Open, Honest and Exploitable?

The blog JXTA Yields an Application for P2P Backups is worth a read, because it has a great deal of good information in it. I applaud the 'declaration of interests', which is always good to know when you are reading something in a public context. And I agree with the comments on Swing, done right it is as good as any other.

LeanOnMe is a good idea, and by being a commercial product makes the 'size' problem less of an issue. The 'size' problem is that when you create a backup, your backup sets are generally larger than the original (the exact size depends on the compression to number of versions ratio). So your backup media needs to be at least the same size as what you are backup up.

I differentiate between backups that allow a user to get the file back that they accidentally deleted on Friday (when they got back from the pub); and backups that permit timely recovery from virus attack, disk failure or "your office is toast". LeanOnMe is potentially a good piece of a larger backup scheme, where local and remote backups play different roles. I like the idea of being able to upload my entire HD when upgrading my PC. See my other blog for another idea about remote backup.

There is a danger when being this open though. By naming the technologies involved and describing the process Daniel has provided hackers with one piece of the puzzle required to write a successful exploit. The security consultants mantra "the hacker knows your system" is true now for LeanOnMe, and although "security through obscurity" is a myth (even the Amiga has worms), keeping your security system quiet is still a good idea to prevent you becoming the Google "I feel lucky" choice. 312 should keep a very close eye on security advisories for the technology used. A virus infested backup is almost useless.

No comments: