's mercy. > several U.S. services work without a VPN Surveillance wouldn't work very well if it made people quit using the services and network. > I have heard of targeted deportation/arrests at airport, but never heard of random phone seizures at Airports. I wonder why they don't feel the need to seize phones at airports. As an aside, I recall reading that the PRC forces Uighurs to install spying apps directly to their phones. That is, all the Uighurs who aren't in "Vocational Educational Camps" and have yet to flee to America, where the supposedly oppressive American surveillance state is a breath of fresh air.
|
|
|
|
>What are you talking about?This - > >Same advice, buy a VPN if you want the services that it provides. >You are allowed to do this at their law enforcement's mercy.
|
|
|
|
Oh, I see. Yes. In America you are free to use whatever VPN you pay for, regardless of what country it's hosted in. The NSA won't prohibit it and cannot break it if it's using the right algorithms. If they wanted to intentionally examine your network traffic, that would require a court order. If they wanted to get past your VPN encryption, that would require targeted hacking of a US citizen, which is typically handled by regular law enforcement. The NSA doesn't primarily concern itself with US citizens because investigating them is, in short, a huge pain in the ass. If you have any evidence to the contrary I'd gladly read it.
|
|
|
|
|
|
I'm fairly sure that if the NSA want your data they will get it, if necessary using rubber hose cryptanalysis.Regardless of legality.
|
|
|
|
I'm very sure that you're wrong. Do you have any evidence that the NSA kidnaps and tortures people?
|
|
|
|
|
|
I'm going to go out on a limb here and say that a good number of commercial VPN services are monitored by the US of A.
|
|
|
|
No, they just deny entry, or (try to) clone your data, insist on passwords/unlock of all sorts of devices, and so on. And email addresses/social media accounts, other online presences.
|
|
|
|
I know, "land of the free, home of the brave"...right?
|
|
|
|
>But, for someone outside USA or China; there's absolutely no difference between U.S. tech or Chinese Tech w.r.t Privacy, what U.S. does privately, China does openly and that's not limited to just spying.Maybe for someone outside the US and China who doesn't travel and never intends on traveling. On the flip side if you ever plan on visiting either country there is a pacific-ocean sized gap in what you'll face visiting the two countries. I can't recall the last time someone was "disappeared" for criticizing Trump on twitter. The same can't be said for those who criticize Xi on Weibo.
|
|
|
|
That's because spying was his job (or at least, directing the spies).The moral criticism here is that he violated the law he swore to uphold by also spying on his own citizens, and then lied about it.
|
|
|
|
|
|
Does Amazon own the WaPo? I thought Bezos did.
|
|
|
|
|
|
You did? With 11% of the company?> Amazon's chief executive officer (CEO) and founder, Jeff Bezos, is the company's biggest shareholder, with 55.5 million shares representing 11.1% of outstanding shares.
|
|
|
|
|
|
|
|
All of Amazon's shares have the same number of votes.
|
|
|
|
Amazon has non-voting shares.Source: know someone who worked there. Bonuses were paid in the form of non-voting shares.
|
|
|
|
Maybe they were talking about options? You don't get voting rights by having options, you need to execute the options in order to get shares (and voting rights, in Amazons case).
|
|
|
|
Which would make him the majority shareholder. By a margin of 5% - almost double the next largest shareholder and more than the next dozen shareholders combined.In other words: he has unilateral control of the company. Welcome to publicly traded companies. You don't need 51% to control the company.
|
|
|
|
He's a de facto controlling shareholder due to how comfortably secure his plurality is, absolutely. And he's got a significant amount of de jure control by being Amazon's President, CEO, and Chairman of its Board of Directors. It's under his control in many real senses.But he's not a majority shareholder, since his percentage of ownership does not exceed 50%.
|
|
|
|
No, welcome to online opinions of companies.
|
|
|
|
>he has unilateral control of the companyBu that reasoning, if 1000 people each own 0.1% of a company, and one buys another out, then the person with 0.2% has "unilateral control of the company", implying that the other 99.8% could not stop the desires or action of the 0.2%. This is nonsense. Any 3 of the 999 could stop the 1.
|
|
|
|
That quote is not in the article and is not even true (Amazon does not own the Post, and FISA warrants are legal).Where did you get that nonsense?
|
|
|
|
> who illegally spied on AmericansAnd this guy lied to Congress about it. And unlike plain folks who would have been prosecuted and jailed for this, he wasn't even indicted.
|
|
|
|
Amazon does not own the Washington Post. Jeff Bezos does.
|
|
|
|
Amazon doesn’t own the Washington Post.
|
|
|
|
> This sounds tinfoil hat crazy, but here we are. Not so crazy now.Nothing about Amazon hiring a former NSA director to its board is "tinfoil hat crazy". It's in fact perfectly rational, since Amazon is literally in the business of selling services to the federal government.
|
|
|
|
I think he got hired because AWS likes government and military contracts, and he has personal phone numbers of people who make that sort of decisions. And he doesn't have them through NSA data gathering, but because he can call these people and ask if they'd like to have a steak dinner and talk about why they should choose AWS...
|
|
|
|
Maybe. And even if he doesn't have the dirt on various people with power, including a bit lower down the food-chain. The idea that he might gives him an edge in those steak dinners.It stinks no matter how you look at it. Actual criminal getting rich post crimes while Snowden who let us all know what a crook he is, is stuck in exile. The rule of law and equality before it needs to be established. "Bezos Taps Criminal To Strengthen Bid For Government Work" Is about the kindest possible spin you can put on a headline for this story, right?
|
|
|
|
While I agree in principle, it hasn't really worked out well for IronNet. Maybe they stabilized now, but all those relationships didn't really produce the amount of business they thought they would.
|
|
|
|
Did IronNet not do well in government or public sector?
|
|
|
|
>illegally spied on Americans for the better part of a decade.
