Tag Archives: Amazon

Autodesk founder outraged by Amazon snatch of cloudy purchases

3 Replies

Autodesk co-founder John Walker (it’s not his fault, he relinquished control of the company many years ago) recently posted this on Twitter:

In a move reminiscent of the infamous removal of Orwell’s 1984 from Kindle devices (which Amazon promised a court it would never repeat), John’s Audible.com (owned by Amazon) audio books, purchased in 2009-2010, simply went away.

John’s reaction was to post a video of harmless inanimate objects being blown away by a powerful firearm, so I think it’s safe to say he was not overly pleased about this turn of events. Can’t say I blame him.

This is a variant of the old joke on those cheesy pre-show anti-piracy ads that have annoyed owners of legitimately purchased videos for many years:

“You wouldn’t steal a car.”
– I would if I could download it.

Amazon’s version goes:

“You wouldn’t steal a book.”
– I would if I could delete it from my server.

OK, Amazon is obviously doing evil here, but what can John do about it? Maybe nothing. As pointed out in a series of responses to John’s post, Amazon considers itself fully entitled to do this. Amazon also allows itself permission to change the rules as and when it sees fit.

Does this sound familiar? It should. “What’s yours isn’t really yours, even if you paid for it. It can go away when we feel like it. We can change the rules when we feel like it. No guarantees. Just keep paying and hope for the best.”

This is why we don’t CAD in the cloud. Or subscription CAD, for that matter. Owning stuff is still important.

Trusting Autodesk – poll results

3 Replies

I have closed the polls asking if you trusted various companies to do the right thing by their customers. Here is a summary of the results, showing the percentage of “Yes” votes for each company. The most trusted company is at the top, the least trusted is at the bottom.

  1. Honda 69%
  2. Amazon 65%
  3. Target 52%
  4. Bricsys 43%
  5. Apple 36%
  6. Autodesk 23%

Remember, this is not a scientific poll and as with all polls and surveys there will be some self-selection bias. Does anyone find anything about the above results surprising?

Cloud concerns – security again

4 Replies

It’s probably worth pointing out that if you you have no problem emailing your designs around the place without some form of protection or encryption, there’s little point in getting all worked up about Cloud security. Email isn’t remotely secure. FTP isn’t exactly watertight, either. If you’re still interested in Cloud security issues, this post includes some relevant links you might like to peruse.

First, here’s what Autodesk’s Scott Sheppard had to say about Project Photofly (now 123D Catch Beta) security last month: Project Photofly FAQ: What about the security of my data? This covers some of the same kind of stuff I’ve already discussed, but from an Autodesk point of view (albeit a pretty transparent and honest one, as you might expect from Scott). Here are some selected quotes:

In essence, we don’t want to accept liability when we don’t take money…

We intend to have a reasonably secure service, better than email, but less secure than a bank account.

We store your files on Amazon’s S3 service, and they maintain their own physical and data security policy that is considered robust.

Next, here are the 123D Terms of service, which raise many of the same alarm bells I mentioned before. Selected quotes:

We reserve the right to change all or any part of these Terms, or to change the Site, including by eliminating or discontinuing the Site (or any feature thereof) or any product, service, Content or other materials, and to charge and/or change any fees, prices, costs or charges on or for using the Site (or any feature thereof).

By uploading, posting, publishing, transmitting, displaying, distributing or otherwise making available Shared Content to us and/or any Users of or through the Site you automatically grant to us and our sub-licensees…the worldwide, perpetual, royalty-free, fully paid-up, irrevocable, non-exclusive, sublicensable (through multiple tiers) right and license to have access to, store, display, reproduce, use, disclose, transmit, view, reproduce, modify, adapt, translate, publish, broadcast, perform and display (whether publicly or otherwise), distribute, re-distribute and exploit your Shared Content (in whole or in part) for any reason and/or purpose (whether commercial or non-commercial) by any and all means in any and all media, forms, formats, platforms and technologies now known or hereafter devised, invented, developed or improved.

Please note that with respect to Non-public Content, we will not authorize your Non-public Content to be made available to others on a public section of the Site, although we cannot guarantee complete security (e.g., of cloud servers).

Moving on to another Cloud security-related issue, something that Owen Wengerd raised on Twitter was the idea that:

…once data is on the cloud, it can never be deleted.

Deelip Menezes thought this whole idea somewhat loopy:

Actually I’m implying that it is ridiculous to even start thinking along those lines. 😉

However, I see Owen’s point. Once your data is on someone else’s server, you have no control over it. You have no idea where it lives, how often it is backed up, what happens to those backups, and so on. Let’s say you place some highly sensitive design data on the Cloud. It might be commercially sensitive, or about something that represents a possible terrorist target, or just something you don’t want certain parties to know about, ever. A week later, you delete the design data. Now, is it really gone? Any responsible Cloud infrastructure vendor must regularly take multiple backups and store them securely. So you now have multiple copies of your “deleted” data floating around, who knows where? What happens to old servers when they die? Where do backup hard drives, tapes, etc. go? If backups are stored off-site, how are your files going to be permanently removed from the media?

