Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23

SCM

395 posts

Ultimate Geek
+1 received by user: 35


  Reply # 748551 21-Jan-2013 23:14 Send private message

Wow its slow strugling to upload any file.... My backups's taking too long to upload not worth useing at this stage.
Ranging between 5 and 8kbps and I have 1.9mbit upstream unused.... :(

One of the IP's I'm sending data too.........





thanks for making the previous page unreadable!

2509 posts

Uber Geek
+1 received by user: 245

Trusted
Subscriber

  Reply # 748552 21-Jan-2013 23:15 Send private message

freitasm: And no password change fields? 

Hmmmm. 



Makes sense - if the password is used as part of the key for decrypting the files, then changing the password would invalidate all your uploaded files.

Nebbie: Wow its slow strugling to upload any file.... My backups's taking too long to upload not worth useing at this stage.
Ranging between 5 and 8kbps and I have 1.9mbit upstream unused.... :(

One of the IP's I'm sending data too...
bevin@ceres:~$ traceroute 154.53.225.106 


You sure about that IP?  WHOIS shows it as being assigned to a US company, which completely flies in the face of Kim's statement that no part of MEGA would be hosted within the US...

674 posts

Ultimate Geek
+1 received by user: 27

Trusted

  Reply # 748569 22-Jan-2013 06:16 Send private message

You missed my earlier post then:)
GEO IP has them all in the US pretty much (from max mind)




meat popsicle

BDFL
49938 posts

Uber Geek
+1 received by user: 4624

Administrator
Trusted
Geekzone
Subscriber

  Reply # 748585 22-Jan-2013 07:22 Send private message

Kyanar:
freitasm: And no password change fields? 

Hmmmm. 



Makes sense - if the password is used as part of the key for decrypting the files, then changing the password would invalidate all your uploaded files.


Correct, and that's the reason I'm pointing it out. Security is not that much in my view. Anyone with your password can get access to your files now.

It would be a lot more secure if a private/public encryption was used, providing you with a private certificate to be used with your password. In this case you could change the password at any time and still have access to the files.






2620 posts

Uber Geek
+1 received by user: 57

Trusted
Subscriber

  Reply # 748602 22-Jan-2013 08:37 Send private message

gzt: In account settings upload speed is set to 'automatic' by default. There is a greyed out 'fixed' option which is set at 50KBs by default. That could be the source of the confusion here.


Yes. I took that at face value.....adding "automatic" to the un-alterable 50KB/sec. If it really is 50KB/sec then that's still about 512kbps...which is about half of the upstream speed on a classic ADSL connection anyway. So not too shabby. 

But if automatic just means whatever the system can bear / spare...then that's a bit better. Do we know this? 




____________________________________________________
If you're not curious, your brain is already dying...if not dead.



1 post

Wannabe Geek


  Reply # 748609 22-Jan-2013 08:54 Send private message

freitasm:
Kyanar:
freitasm: And no password change fields? 

Hmmmm. 



Makes sense - if the password is used as part of the key for decrypting the files, then changing the password would invalidate all your uploaded files.


Correct, and that's the reason I'm pointing it out. Security is not that much in my view. Anyone with your password can get access to your files now.

It would be a lot more secure if a private/public encryption was used, providing you with a private certificate to be used with your password. In this case you could change the password at any time and still have access to the files.




I think they went for usability (portability from desktop to desktop without you needing to take any secrets with you, besides your password) over security.  As you point out, the only security in the system is the password, which the system doesn't seem to allow to be changed.

Right now, even if you do keep your password secret, a "hashed" version of the password is apparently shared with Mega.  The documentation seems to state this, and this would jive with how they're likely doing enduser authentication day-to-day: your system hashes the password that you enter, sends it to Mega, and they compare it to the hash that they have on file.

The problem that I see is, it seems like Mega could easily obtain your password (in a few seconds CPU time, probably) using a brute-force attack against the password hash.  At which point they can decrypt your master key and all of your data.  Or if they're raided, or if they're ordered to turn over copies of the raw encrypted data, etc...