A decade? Just a decade?
|
|
|
|
|
|
> reams of compromising intel on the current presidentWorth nothing that those reams of compromising intel on the current president only exist because the current president... has, himself, generated reams of compromising intel.
|
|
|
|
Yea, it seemed a weird speculation that going after Trump using WaPo would be a serious reason behind the onboarding.They already publish a ton of heavyweight criticism... and I think there is no new information that could persuade those that still support Trump.
|
|
|
|
Donald Trump's very own Twitter account is a steam of hard-hitting criticism ;)
|
|
|
|
The implication here requires a few things to be true.1. The CIA illegally collected intelligence on Donald Trump prior to his election to the Presidency 2. This intelligence was specifically of a compromising nature to President Trump 3. This intelligence was retained and can be retrieved at a moments notice 4. The retired DCI, who is no longer a government employee, somehow retains his read ins, Need to Know or accesses or... 5. Has personnel working within the IC who do have access to this information that would give it to him. 6. That the DCI has provided the existence of this information to Jeff Bezos 7. Bezos then provides a PUBLIC position for this person on the Amazon board as a way to pay for access to this information that Jeff will then ostensibly have as a "secret weapon" to blackmail a sitting President This type of conjecture is on par with other conspiracy theories which are so far from realistic that they defy logic to believe. I'd love to see the combined probability estimate for something like this. Others have said it better - Hayden knows the DoD and IC process for IT basically better than anyone, and can help Amazon win more business. The end. Pretty simple.
|
|
|
|
> 2. This intelligence was specifically of a compromising nature to President TrumpYeah, that made me laugh.
|
|
|
|
Plus we've already had an impeachment trial. If there were damning, conclusive evidence that the CIA possessed on Trump, that would have been the time to present it.
|
|
|
|
Collecting on a US person without a warrant likely would have been illegal and not viable evidence.
|
|
|
|
The impeachment trial is not a trial.
|
|
|
|
There was never any presentation of evidence.
|
|
|
|
It’s getting to the point where most people’s mental health would probably benefit from ignoring all this. It’s all very bad and will probably push you into coming up with crazy conspiracy theories.
|
|
|
|
Here in Germany I used to work for a company that swore off Amazon and other US cloud vendors because of things like this: the relationships between them and the government are too tight. They didn’t want German user data being compromised. It could have been FUD to do things on premises or what not but it seemed to make sense at the time and now with this...
|
|
|
|
Exactly. I'm constantly surprised how many companies carelessly upload all their internal documents to Google Docs, S3, Dropbox, GitHub, Slack et al. I'd suggest that anything that's not supposed to be public never be uploaded to such services, specially if you are not from the US.
The way to go even for small tech companies is self hosting, except maybe for email, due to GMail marking your emails as spam from what I've heard.
|
|
|
|
My company self hosts everything. They’re so bad at it. Something is always down and we waste so much time with our shorty tooling. We even had this amazing idea that we could implement our own version of GCP from scratch. The result is dismal, we dread using it because it’s very unreliable, and it costs double or triple what GCP costs. We’re not a small company, we have about 1k employees and our business is software.
|
|
|
|
I've come to appreciate the value of a really good, dedicated sysadmin. I used to think I was pretty good at it and that was fine, but I've come to realize that the skillset for an awesome sysadmin are quite a bit different than a developer, even though there is some overlap. And there is definitely a range.
|
|
|
|
Unfortunately the market doesn't appreciate systems operations skills as much as software development, despite those skills being rarer and having a wider organizational impact in more industry verticals. Software developer salaries trend 20-30% higher at every single career stage than sysadmin/ops salaries, and at the top, there's usually management adjacent engineering track stages at larger firms for software developers like "principal", "distinguished", and "architect" which are not open to operations folks.I was in ops for 13 years, and if you were to talk to any of my former coworkers they would bury you with praise for the quality of my work. Yet, I eventually chose to move into a management track because I had peaked my career about 7 years in and didn't realize it until later. There was nowhere I could go up, because I wasn't a software developer. Now I'm a manager that has technology understanding, which has a high value prop for many orgs all on its own, but I do sometimes miss "getting my hands dirty". I've worked with a lot of software developers over the years, and while there are a handful who are really incredible, the majority of people are just mediocre. That's expected and okay. The same is true for Ops folks, as it happens, although generally it takes more competence to rise to "Senior" on the Ops side vs software. The thing is, "Senior" is as high as it goes for Ops folks. So you might meet really stellar Ops folks who are effectively titled and paid the same as a mediocre developer with 3 years of work experience. It's simply not sustainable, and the push towards moving everything to the cloud and off-premise is probably a symptom of this (not enough quality Ops folks to keep things on-prem) and exacerbates this (reducing need for quality Ops folks, driving down market demand, unless you want to work at a cloud provider). Pretty much all of the other Ops people I've respected and admired over the years have moved into different career paths. I find the same is not true for software developers. So when younger people ask me about career paths, I always recommend software over Ops, if they are adamant they never want to go into management. It's kind of sad, I suppose, but that's the way of it. I appreciate that there's a subthread on HN where folks recognize and respect the value of competent Ops folks, but I think you'll find that most are being pushed out of that career path.