While there may be policies, procedures and ISO standards in place, we’re dealing with humans here. If one backup copy of your data ended up in a country where a rogue employee decided to better feed his family by selling off old hard drives, your nuclear power plant plans could end up not safely deleted at all, but instead delivered into the hands of some people you’d really prefer not to have it.

This may sound like paranoid nonsense, but risk from non-deleted data is real. There was a local case where a company was illegally siphoned of funds and went bust. The company’s old internal email servers were supposedly wiped and sold off. Somebody bought them, undeleted the data and was able to pass on incriminating emails to the police. While that ended up being a good thing in terms of natural justice and it’s not even a Cloud issue, it illustrates that making sure your stuff is properly deleted can be very important. This is related to something that Ralph Grabowski mentioned on Twitter; the “right to be forgotten”. Here is a Google search that includes various links that touch on some of the struggles related to this issue.

Finally, here’s something related to the possibility of the data being accessed illegally while it’s up. You put it up there, somebody copies it, you delete it, it’s not really gone and you are none the wiser. Is that something that only tin foil hat wearers need worry about? Have a read of this article before answering that one: Cloud Services Credentials Easily Stolen Via Google Code Search. Selected quotes:

The access codes and secret keys of thousands of public cloud services users can be easily found with a simple Google code search, a team of security researchers says.

Now the team is offering one word of advice to companies that are considering storing critical information on the public cloud: Don’t.

…an attacker who knows Google and some simple facts about cloud services authentication can easily find the access codes, passwords, and secret keys needed to unlock data stored in public cloud services environments such as Amazon’s EC3.

We found literally thousands of keys stored this way, any one of which could be used to take control of computers in the cloud, shut them down, or used to launch attacks on other computers on the same service.

Here’s a PDF of the presentation, if you’re interested.

Cloud concerns – downtime

4 Replies

One concern with any SaaS (Software as a Service) product is the potential for downtime. Is this really an issue? After all, big Cloud vendors have multiple server farms as part of their huge infrastructure investment. This provides redundancy to keep things going even in the event of a major local disaster or two. Cloud vendors have a lot of experience handling things such as power outages, hackers, denial-of-service attacks and the like. Amazon, the vendor currently used by Autodesk, promises an annual uptime of 99.95%.  That’s got to be good enough, surely?

Maybe not. The Amazon cloud service has had some noticeable failures, in some cases affecting customers for several days. Amazon may promise a certain average uptime figure, but it provides only credits if it fails to meet its targets. Amazon has been known to be slippery about using fine print to avoid paying those credits, which in any case would go to Autodesk. Joe Drafter, who relies on a Cloud application to do his work and who suffers a significant loss of income and business reputation from a 4-day outage, probably shouldn’t hold his breath while waiting for a big fat compensation check to turn up.

But is a Cloud solution really going to be less reliable than what you have now? Nothing’s 100% reliable, including a standalone PC, so what’s the problem? The problem is that with the Cloud, the potential for downtime is in addition to that you currently experience. Here’s a non-exhaustive list of the sort of things that could stop you producing a design using traditional software:

  • Power failure at your office
  • Your hardware fails
  • Your operating system fails
  • Your CAD software has problems bad enough to prevent you working

Here’s an equivalent similarly non-exhaustive list for a SaaS CAD application:

  • Power failure at your office
  • Your hardware fails
  • Your operating system fails
  • Your browser or thin client software fails
  • Your modem fails
  • Your Internet service provider has an outage
  • Internet connectivity infrastructure failure
  • Cloud vendor infrastructure disaster
  • Cloud-based CAD software is down for maintenance
  • Cloud-based CAD software has problems bad enough to prevent you working

Each of these items may represent a relatively small risk, but the additional potential for disaster adds up and is real.

There’s another aspect to this issue that makes it significant, and that’s the psychological one. People hate feeling powerless when faced with a problem. If your hard drive crashes, even if you don’t have IT people to look after it, you can hop in your car, buy another drive and start working towards getting your problem fixed. If Amazon has a Cloud outage, there’s absolutely nothing you can do about it but wait for an unknown amount of time. Even if you were Amazon’s direct customer and not a sub-customer through Autodesk, you could expect to have a very frustrating time even trying to find out what’s going on. I’ve been in that situation when my old web hosting company went through a massive and protracted meltdown, and it’s horrible.

What do you think? If everything else about the Cloud was great, would worries about downtime prevent you from considering a SaaS-only solution? Is it non-negotiable for you to be able to keep working even when “the Internet is broken”?