
Smuggling USB Sticks - edent
http://shkspr.mobi/blog/2012/11/smuggling-usb-sticks/
======
gbog
Another bucket of fuel to my pool of reasons to think the "Cloud" is
misguided.

Last time in a Pycon conference in Beijing, 5/4 speeches were about new cloud
offers (it was advertising actually). This makes no sense.

People should not do their stuff in free apps running on devices they don't
really own, and these apps should not store that stuff in a cloud vaguely
rented by the app maker.

Instead, people should use open tools, running on devices they own, storing
things on some storage they own and control.

On my bed, I can use my tablet to browse pics I have taken with my phone,
while listening to music I have ripped on my desktop long time ago. It seems
necessary to be able to do so, but it is not necessary to hand over all your
stuff to Apple or Google or Dropbox to do so. (And all your things should be
right there even if you ISP is down.)

The obvious solution I used is a "local cloud" (just a samba server on a
little Raspberry Pi actually). But on Android strangely only very few media
players on devices acknowledge this need and let my slide pics, listen to
music or watch video from the LAN. (I have no idea on iOS, I suppose it is
even worse, do they have VLC on iOS?)

edit: clarify

~~~
rb2k_
Should people also have their own power plants, wells, car factories and
farms?

There are certain advantages when you "oursource" your basic infrastructure.
As long as inter-device connections are still problematic (NAT, STUN, ...) and
as long as harddrives die, I really enjoy being able to trade money for free
time rather than setting up a redundant off-site backup system.

~~~
endgame
The electricity company doesn't try to tell me what devices I can plug into my
power points. The water company doesn't call me a thief for pouring a glass of
water for my friend. The car factory doesn't weld closed the bonnet of its
vehicles and the farmer doesn't whine about lost profits because I dare to
have a herb garden in my back yard.

~~~
jamesmcn
They actually do - by the volt - amp offerings for residential consumers.
Also, a big dream of the utilities is to be able to reach in and "hint" to
your appliances when they should sleep. Power companies really don't want many
people to buy electric cars because the grid has far too little capacity to
handle charging them.

Give them time, and they will.

~~~
bigiain
To stretch the cloud/powercompany analogy (perhaps too far)…

The power company only provides a "standard" volt and amp rated supply, and
just like cloud computing, there are various standards to choose from[1].
You're probably thinking "120V 60Hz AC with type-b plugs", whereas for me the
default assumption is "220V 50Hz AC with type-1 plugs". Fortunately, half my
electronics doesn't actually care what voltage/frequency/current is available
thanks to modern power supplies (I've seen my iMac happily keep running during
a brown-out where the wall sockets were measuring just 90V AC, while all the
routers/modems/harddrives with less capable power supplies were flickering and
rebooting continuously.) Other devices I own I can use a transformer to change
my 220V down to 120V, though still at 50Hz. If I needed to (and I never have)
I could use a US targeted UPS or inverter to provide 120V AC @ 60Hz.

The "cloud" market is kinda the same. Cloud storage, for example, expects 8
bit bytes delivered over tcp (or perhaps udp). In general, "everything just
deals with that", pretty much every modern-ish 8/16/32/64 bit device,
regardless of native endianness, will happily emit and receive the same 8 bit
bytes that S3 stores (converting on the fly, much like a switchmode power
supply does for voltages). If you're an edge-case customer, perhaps wanting to
use Amazon S3 to store data for your 12bit wide "bytes" from your PDP8, you
just convert them on the way in and out. And much like the end result of
electricity consumption is pretty much all the same, electricity is mostly
just converted into heat - but with side effects varying from cooling your
beer to blasting pixels onto your screen at 100fps to making your coffee
machine hot; ultimately cloud storage is all just ordered bytes more-or-less
reliably stored and retrieved - whether that's plain text passwords, or
massively de-duped mp3s in Dropbox or Amazon/Apples cloud music storage, or
cryptographically secure blobs which no-one can tell whether they contain your
bank records or your secret research project data or child porn - it's all
just bytes. There's no "vendor lockin" at the "it's just a bunch of ordered
bytes" level. You might need to "change the plugs" if you want to switch you
cloud storage from S3 to BigTable to Dropbox to Tahoe/LAFS, just like I need
to switch cables or use a plug adaptor for US delivered electrical equipment.
It's the same with cloud compute resources - sure EC2 and Linode and CloudNine
and AppEngine have different interfaces, but you can view that as all just the
plumbing on the way into the "remote universal turing mschine" which, much
like the topologists who can't tell the difference between their coffee mug
and their donut, in spite of their interface and language differences all the
programmable remote computing offerings are identical - if you can compute
anything on one of them, you can - in theory- compute it on any of them.

[1] <http://en.wikipedia.org/wiki/Mains_electricity_by_country>

------
objclxt
I used to work in a Middle Eastern country that fairly aggressively filtered
the net and where _officially_ most DVDs, games, and books were banned.