|
|
|
|
>quite a bit different than a developerExactly! I'm a sysadmin (sometimes a Dev), but sysadmin is what i'm really good at. The most important thing is to see a solution from another perspective.
|
|
|
|
As a developer I completely agree. I have some knowledge of system administration, but I much prefer with dedicated professional where possible. It's partly just a different set of expertise, but I think it's partly also why it's best to have dedicated people doing QA work. The attitude required to do the work is completely different to dev work, and it's hard for one person to wear both hats.
|
|
|
|
Seconded. A sysadmin dedicates their professional life to deeply understanding systems, networks, and their interconnection. I am lucky if I can keep up with changes to my languages and frameworks as a programmer! Thank goodness there are sysadmins out there who can help us poor programmers out when our relatively basic understanding knowledge of linux fails us.
|
|
|
|
> The result is dismal, we dread using it because it’s very unreliable, and it costs double or triple what GCP costs.I'll be honest - you guys need to find a new technology partner then. Creating a private cloud that's reliable and offers the basic services that the major providers have is not difficult in 2020. Some of the aaS stuff can get tricky but is still entirely do-able. Regardless, if they found a way to make your infrastructure MORE expensive than the public clouds they either have no idea how to negotiate or are really, really bad at their jobs. The public cloud is a lot of things - but cheap isn't one of them.
|
|
|
|
A tradeoff might be to keep encrypted data on GCP with keys managed on-premise with transparent encryption decryption by way of a local proxy.
|
|
|
|
Most businesses need a lot more than dumb storage from their IT systems though...As soon as you start using the full suite of cloud tools, it's impossible to not give the provider the encryption key...
|
|
|
|
Is there yet an open-source alternative to GCP? Can you buy bare metal and just have your own cloud?
|
|
|
|
Presumably Kubernetes is the answer here, but you need to run a lot of things yourself that come for free with GKE. Also "just buy bare metal" ignores the massive effort involved in operating a data center.
|
|
|
|
|
|
Depends on what is desired... theoretically using Proxmox and VMs containing CapRover hosting docker containers should get you everything you want... but the ability instantly scale upwards is difficult to do yourself.
|
|
|
|
> the ability instantly scale upwards is difficult to do yourself.If your business involves any amount of low priority bulk compute, this gets much much easier. You simply let the low priority stuff fall behind while your order to Dell for new servers is being delivered... Also, if you have compute that could be on-prem or could be in the cloud, you can set up a kubernetes cluster spanning both and let non-privacy-sensitive overflow to GCP as needed. All of the above rarely comes out cost-effective though, because while the raw compute is cheaper to DIY-it, when you factor in the staff time to build, maintain, and deal with the shortcomings of your bodged-together on-site solution, it's going to come out much more expensive.
|
|
|
|
I don’t think so. But knowing my company’s capabilities and proficiency, it was obvious it was never going to work. Would have been much more logical to buy from one of the many local providers who run their own data centers. It doesn’t really matter because in the end the solution is so bad that we try and use GCP anyway whenever we get the chance.
|
|
|
|
OpenStack is probably the closest but it will not have everything GCP or AWS has
|
|
|
|
It's probably enough for most organizations, though.
|
|
|
|
I use both MS and Google at various locations. The result is also dismal... But we can all be exasperated together and vent about how awful it is without upsetting anyone.
|
|
|
|
I work in banking in Europe, one of the internet-only ones. We have super rigid governance routines regarding cloud storage. You can’t store a single byte on any cloud service, even incidentally, without a thorough review ensuring that no customer data is present.Meaning, e.g. there are specific, rigid rules regarding how Postman can be used while developing backend services, to avoid that customer info is inadvertently transmitted during testing. Of course, it’s a PITA, but it serves its purpose.
|
|
|
|
Yeah, Postman has gotten dirty. Why the hell should a REST client/testing tool transmit everything to the cloud?
|
|
|
|
Postwoman might be enough for you if looking for a replacement and it's FOSS
|
|
|
|
|
|
Depending on what you're doing, just use curl
|
|
|
|
Just like you could just use nano in place of IntelliJ.But the idea that Postman is actually git in that analogy is hogwash and a way to wrest data out of people.
|
|
|
|
I think you’re really overestimating the ability of most small tech companies to self-host reliably and securely.
|
|
|
|
I work for a relatively small company (about 15-20 odd people) and we've got a server rack in the office. It's positioned in a very specific angle (with tape on the floor) along an AC unit because of cooling, but we self-host a lot of our stuff.It's done on a budget as well so we're kinda forced to use open source software. Weirdly enough we use Skype for work chat and Zoom for video meetings, so it feels a bit inconsistent.
|
|
|
|
You’d be surprised. We had security that rivaled even the standards required by the banks. Truly crazy high multiple physical key paired with vault and some faraday cage protected offline signing thing — I wasn’t privy to it all just saw bits of it while it was being implemented. Suffice to say it can be done and by going off cloud you get the flexibility to do things like this but... in the end it’s overkill
|
|
|
|
For every 1 of those crazy high security companies, there’s probably 1000’s that couldn’t secure MongoDB instances.
|
|
|
|
Perimiter security is not vouge but its better than publicly accessible on the Internet. I would argue if are not comfortable with security take it off the Internet and put it in a dmz. You still need security, but it's a more forgiving environment if you get it wrong between setup and pen test.
|
|
|
|
And they will host it on Amazon, Google or Azure where their firewall admin won't possibly notice..