BDFL
49938 posts

Uber Geek
+1 received by user: 4624

Administrator
Trusted
Geekzone
Subscriber

  Reply # 748612 22-Jan-2013 09:01 Send private message

Hence my previous suggestion that using your password as part of the encryption algorithm, while they keep both the password and encryption key is dumb.

If they were serious about security and about not looking at files they should have created a private/public pair, you would be the only one with the private key in your own computer.

In classical mode it would means all encryption would be made with the public key before uploading and decryption would be only possible with the private key that only the user has.

So things I still think aren't up to scrutiny:

- encryption
- password management
- overall system performance
- content traffic speeds

Every single blog around the planet say how great it is they have one million users. No one comments on uploading problems - basically "look a new service we can milk page views in our blog posts from" but not one of them came back with "we tested it and here are our findings".




gzt

4606 posts

Uber Geek
+1 received by user: 245

Subscriber

  Reply # 748618 22-Jan-2013 09:18 Send private message

I listened to Paul Spain's NZ Tech podcast of the Mega pre-launch press conference. Dotcom does 95% of the talking. Some very general technical details are provided. It covers more than the launch. There is some interesting discussion about movie studios current licensing model around 23:00. The discussion covers a lot of ground everywhere including nz customs giving a_lot of attention to travelers intending to visit him.

Dotcom still plans to go ahead with the advertising client and says there are big misunderstandings about this. He is talking about replacing only a few ads from major sites or major publishers. I didn't quite get it. Possibly just google search ads. This is interesting strategy. Particularly if google ads are the only ones replaced. He mentions a figure around replacing 10% of advertising a user will see. He gives a kind of justification for this based on moral grounds that google is benefiting from users searching for 'illegal' content and this replacement will redirect revenue directly to artists.

http://content.blubrry.com/nztechpodcast/nztechpodcast108.mp3

BDFL
49938 posts

Uber Geek
+1 received by user: 4624

Administrator
Trusted
Geekzone
Subscriber

  Reply # 748619 22-Jan-2013 09:20 Send private message

gzt: Dotcom still plans to go ahead with the advertising client and says there are big misunderstandings about this. He is talking about replacing only a few ads from major sites or major publishers. I didn't quite get it. Possibly just google search ads. This is interesting strategy. Particularly if google ads are the only ones replaced. He mentions a figure around replacing 10% of advertising a user will see. He gives a kind of justification for this based on moral grounds that google is benefiting from users searching for 'illegal' content and this replacement will redirect revenue directly to artists.


What kind of "moral grounds" does he have to justify replacing the ads showing on my web pages with his own, depriving myself and my family of my income?

He's not sticking it to the big man only, he's crippling the revenue people make for a living, you know?







Voice Engineer @ Orcon
1927 posts

Uber Geek
+1 received by user: 435

Trusted
Orcon
Subscriber

  Reply # 748620 22-Jan-2013 09:20 Send private message

freitasm: Hence my previous suggestion that using your password as part of the encryption algorithm, while they keep both the password and encryption key is dumb.

If they were serious about security and about not looking at files they should have created a private/public pair, you would be the only one with the private key in your own computer.

In classical mode it would means all encryption would be made with the public key before uploading and decryption would be only possible with the private key that only the user has.

So things I still think aren't up to scrutiny:

- encryption
- password management
- overall system performance
- content traffic speeds

Every single blog around the planet say how great it is they have one million users. No one comments on uploading problems - basically "look a new service we can milk page views in our blog posts from" but not one of them came back with "we tested it and here are our findings".


Yep, the Reg did.  http://www.theregister.co.uk/2013/01/20/mega_launch_fail/

2509 posts

Uber Geek
+1 received by user: 245

Trusted
Subscriber

  Reply # 748621 22-Jan-2013 09:26 Send private message

gzt: Dotcom still plans to go ahead with the advertising client and says there are big misunderstandings about this. He is talking about replacing only a few ads from major sites or major publishers. I didn't quite get it. Possibly just google search ads. This is interesting strategy. Particularly if google ads are the only ones replaced. He mentions a figure around replacing 10% of advertising a user will see. He gives a kind of justification for this based on moral grounds that google is benefiting from users searching for 'illegal' content and this replacement will redirect revenue directly to artists.