Of course, _unofficially_ you just had to pop down to the souks where you
could get anything (pornography included) burnt to DVD. I used my time there
as an excuse to digitise my DVD collection, since they certainly weren't going
to let me get away with bringing them into the country, whereas a USD hard-
drive went pretty much un-noticed.

It seems to me that whilst there are a few countries which enforce a
totalitarian approach to censorship (like North Korea), others really just do
it for 'appearances', because to not do so would be culturally unacceptable.
Certainly pretty much _everyone_ I met was circumventing censorship (both in
net and print).

~~~
EliRivers
This is by design; when you set up a situation where everyone is a criminal,
any time you decide you want to haul someone in or stick someone in jail,
you'll have no trouble finding something they're guilty of.

~~~
seanmcdirmid
Everyone is guilty of something is pretty much how China works, they even have
contradicting laws on the book to ensure this.

A related interesting effect with respect to corruption: any official is
corrupt, and can be brought down at anytime because of that. Squeaky clean
officials are not trusted because the "nuclear option" won't work on them, so
they aren't promoted, leading to a downward spiral in quality.

A reasonable fair legal system is very important, I feel like we take it for
granted in the west that things could be much worse.

~~~
chimeracoder
> Everyone is guilty of something is pretty much how China works, they even
> have contradicting laws on the book to ensure this.

The US isn't too different from this, especially if you include all the
contractual agreements that a typical person enters into.

~~~
seanmcdirmid
Contracts are covered under civil law, not criminal.

~~~
chimeracoder
I'm aware, but my point is that if your landlord or employer wants to make
your life difficult, there's a good chance you're violating those contracts in
some minor-but-enforceable way already.

~~~
seanmcdirmid
No no no. They can put things in the contract, but just because you sign it
doesn't mean the clauses are enforceable, many of them are
illegal/unenforceable. If it comes to judge (which it almost never does for
consumers), you have lots of rights and the judge is fair/unbiased and not in
the pocket of your adversary. Disclaimer IANAL.

In China, if someone wants you out of your apartment, they can have you out
almost overnight. Can you imagine how stressful a midnight move is?

------
tomerv
Also known as "Sneakernet" (<http://en.wikipedia.org/wiki/Sneakernet>)

~~~
bigiain
And the old "never underestimate the bandwidth of a station wagon full of
backup tapes"

(and the modern version of that calculation, a station wagon fill of microsd
cards, is calculated at 500gig per second here:
<http://www.dansdata.com/gz105.htm> )

------
bitwize
When I saw _Johnny Mnemonic_ again recently, I thought to myself that he could
probably get more done -- at less personal risk -- by swallowing condoms full
of micro-SD cards.

~~~
electromagnetic
Agreed, but I believe the original purpose is that if he's killed the data is
rendered useless. For organized crime, killing you to get micro-SD cards out
of your gut is probably preferable to waiting for you to pass them.

I think there's only one real reference to this in the movie. It's supposed to
be a super-secure way to transfer data. However, personally if the data was
that important I'd just say "you come to me", because honestly if I got the
cash I wouldn't care if you got shot 5 feet outside my building.

~~~
chimeracoder
> For organized crime, killing you to get micro-SD cards out of your gut is
> probably preferable to waiting for you to pass them.

Not if they're encrypted well enough and the data is somewhat time-sensitive!

....have we just found the solution to this XKCD? <http://xkcd.com/538/>

~~~
electromagnetic
Pertaining to the XKCD you just have to hope they don't get wise and go with
vivisection.

However, the sender would likely phone/email/deliver the password on
notification of arrival, which IIRC was what was supposed to happen in Johnny
Mnemonic, but the Yakuza attacked and Johnny gets a portion of the password,
which incidentally ties in with frame 2 of that comic.

I guess the lesson here is that a $5 wrench and a $50 mix of acid/shrooms/K
applied to the right person would beat any cyrpto known to man.

~~~
ctdonath
Aka "rubber hose cryptanalysis".

------
zokier
32 gigabytes for 20 "high definition" movies? That's 1.6GB per movie. Seems
awfully low, compared to eg Blu-Ray. Afaik movies on blurays are in the 20GB
range, ie. an order of magnitude larger than the presented 1.6GB. Even movies
downscaled to 720p are usually sized to fit a DVD5, 4.3 GB, still much larger
than 1.6GB.

Point being that movie files are still quite huge.

Also, transferring 32GB over fairly modest 10Mbps line takes roughly 7 hours,
far less time than what it'd take via post service.

~~~
icebraining
Due to the asymmetric nature of most end-user lines, 10Mbps of upload
bandwidth seem far from modest. Around here you'd need a 100mbps (download)
line, which is available but pricey, and as far as I know they're not even
available in most of the world.