|
|
|
|
They could if the spent the $ and recruited experienced people.
|
|
|
|
What do you think they did before the cloud?
|
|
|
|
This is what amazes me. I suspect there's an entire generation of developers and technologists that don't realize we used to manage infrastructure and deploy applications ontop of it.It's like as if somehow, in many eyes, that's impossible now. Depending on your scale, it may be impractical given external hosting options but it's certainly not impossible. Lots of data centers rose and started automated processes of shared hosting and co-locating hardware which was a step forward. I remember working with Rackspace, Equinix, The Planet, etc. which further automated quicker server deployment, had applications for UPS resets/interrupts, etc. The more you moved towards a specific business's automation services, the less portable your infrastructure was outside that environment. That continued on until you now have more sophisticated hosting like what AWS and GC provide. Now, abstractions exist for about everything in a data center and the trade off is that you now have to manage all that complexity through proprietary APIs, consoles, and so forth. In addition, the tradeoff here is the more complex the infrastructure, the less easy it is to shift it to another provider. That may be fine for you, it may also not be. It's all definitely possible though.
|
|
|
|
I'm not devops, but how hard is it to properly set up VPN / ssh ?We have a gitlab server, and connecting requires being on VPN, which requires 2FA, and then ssh, which requires your keys to be properly set up.
|
|
|
|
Parent comment is talking about self hosting "Google Docs, S3, Dropbox, GitHub, Slack". Running all those things (and more) instead of focusing on your core business is probably a mistake for most companies.
|
|
|
|
I don't think so. The company I work for is really focused on digital independence. Their core business is industrial electronic component design. The whole supporting office runs on libreoffice, thunderbird, mattermost and nextcloud, all hosted on company premise. They employ two full-time admins, one for the windows clients, the other one for the linux clients (which one can ask for) and servers. This whole setup is, according to them, surprisingly easy to manage and maintain, you just have to find a boss who's willing to try it. Maybe it's different when you're a software shop and really need s3 or something
|
|
|
|
Indeed.As long as you have decent hardware (cpu/ram mostly) and reliable storage (netapp or something similar) you can get stuff done very easily. Also, most people seems to not have noticed how fast computers and disks got recently and how resources you can pack into a single physical machine: you can nowadays fill a 2u, 2socket machine with 128c/256t (2x amd epyc) and literally terabytes of ram...
|
|
|
|
Parent comment is also talking about small companies. Below a certain size all those things (well, equivalent services, not those exactly) don't need more than a single server which is fairly painless. When you grow to a size where you need it at scale, that's where the pain starts.
|
|
|
|
You could still host it in a country with a less bad track record of industrial espionage.
|
|
|
|
> You could still host it in a country with a less bad track record of industrial espionage.Good luck finding one.
The world is divided in 3 spheres of influence: US, China and Russia. To make business you must obey one of them.
|
|
|
|
|
|
> Plus the EU, surely?For most practical purposes, the EU is nested within the US sphere of influence.
|
|
|
|
|
|
Ah, gotcha, agree that makes no sense. We only self-host gitlab and zulip.
|
|
|
|
You have to do some planning, but it isn't too hard. The most issues arise from compromises between security and convenience. Cloud services can offer both in the best case, but aside from O365, which is really sluggish, we are actually in the process of migrating back to on premise solutions.Nobody attacks code repositories of non-software companies anyway, people are after CRM and ERP data. There is the occasional issue with malware from mails and special users, but a backup solution with 15min snapshots solves that issue. Although the latter can cost a bit and might be too expensive for smaller companies.
|
|
|
|
It might not be hard, but now you need a number of skilled sysadmin devops people who can also be availble oncall.Thats not a insignificant cost.
|
|
|
|
This is a new thing. Earlier tech companies use to start with an on premise server.
|
|
|
|
And doing this is so simple. Just host your own gitlab server, and version all your company's IP on git. For chat we use Zulip, which we also self-host.And honestly moving to these tools from slack, confluence, etc. has been awesome. Zulip threading model is great. So much better than slack. And using markdown and jupyter notebooks for documentation on gitlab? Damn awesome.
|
|
|
|
A few questions:- Is your company mainly a software company? - How much time do you spend on a week on maintaining your servers? - How do you make sure that your servers are secure? Maybe you are being hacked every night, does your company have the means to check if there has been a security breach? - Do you follow/apply the security patches for the OS you are using on the server and all the software you are using on the server? - Do you have regular offline backups? What would happen if there is a fire in your offices? These are some of the reasons to go for a cloud solution, especially when you are not a software company (hence you don't have many people who have the knowledge for setting up/maintaining such stuff) or when you don't have the resources to hire dedicated sysadmins.
|
|
|
|
> Is your company mainly a software company?Mostly yes. We obviously have sales, marketing, etc. as well. > - How much time do you spend on a week on maintaining your servers? I don't do devops. There is a team of people that works full-time on IT infrastructure. No idea how time they spend. Gitlab and Zulip servers are updated every couple of weeks. No idea how much time these cost. > - How do you make sure that your servers are secure? Maybe you are being hacked every night, does your company have the means to check if there has been a security breach? There is a team of people that work on cybersecurity monitoring. No idea what they do. Normal IT people just make sure that everyone's computer is encrypted, setting up people's credentials, etc. > Do you follow/apply the security patches for the OS you are using on the server and all the software you are using on the server? I don't do anything, somebody does this for me. > Do you have regular offline backups? What would happen if there is a fire in your offices? We have multiple locations and the backups are replicated across our own locations.
