Customer ServiceI am Shaun Murphy, cybersecurity expert for 20 years, right now solving the security flaws of cloud storage and content sharing with sndrBlock. AMA!
Jan 24th 2017 by shoonmcgregor • 30 Questions • 995 Points
Sia is a fully open source cloud storage platform that is user-focused and completely decentralized. Sia exists through a blockchain-based marketplace that allows users to discover and connect to storage providers to store their data. Instead of giving data to just a single provider, the data is split up, encrypted, and then redundantly stored across dozens of storage providers. This means that no individual storage provider has any amount of control over the data. From day 1, the user has the power. A blockchain also means that there is no central company controlling the prices, and no terms-of-service or unfriendly privacy policies. It's a revolutionary way to put your data in the cloud.Proof:
Upload your Files to Sia: https://medium.com/sia-tech/getting-started-with-private-decentralized-cloud-storage-c9565dc8c854
Get paid to be a Sia Host: https://blog.sia.tech/2016/05/26/how-to-run-a-host-on-sia/
Integrate Sia into your Applications: https://blog.sia.tech/2016/10/20/api-quickstart-guide/
Learn more about Sia: http://forum.sia.tech/topic/107/interesting-threads
If a packet hits a pocket on a socket on a port,
And the bus is interrupted as a very last resort,
And the address of the memory makes your floppy disk abort,
Then does socket packet pocket have an error to report?
[Edit: This poem is not mine. It originates from Usenet back in the 80s. For more, google: Dr. Seuss on computers]
On a more serious note, what are your thoughts about MIT's Riffle?
What was the hardest thing to get working on the first version of RealVNC?
Thank you for that, we'll have to incorporate that style into our whitepapers soon.
I like the idea of anonymous exchange of content and communication - some people really need that and something better/faster than Tor is always a plus.
I haven't seen any group take off with yet, perhaps there's an opportunity there.
programming the network interface is always the hardest thing to get absolutely right!
Then, like 3 weeks after we had committed to Sia, sure enough the word 'Sia' is trending and generating massive buzz because of her new music video. The one with an 11yo in a nude suit.
Sia the singer has of course done very well since then, and it's been annoying for us. But we chose to keep the name anyway, and we continue to be happy with it.
there are so many great stories. we've heard that satellites can't launch without it, and it's been used to monitor tracking equipment and cameras looking at polar bears in the arctic!
This is true however she was not really a searchable name until her Chandelier video, at least as far as I remember.
How exactly would YouTube be able to identify malicious behavior?
Privacy and security doesn't have to be just about being anonymous or invisible. The sheer number of apps, services and devices connected to the internet that have no security is staggering and the damage done after a major breach goes on for a lifetime.
I think the internet does have some fundamental flaws - the recent massive take down of major DNS servers from IoT devices was a rude reminder of that... but it's mostly the applications and services we use that have let us down. Sure, perhaps people share too much personal information online... the's not much you can do to stop that user behavior.
What you can do is protect the other huge percentage of users that want to share content with friends using public key cryptography technology we've known about for centuries (or more.) Web browsers should've had this several generations ago, social media should've had this from the very start, and every messaging/email system out there should have this built in as a default.
The common saying is "encryption is hard" - so was streaming video, tracking users across services and selling that data but that's working pretty well these days for the tech giants.
Depends on the corporation, and the specific deal, and also depends on what are lawyers say is safe for us to do.
If corporate clients are willing to pay in siacoin, it's very simple for them to use the network. They can hire us on support contracts if desired, or if they aren't having any trouble they can just use it themselves and not even notify us that they've begun using Sia.
If siacoins are not compatible with their internal policies, we will be able to work with them anyway to get them operating on the Sia network, though the specific process will probably vary by customer.
I'm sure you've had job opportunities with government agencies. Is there a specific reason you chose not to go that route? Cyber Security student here.
What's the best basic tip to troubleshoot your computer and other devices?
Btw, you guys talked about a surprise.. Care to share it?
I've worked both in both private industry and as contractor for certain agencies. The best part of private industry is you can talk about what you've worked on, sometimes!
No matter where you end up, you have an enormous responsibility to your user base and right now almost every industry is in need of new talent.
What’s the timeline (and technical roadmap, if you can share any of that without compromising state secrets) for recovering both coins AND files with one’s wallet seed?
Until then, Sia is simply remote data storage. (Albeit one with nifty bells/whistles.) Because users must still backup important data in some other way/shape/form, e.g. on a local hard drive, Dropbox, etc.
I started working on intelligent payphones back in the day. Towards their end of existence, payphones were actually computers inside the big metal case that held all of the logic for billing, alarms, etc. And there was a lot of consideration for the security of the payphone owner (phreaking) as well as the privacy of the phone users.
That led into my deep interest in the crypto wars in the 90s with PGP and such and so I studied computer engineering for my undergrad and graduate degrees.
The job is useful - there are how many users on the internet RIGHT NOW, how many of them are going to lose a job because of something posted, how many are going to have financial distress during the next big system breach? It's almost a never ending stream of opportunity to help real people and I love that.
Pay can quite good depending on the area you go in. I suspect with the happenings in the United States right now, you're going to see more demand for professionals in this area.
The next big thing is IoT. If you think that VNC is the universal interconnect between screens of all different kinds, and that IoT will have billions of embedded screens, there's probably something for us to do in that space... and our protocols and cloud connectivity can even be useful for devices that don't have screens to share real time data streams
Less than a year, though you aren't going to see it in the next 3 months. We've spec'd out everything that needs to be done to make it happen, but the implementation is expected to take a few weeks and we have a few other problems we need to solve first.
We understand that this is a significant issue though, and it's very much on the roadmap.
It's all open source, I don't believe anything is proprietary.
Kali is fantastic - I have a bootable usb stick on my keychain at all times
Sia's pricing for storage right now is very low relative to its competitors, but not many users are actually storing files on the network. Looking at SiaPulse there's 931 TB available but only 0.82% of that is in use. Without anyone to purchase storage, the hosts have no incentive to continue participating.
What do you think is limiting the number of storage buyers on the network and how do you plan to address it?
I think it's interesting the work that Samsung and Blackberry have done to secure Android. The Android landscape as a whole is very challenging, one phone might be really secure and the next one may have malware calling back home - wherever that might be.
In terms of evaluating Blackberry's claims, I have not. Samsung Knox has shown to be a very complement security complement to Android however.
What does the future of information technology and cybersecurity look like?
you're behind "hallo world" ? :O
What measures are in place to prevent corporate acquisition of privately uploaded data to personal storage 'clouds' ? My concerns are that privately uploaded memories will eventually become subscription access data or privately owned/sold by the physical datacontent holders (like, i upload a photo album from my wedding and later when im old they charge me to access seeing it) What stops this from happening? (I will NEVER put my data into the cloud)
Make sure the data they have is useless - encrypt everything and adopt tools and services that view you as a customer not a product.
I am not quite sure what you mean by health, however there are a lots of hosts on the network spread across approx 3 major geographical locations. There is far more supply than demand, which I think is not fantastic, though it means that prices are insanely low. At one point it was only like $0.25 cents to store what would cost a full $25 on Amazon.
We have not seen any security events nor do we have any reason to believe that there's something dangerous on the horizon. If you put files on the Sia network, you're almost certain to be able to re-download them.
I don't know if you're still asking question, but I was a cyber security major at a tiny community college. I feel so defeated, my professor wasn't the best and all but 3 dropped out until the very end. I stayed until the end of my computer classes, but I ended up failing.
I had to change majors, i feel so defeated. I'm looking into building computers, I like making websites, I love messing around with computers...
How do I bounce back from this? What can I do alternatively to become in the computer field?
How large do you see the Sia storage network getting in 2017 in terms of storage capacity?
I'm still here, I'll answers as long as questions come in.
I know some really good software developers that don't have a formal engineering or computer science degree. The one thing they did have was curiosity and the drive to learn new things without ever giving up.
See if you can find local internships with companies that do this type of work. Even if you're not sitting down and pen testing / coding / etc you'll make good contacts, hear the conversations they have, see the resources they use - this is the real training.
By all means, get a degree if you can but don't give up. We need thinkers and doers that aren't all cut from the same cookie cutter.
Well, I believe that the storage capacity of the network is already really high, well over 10,000 TB. Most of that capacity is simply not plugged in because the demand is not there - it'd be consuming electricity and headaches, and not providing any revenue.
A better question would be to ask where demand will be at the end of 2017, and I really don't know, but I'm hoping that we can push the growth of our network. At this point, we've crossed the biggest usability hurdles for most users.
I think my personal target would be 100,000 TB total in use on our network by the end of the year.
What do you think of distributed cloud storage and content delivery such as ipfs and swarm? Do you think these sorts of projects make file storage safer or less secure?
And what about security from the businesses that run the services we use?
Can I use it for porno? Legal porn tho.
Love it - we actually tried to use IPFS with the sndr ecosystem and we may very well at some point. It turned out that large file support was really problematic.
Security from the businesses? Don't trust them with data that is not encrypted.
It wouldn't be a very private cloud storage platform if we had some way to detect and ban porn.
In short, everything is encrypted and done from your own computer. You can think of us sort of like selling a hard drive. What you put on it is your business, and it's not even possible for us to snoop, let alone take action about it.
Is it a good idea to build my own general storage and email server at my house instead of using gmail?
What kind of speeds/bandwidth can we except? and will there be provisions to allow for different levels of speed.
For example if I want a cdn style storage for images, can I make sure my files are stored on fast connections with SSD drives?
I think it's great to experiment with these but email is somewhat of a mess - the big emails servers generally don't trust email servers you run at home. Having your own home storage is great though, just make sure you have a backup plan
On the release that's out today, you can expect speeds between 70 and 150mbps when uploading, and between 20 and 50mbps when downloading. Startup time is about a second I think.
In the future, upload speeds and download speeds will both be able to saturate any consumer connection, including gigabit connections. You will be able to easily select hosts that are faster or ping-time closer to you, with startup times being under 100ms.
SSD drives should not matter in this case, disk drives will be fast enough for any sort of content fetching and distribution. If you can find a measurable difference though, it would be simple enough to use that measurement when selecting hosts to figure out who is using drives that are fast enough for whatever application you have in mind.