If you're talking about countries where this censorship is common, even a 10/1
line is probably not affordable by anyone except an elite.

~~~
edent
Very true. I'm on "Superfast" broadband in the UK. That means 16Mbps down,
1.3Mbps up. The only way to get 10Mbps up is to be on fibre-to-the-premises.
And even then only if you live in one of the blessed areas.

~~~
elemeno
ADSL supports up to 24Mbps down in the UK - assuming that you're (very) close
to the exchange. I could theoretically get that with my old ISP, were I not
1.6km from the exchange.

Cable supports up to 100Mbs down (at least I'm pretty sure that Virgin has
started to roll that out, if not then 50Mbs), though contention might be an
issue at peak times.

I've got BT Infinity, which is fibre to the cabinet rather than all the way to
the home. Since the distance to the cabinet is likely to be pretty minimal you
can get pretty high bandwidth over the last length of telephone wire. For
reference, I get 76Mbs down and 20+Mbs up - more than fast enough for plently
of thing to feel instant, such as downloading movies which now takes in the
order of minutes.

~~~
miahi
Cable supports even more. I'm on a 150Mbps cable modem now and it's nice. Too
bad the upload is limited to 6Mbps.

------
scrrr
The article the author points to on Cuba is very good. I have been to Cuba and
I find it quite accurate. Indeed, the news also spread via USB stick. If you
ever go to Cuba why not bring some data. Be it music, video or pages of the
Spanish Wikipedia..

~~~
chimeracoder
> If you ever go to Cuba why not bring some data. Be it music, video or pages
> of the Spanish Wikipedia..

I'd certainly hope that they already have a copy of that, given that an
_entire_ dump is <32 GB[1], depending on how much meta-info (edit history,
etc.) you want to include.

From there, all you have to do is smuggle in the diffs every now and then,
which should be minuscule.

[1]<http://dumps.wikimedia.org/eswiki/20110911/>

------
stcredzero
How about an update of Fidonet where people just have to take laptops into
internet cafés, such that laptops pass such data to each other with no
intervention from users? This wouldn't replace the USB Sticks, rather it would
supplement the distribution. (For WPA protected networks, there may have to be
some mediation to establish the first connection.)

------
chiph
You can hide the micro-SD cards inside some of the coins sold by spy-coins.com
(they're also sold by ThinkGeek). Only downside I've noticed is that when you
drop one of the coins onto a hard surface it doesn't sound right - the "ring"
it makes is different. But if you have it in with a handful of legit coins, it
passes without notice. Just don't spend it by accident. ;)

------
ianlevesque
> I don't know what will happen to the Internet. SOPA, DEA, and HADOPI all
> conspire to break the way we share knowledge - under the benign guise of
> copyright protection. And yet all it takes is a dozen USB sticks, a few
> memory cards, and very little effort to break their embargo.

For the technically savvy, yes. But by enacting these changes, governments and
other interests can dramatically alter the mainstream discourse and culture
negatively. Having a difficult technical means for a few to work around the
damage won't prevent the overall harm.

------
eknkc
I'm currently uploading my iPhoto backup to Amazon S3. It will take 2 more
days. Would be glad to have an option to mail the files in a card or something
like that.

~~~
objclxt
You can - <http://aws.amazon.com/importexport/>

Well, not a SD card, but you can mail Amazon a HD and they'll transfer it over
for you. It may not suit your particular use case, but people do use it.

~~~
eknkc
Yes I've seen that but I belive it's more suitable for high volume data, say,
tens of terabytes or more. As the prices are high for something like my
personal backup.

------
DanBC
It'd be great to think that things like Usenet, FIDOnet or similar are still
being used with people sneakernetting USBsticks around.

------
keithpeter
<http://deaddrops.com/>

Internet without cables? Dead drops started as an art experiment...

------
dahlia1
I smell something rotten. Hide a microSD in a cake? If security and customs
missed a cake going thru you think they would manage finding it stuck in your
shoe?

~~~
philip1209
You could tape a micro-SD card to the bottom of your foot, under your sock,
and the TSA would never find it. Just opt for the pat-down, and they have
never checked the bottom of my feet before.

------
greenyoda
Smuggled USB sticks are the 21st Century version of samizdat.[1]

[1] <https://en.wikipedia.org/wiki/Samizdat>

------
Aissen
As usual, relevant xkcd: <http://xkcd.com/691/>

------
jmmcd
Bad title! The only smuggling is of an SD card. The USB sticks in Cuba are
"passed around", not smuggled.

(Everyone's being pedantic about the numbers, so I felt entitled to be
pedantic about something else.)

------
dexter313
It takes about 2,89 days on a 1 Mbit connection to download 32 GBytes.

~~~
4ad
It's about upload, not download. Download in Iran is usually restricted to
128kbps, upload probably is significantly less.

Also, you completely missed the point of the article.

~~~
pyre
Getting information _into_ Iran is probably just as important as getting
information out though. While the specific example would be about upload speed
from Iran, the over-arching issue is about upload _and_ download speed.