|
|
|
|
Thanks for the answers. The reason I asked these questions was because your previous reply started with "And doing this is so simple.". But having full-time teams of devops, cybersecurity and IT is not so simple or cheap after all.
|
|
|
|
SAAS it's increasingly requiring security experts in house anyway. Yes the cloud providers can help, but they may also be an unknown liability.Obviously we're not all going to build our own CPUs from sand at a local beach. So there is a balance between DIY and vetted suppliers
|
|
|
|
I got to use zulip for a big project last year, I do very much recommend it, lots of emotes too which was pretty fun
|
|
|
|
And that's official policy; in a lot of places I've worked at, there's a lot of bring-your-own-device things; self-employed, consultants, etc who are quite casual about using things like dropbox and co to share company data.I mean I like to think the data has no value to e.g. the US or competitors, and that the sheer volume makes it worthless, but I suspect that's just a lack of imagination on my part.
|
|
|
|
surely encrypting at source would solve that? wouldn't matter where it's stored so long as it's unintelligible to prying eyes
|
|
|
|
As the recent court ruling on privacy shield decided: no, it's not, you have to treat encrypted user data just like unencrypted user data, and giving it to US hosters violates EU privacy laws.
|
|
|
|
you can encrypt. In face isn't it best practice to encrypt in storage and in transit?
|
|
|
|
This is way too high level a statement, only good for satisfying an auditor. For actual security, it's much harder.
|
|
|
|
But you have to follow through. You can't stop at the cloud and happily use closed source software from (eg) Microsoft or Apple. Or letting people carry Google-powered microphone arrays into meetings in their pockets.
|
|
|
|
I think there's big a difference between using Windows (with local account only) and using Amazon cloud services, in terms of data safety.
|
|
|
|
Are you sure you didnt spell "China cloud" and "Huawei" wrong? /sJust because we (Germans, Europeans) are culturally closer to Americans and share certain values does not mean that we should have a double standard on our external affairs. We are kicking out Huawei. When will we kick out Amazon, Google, Apple and Cisco?
|
|
|
|
Though I completely agree that the double standard is ridiculous, the reasoning behind it likely involves the complicated arrangement between Germany and the US military. China doesn't still have 30,000 troops "occupying" Germany.
|
|
|
|
How are they occupying Germany? When was the last time they’ve intervened or even threatened to intervene? Don’t blow it out of proportion.
|
|
|
|
Didn't they threaten to invade the Netherlands if they continue their investigation in US War Crimes ?
|
|
|
|
You are, I believe, referring to the "American Service Members Protection Act" [1], signed into law in 2002 by Bush?This law, still on the books, theoretically allows the president to order military action against the ICC in Den Haag (The Hague) should they ever try an American Service Member. > The act also prohibits U.S. military aid to countries that are party to the court. However, exceptions are allowed for aid to NATO members, major non-NATO allies, Taiwan, and countries that have entered into "Article 98 agreements", agreeing not to hand over U.S. nationals to the court. [1]: https://en.wikipedia.org/wiki/American_Service-Members%27_Pr... Nonetheless that does not make the US forces in Germany an occupational force.
|
|
|
|
> Nonetheless that does not make the US forces in Germany an occupational force.A stick is a stick regardless of whether it has been used to thrash someone lately.
|
|
|
|
I put it in quotes in an attempt to highlight that it was not a formal military occupation. Their presence does show some level of influence the US military has and it is a threat to prevent Germany from making any truly radical moves.
|
|
|
|
Has Germany asked the US to leave? Taking all the US Money with it? Some how I doubt it.Maybe Germany (and the EU as a whole) should start paying for its own defense, and paying their agreed to share of GDP into NATO while they are at it
|
|
|
|
> Maybe Germany (and the EU as a whole) should start paying for its own defense, and paying their agreed to share of GDP into NATO while they are at itHuh, and here I thought it was 2020 and not 2024. Weird.
|
|
|
|
Are Huawei and Amazon/Google/Apple/Cisco equivalent?Is the "spying" by the US on Germany as damaging to Germany's future as spying by the Chinese? If you answer these questions honestly, you'll understand why you're making a false equivalence.
|
|
|
|
Maybe when we (re)create our own electronics industry. Even China has problems with sourcing components (the TSMC/USA licenses case). It also doesn't help to be a collection of small countries that can be played one against the other by USA, China and Russia and possibly others.
|
|
|
|
> Maybe when we (re)create our own electronics industry.It works the other way around. We cannot have an European industry meanwhile USA government backed-up companies are competing with our startups. > collection of small countries Europe is bigger than the USA. And the division within the USA is as big or bigger than Europe. And, we cannot talk about China.
|
|
|
|
> Europe is bigger than the USA.OK, on some metrics. But I think nobody questions which country is still leading the world. > And the division within the USA is as big or bigger than Europe. And, we cannot talk about China. I don't agree with this or we're talking about different things. The grip of Washington DC on the states of the USA is much stronger than Brussels' on the countries of the EU. The degree of sovereignty is very different. No matter the internal divisions inside the USA, first of all there is one USA. On the other side of the ocean first of all there are multiple competing EU countries, each of them trying to exploit the others and the EU and with different economics and foreign policy goals. About that, do (random picks among large states) California, Texas and New York have a foreign policy worth talking about?