Unless he intends to ensure that people like myself and Mauricio who run sites which just happen to use those "major publishers" get our share of this revenue, then what he intends to do is immoral and criminal.  Where does he get the right to profit off other people's work?

Oh, wait.  That's the MEGA business model.

gzt

4606 posts

Uber Geek
+1 received by user: 245

Subscriber

  Reply # 748622 22-Jan-2013 09:26 Send private message

freitasm:
gzt: Dotcom still plans to go ahead with the advertising client and says there are big misunderstandings about this. He is talking about replacing only a few ads from major sites or major publishers. I didn't quite get it. Possibly just google search ads. This is interesting strategy. Particularly if google ads are the only ones replaced. He mentions a figure around replacing 10% of advertising a user will see. He gives a kind of justification for this based on moral grounds that google is benefiting from users searching for 'illegal' content and this replacement will redirect revenue directly to artists.

What kind of "moral grounds" does he have to justify replacing the ads showing on my web pages with his own, depriving myself and my family of my income?

He's not sticking it to the big man only, he's crippling the revenue people make for a living, you know?

That's the thing. He appears to be talking only about replacing ads only on one or two major sites/pages like google itself so that is not actually an issue. Your criticism is still very valid of course if you were making a living from paid search advertising on the google search result pages themselves.

365 posts

Ultimate Geek
+1 received by user: 41


  Reply # 748623 22-Jan-2013 09:28 Send private message

@freitasm Initially I thought the way they were doing the encryption was dumb as well, private keys should always be stored on the client. But if you think about it this has to be user friendly as well as "secure". No amount of customer service can recover a private key if a user deletes their key or moves computer (or computer is stolen etc).

By storing the private key encrypted with the password they get around this problem. It also means that when the user changes computers the private key follows them. I'm not sure how they get around the problem of reseting forgotten passwords though.




273 posts

Ultimate Geek


  Reply # 748624 22-Jan-2013 09:29 Send private message

Was just able to register an account - fine. But unable to upload a 1MB picture. Remaining time seems stuck at: "Infinity".




"The Atlantis base, brings greetings from the pegasus galaxy, you may cut power to the gate!."- Dr Weir (Rising) New Zealand · TechRemedy

Choice!
711 posts

Ultimate Geek
+1 received by user: 24

Trusted
Subscriber

  Reply # 748625 22-Jan-2013 09:29 Send private message

freitasm: What kind of "moral grounds" does he have to justify replacing the ads showing on my web pages with his own, depriving myself and my family of my income?

He's not sticking it to the big man only, he's crippling the revenue people make for a living, you know?


From what I've read he won't be replacing any ads on any websites - only search pages from the major players (Google, Yahoo, etc), and possibly only search pages that contain links to piracy sites. So you can make up your own mind about "moral grounds" but at least he won't be taking anything from sites like Geekzone that rely on the advertising revenue. I can't remember where I read this - I think it was either on Ars or Wired.

1 | ... | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Speed limit when overtaking? Teach me please.
Created by nakedmolerat, last reply by Hobchild on 26-Oct-2014 00:11 (92 replies)
Pages... 5 6 7


House Auctions
Created by t0ny, last reply by Elpie on 26-Oct-2014 00:54 (45 replies)
Pages... 2 3


VDSL, which router/modem sub $200?
Created by TeaLeaf, last reply by NonprayingMantis on 25-Oct-2014 19:48 (28 replies)
Pages... 2


Neon - Sky's new streaming service
Created by JarrodM, last reply by JimmyH on 25-Oct-2014 17:37 (29 replies)
Pages... 2


iPad Air 2 and iPad Mini 3. Gonna get one?
Created by Dingbatt, last reply by tungsten on 25-Oct-2014 20:22 (115 replies)
Pages... 6 7 8


5Ghz AP recommendations?
Created by ubergeeknz, last reply by sbiddle on 24-Oct-2014 12:42 (12 replies)

Snap have failed our company!
Created by dafman, last reply by kornflake on 23-Oct-2014 17:41 (37 replies)
Pages... 2 3


Thief taunts 12 year old via stolen laptop
Created by macuser, last reply by charsleysa on 22-Oct-2014 23:49 (12 replies)


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.