|
|
|
|
You make it sound very benign and positive; "leading the world". In actuality it is more often than not bullying, forcing, coercing, buying. You can of course call that leading the world but really it is leading in the same way wolfpacks are leading their pray. There's no doubt that leading -when meant in a positive way- the US is not in any way a leader or near the top. Being number one in say use of military force around the world, most incarcerated, worst foreign aid by any western country (tied to the defence industry), etc. isn't something anyone else is striving for.So yes, the US might be "a leader", but so was Saddam Hussein and Pol Pot, and yes it migh be able to bully others to do what it want, but it is in no positive way a leader of the world. So in short, yes many many people is most definitely questioning that the US is a world leader.
|
|
|
|
At least Airbus worked (somewhat). So there is that.
|
|
|
|
You answered your own question. We can't control Huawei so goodbye. The others we can so they get to stay.
|
|
|
|
I find that neither pragmatic nor ethically sound.If you're in a security alliance with countries you share values and goals with, how can you not apply different standards in terms of data sharing? And how can you not react somewhat differently to any transgressions, mistakes and imperfections? I know Trump has made this very difficult by making his personal whims indistinguishable from the interests and commitments of his country. In my view this is a form of corruption that does massive damage to the U.S. And yes, democratic control over security services has been rather tenuous at the best of times. But I still see many good reasons not to impose broad economic sanctions on allied democracies. And I do see good reasons to side with them against completely illegitimate regimes that use their security services to keep themselves in power without a democratic mandate. Of course there are many grey areas and a lot of valid criticism. But asking for Europe to officially impose economic sanctions on the U.S is not a proportionate reaction to that. The economic damage would far outweigh any additional freedom or security. If you refuse to apply a degree of pragmatism and proportionality, other countries would then have to impose economic sanctions on Germany for their use of Staatstrojaner. Essentially, all cross border trade in digital goods and services would have to end globally. That can't be a good idea.
|
|
|
|
>And I do see good reasons to side with them against completely illegitimate regimes that use their security services to keep themselves in power without a democratic mandate.Really though, with the system in place in the US it isn't in a position to point fingers. Do you really feel the poor homeless person has more power in the US elections than in those you just compared it to ? I really don't. So yes democratic countries should work together but the question is, does the US belong in that club or did it force itself on it? The answer isn't really that easy.
|
|
|
|
>Do you really feel the poor homeless person has more power in the US elections than in those you just compared it to ?Yes I do. It follows from the simple fact that there are no free and fair elections on those countries. Freedom of speech in combination with elections gives us some power to change things. People in dictotorships don't have those powers, regardless of whether or not they are homeless. Homelessless exists in Europe as well by the way.
|
|
|
|
I mean, there are still monarchies in Europe. How are you suspect of the US and not the british if you are concerned about an over powerful executive.
|
|
|
|
> I mean, there are still monarchies in Europe. How are you suspect of the US and not the british if you are concerned about an over powerful executive.Umm... the British monarchy hasn't held executive authority in centuries. They're window dressing like almost all European monarchs.
|
|
|
|
I think there’s a lot more to it than just sharing values. If my values are mutually exclusive with your values, then there’s a lot more reason to kick me out.
|
|
|
|
There needs to be EU based options before any of them could be replaced.
|
|
|
|
As always, if there ever threatened to emerge one it will be bought by a US company with free petrodollar.
|
|
|
|
I don't know... I don't think there's a strong business case or CSO case for ditching Amazon for ties to yhe US gov't.What are the realistic odds that someone internally at Amazon is going to break into your instances to look at your data if you're just a regular business? If you're in a German cloud, those risks are probably higher since your business has local competition, and if you're self-hosting, then your overall security risks are even higher. This seems like a emotional choice, not based on realistic business or security sense.
|
|
|
|
What are the realistic odds that someone internally at Amazon is going to break into your instances to look at your data if you're just a regular business?Going to go out on a limb and say that the NSA is going to have an easier time breaking into your on-prem servers. Hiring a retired General for influence is as old as this town. People are reading too much into this. This doesn't make it more or less likely for Amazon/NSA/CIA/whatever to steal your data.
|
|
|
|
Personally I have 100% confidence that the big clouds are not going to compromise customer data for their own benefit.Perhaps Amazon did this on an abstract level to understand video streaming and the Netflix business to create Amazon Video but I doubt Amazon would have cared for the tiny startup I worked at here in Hamburg. But the hysteria and the "but what if?" thinking is real and it was really codified in bank contracts. So much so that BaFin stipulated that the tech stacks could be audited and there was no way that Amazon was going to allow anyone in to look at it and such. On the whole if it can be afforded my team is so much more productive being able to build on AWS than to spend all that time both building our product and the infrastructure to go with it. I’m just not that smart.
|
|
|
|
While AWS is a different operational unit than the shopping one, it is known that they didn't play fair with some vendors. In the end, they cloned some, and ruined some.
So the vulture culture exists in parts.
|
|
|
|
> BaFin stipulated that the tech stacks could be auditedIt's hard to imagine that this includes the code within a Cloud provider. If you're using a Windows server, are they expecting Microsoft to fork over MS source code? This just sounds like an overly-conservative interpretation of the rules. It basically rules out ANY cloud solutions - which is unreasonable and wouldn't ever hold up under scrutiny even if the Bank or regulators explicitly asked for it.
|
|
|
|
> What are the realistic odds that someone internally at Amazon is going to break into your instances to look at your data if you're just a regular business?I mean, there's this: https://www.wsj.com/articles/amazon-scooped-up-data-from-its... > The online retailing giant has long asserted, including to Congress, that when it makes and sells its own products, it doesn’t use information it collects from the site’s individual third-party sellers—data those sellers view as proprietary. > Yet interviews with more than 20 former employees of Amazon’s private-label business and documents reviewed by The Wall Street Journal reveal that employees did just that. Such information can help Amazon decide how to price an item, which features to copy or whether to enter a product segment based on its earning potential, according to people familiar with the practice, including a current employee and some former employees who participated in it. If you're a regular business and Amazon doesn't want to launch a new hosted product competing with you, then maybe you're safe. But if they want your data, why not just take it while repeatedly insisting that they don't?
|
|
|
|
That is an apples to oranges comparison.It is wildly different to scoop up data from your own Amazon.com platform vs BREAKING IN to a private AWS instance. They aren't even the same divisions in Amazon Inc, so it would be extremely obvious to everyone, very inappropriate, and most likely get leaked that it was happening.
|
|
|
|
Oh, come on. This kind of naïveté is contagious.I'm pretty sure you can think of stronger business cases against Amazon/US-Milspec involvement in a non-American business. Amazon, in the hands of Americas spooks, can do a lot of damage to the world of non-Americans; i.e. anyone the spooks decide to hate/target for usurpation. You think Germany is inured from such attention?
|
|
|
|
I think your being overly paranoid. The effort required to covertly break into an AWS instance and not have anyone in the sysadmin teams know is simply not worth it for 99.9% of businesses.I run a simply mid-level business. Amazon doesn't give a crap about my data - that, above all, is what keeps it safe. I'm just not important enough to bother.
|
|
|
|
The whole point about mass data surveillance is that your data is not important enough to bother, until it is.
|
|
|
|
Too tight? As in they could be separated? I see - does it just take a different name to make a distinction then?
|
|
|
|
But it's hard to avoid the cheap offerings of US cloud. I'm from Sweden myself and I'm only speaking as a layperson who is observing the IT industry.It feels like the rampant capitalism in the United States, and lack of regulations, fuels the VC economy. Making startups like Google, Amazon and others possible. I can't imagine a company running on hundreds of millions in dollars of VC money with no real profit coming in, just hoping for an exit. That's a very strange phenomenon, sort of like the .com bubble never burst but just got bigger. I'm afraid that in order to see the same rapid development of cloud companies here in Europe we'd have to adopt the lax corporate regulations of the US. Which in turn would lead to other issues like workers losing rights.
|
|
|
|
Eh. I don't get it. There have been so many postings and comments here on HN and elsewhere about how the cloud is NOT cheap, how they saw they burnt money there, and saved large amounts by doing it for themselves. Not to mention vendor lock in.
|
|
|
|
A lot of folks mis-configure / mis-manage their instances so as to use way more resources than they really need.
|
|
|
|
Yah. But that wasn't the case in the cases I remember. They were sometimes very detailed.
|
|
|
|
> It feels like the rampant capitalism in the United States, and lack of regulations, fuels the VC economy.Google, Apple, Amazon, ... are not startups, they are behemoths backed up by the USA government. Europe has many very good startups that are just purchased with USA dollars once they are successful. > we'd have to adopt the lax corporate regulations of the US That would only ruin Europe standards of living and open us more to be purchased by USA companies. The other way around is the way. It worked for China. Forbid non-European companies to purchase key software companies. USA is not successful because capitalism, USA is successful were the government puts a lot of money: Military, I+D.
|
|
|
|
>Google, Apple, Amazon, ... are not startups, they are behemoths backed up by the USA government. Europe has many very good startups that are just purchased with USA dollars once they are successful.What I meant was that they were startups at one point. I could have given other examples but there are so many that it's hard to decide. Dropbox, Reddit, imgur just to name a few. This site should know plenty of VC fueled startups. The point was not which startups to name as examples, the point was that lack of regulations make this whole VC system go around. I could never see that system working here because bureaucracy slows everything down and forces corporations to do things like care for employees and pay taxes. But with that said, recent news shows that Sweden has given tax exemptions to Facebook and Amazon just like everyone else. To curry their favor. It's frankly disgusting.
|
|
|
|
> I could never see that system working here because bureaucracy slows everything down and forces corporations to do things like care for employees and pay taxes.Again, you are getting it the other way around. Taxes to invest in education and Development and Research and high qualified citizens is what allows innovation and good companies.
|
|
|
|
> USA is not successful because capitalism, USA is successful were the government puts a lot of money: Military, I+D.This is incorrect. The current big tech companies became successful and massive without any special government deals. Google dominated search, Microsoft dominated all business and home PCs for decades, Apple and Google dominated mobile for consumers and businesses, Amazon beat them all to cloud and ate online retail with free fast shipping. It’s only recently with JEDI that Amazon/Microsoft tried to attach directly to the government’s wallet in a big way. And even with losing that, it will be a drop in the bucket for either of them. These companies were successful because they were allowed to move quickly and beat out competitors. The entire Internet industry blossomed and gave birth to these companies before the government even took the Internet very seriously.
|
|
|
|
> The current big tech companies became successful and massive without any special government dealsWhere did their finance came from: previous SF companies and angel investors Where did these companies get their funding from: US government The current companies are only the "daughters and granddaughters" of massively government funded companies in Silicon Valley
|
|
|
|
> The current companies are only the "daughters and granddaughters" of massively government funded companies in Silicon ValleyVery good point. Many people forgets how much money the state invest, as it should, on technology and to create an industry. From ARPANET to the WWII computers (or NASA), technology needs a level of investment that only states can afford.
|
|
|
|
With the Schrems 2 ruling of this summer finding the Privacy Shield inadequate for storing personal data in US-owned clouds, your previous employer made the right choice for GDPR compliance.Cloud Act and National Security Letters really fuck things up for American cloud providers with regard to doing business with European customers.
|
|
|
|
Amazon is like the Huawei of the US. Strong ties to the government, too big to fail, massive influence over the world. It's like the cancer of capitalism and the way it operates together with the US government is very similar to whatever we call China's model of state. No doubt they influence state decisions in very undemocratic ways. This has nothing to do with Freedom, and it's worrying that such different government models arrive at such similar modes of action. They foster centralized, undemocratic power that infringes on individual rights such a the right to privacy... Is it just he way humanity is destined to be ruled? By constant waves of power concentration followed by revolution?
|
|
|
|
What did they use instead? Ovh, Scaleway?Never trusted Bezos and the Amazon offerings are too expensive anyway.
|
|
|
|
Everything was done on premises with a colo to house some servers. We ran kubernetes and had some really smart ops engineers do our platform for us. I was always of the opinion that those super smart engineers (much better than I was) were wasted on reinventing the wheel when we could have used an IaaS and they could have helped us on improving the product
|
|
|
|
Amazon got too creepy for me five years ago. I have avoided doing business with them ever since.
|
|
|
|
what happened five years ago?
|
|
|
|
It got too creepy for him.
(sorry, couldn't resist)
|
|
|
|
|
|
This is such a ridiculously primitive view of the world it beggars belief. By taking this view you are significantly reducing your security posture, no improving it.There is an AWS Region in Germany. Your data will stay in Germany unless you specifically decide to move it elsewhere. AWS also provide you with the tools to encrypt everything and if done correctly means that Amazon no matter how "evil" they are cannot decrypt the data. Not only that, there is such a huge separation in access and rigour around governance that there is no way anyone within Amazon can simply login and see your data even if unencrypted. Every single case of data being leaked from AWS is because the people working for the company that manage the data literally checked a box to make the contents public. Contrast this to "on-prem" where physical security can get compromised or the vendors of the physical hardware/software leave gaping holes or maintenance backdoors that get exploited. Honestly these types of views are no more grounded in reality that flat earth conspiracy type views.
|
|
|
|
Your fancy view of the world is not as fancy as you think and your aggressive, disrespectful rhetoric is doing you a disservice.The measures you've enumerated (EU zones, encryption, etc) are mitigations for working with a potentially compromised vendor and should be done anyway. Not using the vendor is such a blindingly obvious countermeasure that one has to be either unprofessional or have a hidden interest to dismiss out of hand.
|
|
|
|
> there is such a huge separation in access and rigour around governance that there is no way anyone within Amazon can simply login and see your data even if unencrypted.I personally choose not to believe a company which puts on its board of directors a well-known perjurer [1]. [1] https://www.theguardian.com/commentisfree/2013/sep/25/nsa-re...
|
|
|
|
Don't forget the mass surveillance of his old job. Even if he didn't lie, you might want to think of hiring him for your cloud services.
|
|
|
|
Which companies do you believe?
|
|
|
|
We were talking about Amazon here, that discussion probably merits another thread. But yes, I do believe more in companies that don’t bring in ex-government crooks on their board of directors.
|
|
|
|
>Your data will stay in Germany unless you specifically decide to move it elsewhere.Prove it
|
|
|
|
Also, what happens if you find a leak? Or that it has been moved somewhere else?They say "We are sorry", give you some free credit, and that's it ?
|
|
|
|
No, that won't happen."Sorry not sorry" and no credit.
|
|
|
|
How do you prove that a german company does not have secret data sharing agreements? Think cryptoAG.
|
|
|
|
I think its much more likely that an American company with a former NSA head as a board member is much more likely to have an agreement like that, personally.
|
|
|
|
|
|
The arrangements brought to light through amongst others the Snowdon files did involve extremely few people at huge companies. We are talking a literal hand full, not '25.000'. Are you really suggesting there are no three letter acronym operators embedded into the large US tech companies? Modern US systemic tech industrial espionage was brought to light as far back as Echelon. so deriding people who are cautious about it as 'flat earthers' seems disingenuous.
|
|
|
|
> You think that 25,000+ employees that work at AWS have somehow been silenced into some grand conspiracy?You seem to suggest that every single employee that works at AWS is aware of everything that goes on with the company. Isn't just possible that despite of what we know about the architecture, this might not be the whole truth and concerns about involuntary inter region transfers might just be warranted?
|
|
|
|
Your innocence is quite charming, specially in a post-snowden world
|
|
|
|
My bigger worry would be continued data access. So even if the data is in Germany, access to it is still controlled by an US entity, which can be forced by the US government to shut off access. Given that the current administration seems to enact embargos on a whim, this doesn't seem too unlikely.
|
|
|
|
In my limited experience, Germans are more sensitive to personal privacy than other Europeans, even the rest of the world. To non-Germans they might seem paranoid. Maybe we can all learn from their historical mistake.The problem I see with the DIY-attitude is that security is easy to get wrong and is moving target. The other opinion here is "keep it in the country". If someone really wants your data, the locale won't save you. And yet, if there is a breach, I could see an foreign company like AWS trying to hush it, where a German company would make a bigger fuss (diplomatic issue).
|
|
|
|
Hmm, mumble mumble mirrored switch port in the exchange mumble mumble mumble...
|
|
|
|
