amazons3
Latest
Intruders 'borrowed' Tesla's public cloud for cryptocurrency mining (updated)
Tesla isn't immune to the plague of cryptocurrency mining hijacks, it seems. Security researchers at RedLock have reported that intruders gained access to Tesla's Kubernetes console (where it deploys and manages containerized apps) without needing a password, exposing the EV brand's login credentials for Amazon Web Services. From there, the attackers both abused Tesla's cloud resources for cryptojacking and accessed private data held in Amazon's S3 service. The culprits were creative, too.
FedEx left sensitive customer data exposed on unsecured server
It seems like there's no end to the data breach stories. Uber covered their problem up, then had to answer to Congress. Equifax's initial response to its massive data exposure added its own security issue. Federal employees were even found stealing data from Homeland Security. Now FedEx customer records — including passports, drivers licenses and other security IDs — have been exposed, according to security researchers at Kromtech.
Thousands of Amazon S3 data stores left unsecured due to misconfiguration
Will Vandevanter, of Help Net Security, made a rather disturbing discovery: thousands of Amazon S3 data "buckets" were improperly configured and left exposed to prying eyes. Vandevanter started his probe by generating URLs using the names of major companies and sites that use Amazon's cloud storage service. In the end he uncovered 12,328 of the so-called buckets -- 1,951 of which were visible to the public. Those folders were home to some 126 billion files that contain everything from personal data hosted by a social networking service, sales records, video game source code and even unencrypted backups of databases. By default, S3 accounts are set to private, which means these stores of potentially sensitive data had to be flipped to public manually -- most likely by accident. Amazon has responded to the discovery by alerting users who might have inadvertently made their files publicly accessible. If you've got an S3 account of your own, now would be an excellent time to double check your own settings. And if you're looking for more details of Vandevanter's research, hit up the source link.
Google Compute Engine brings Linux virtual machines 'at Google scale'
As anticipated, Google has just launched its cloud service for businesses at Google I/O 2012, called Google Compute Engine. Starting today Urs Holzle announced "anyone with large-scale computing needs" can access the infrastructure and efficiency of Google's datacenters. The company is promising both performance and stability -- Amazon EC2 they're coming for you -- claiming "this is how infrastructure as a service is supposed to work". It's also promising "50 percent more computes per dollar" than competitors. Beta testers will be on hand at later meetings to give impressions of the service, if you want to know how running your apps on 700,000 (and counting) cores feels. During the presentation we got a demo of a genome app and we're sure if we understood what was going on, it would have been impressive. Hit the source links below for more details on "computing without limits" or to sign up for a test yourself. Update: Looking for more info? Check out the hour long video from Google I/O dedicated to the technical details, embedded after the break. Check out our full coverage of Google I/O 2012's developer conference at our event hub!
Replacing iDisk with online storage of your own
With the June 30, 2012 death of Apple's MobileMe service looming just a little over two months away, some Mac users are still wondering what to do to replace one of the keystone pieces of the service -- iDisk. Macworld's Glenn Fleishman provided some tips today on how to replace iDisk with your own online storage using some common Mac apps that let you treat a remote FTP, SFTP, WebDAV, or Amazon S3 server like a Mac volume. The trick, says Fleishman, is to get file-sharing access via a hosting company or a storage system like Amazon S3, Google Storage, or Rackspace Cloud Files, and then use either Nolobe Software's Interarchy (US$30) or Panic's Transmit ($34) to create a Mac-mountable volume. Of the two Mac apps, Fleishman notes that Transmit works most like the default mode of iDisk. It provides a glimpse into the remote server's file structure, but doesn't download or sync files locally. As such, if you need to open a large remote file to edit it on the Mac, you must first wait for the file to be downloaded. After an edit is made, saving the file requires the file to be uploaded back to the source. That can definitely take some time. Interarchy's Net Disk feature is more like iDisk with synchronization enabled, allowing a Net Disk to synchronize changes to your computer, from your computer to the server, or in both directions. This ends up working more like Dropbox, where files are stored locally instantaneously, but then synchronize with the server behind the scenes. Fleishman includes instructions on how to create a mountable disk using either Transmit or Interarchy. Just remember to get your iDisk replacement into place prior to June 30th!
OpenPhoto is an open, cloud-based photo storage alternative for iPhone
If you're furious with Flickr and peeved at Picasa, there's a new kid in town -- OpenPhoto. OpenPhoto is an open source photo sharing service along the lines of those other services, but the images are stored on Dropbox, Amazon S3, or any other cloud-storage service. It's meant to give photograph owners more control over their online photo storage, and you can even install the code on your own server is you wish. OpenPhoto was initially funded by a Kickstarter project, and the development team has reached a new milestone with the release of an iPhone app (free). The app is a bit underwhelming at the moment, but remember that this is 1.0 version. Some other bloggers have tried to compare the app to Instagram, but point out that there's no social aspect to the app or service yet. At this time, OpenPhoto is good for one thing, and that's for storing your images in the cloud. The app provides a way to upload and view your images, and there are screens for entering titles and tags to each photo. There are even some editing tools in the app from Aviary, and images can also have filters applied. If you want to do sharing with others, simply turn on the Facebook or Twitter upload capability when you're getting ready to upload an image. One major complaint about the app has been about the use of Browser.ID for login, which means that the app jumps to mobile Safari to complete the login before moving bak to the app. It's a bit confusing at first, to put it lightly. If you happen to have a lot of photos on your Mac (or PC) it's easy to drag and drop them onto the OpenPhoto page for uploading. For Dropbox users, the uploaded files may take some initial digging to find. I was expecting to find a new folder called "OpenPhoto", and eventually did -- after I found that it was in another folder called "Apps". Developer and founder Jaisen Mathai, a former Yahoo! employee, talked with Robert Scoble about the project in a long interview that can be viewed below. [via The Verge]
Dear Aunt TUAW: Help me upload my stuff to Amazon Cloud
Dear Auntie TUAW, Amazon gave me a free 10 GB in their cloud to upload my music. It won't all fit since I have about 15 GB of music, so I was wondering if there was a way to upload just certain playlists without have to go to each folder and upload all the songs separately. Perhaps an automator action? Thanks and kissies, Patrick
ForkLift 2, slick file management, fast file transfers
ForkLift 2 was officially released this week. This is the second generation of the FTP client-cum-Finder replacement, and it brings with it a veritable shipping palette full of new features. When it comes to file transfer, ForkLift 2 has just about all the bases covered: FTP, SFTP, WebDAV, Amazon S3, iDisk, SMB, AFP and NIS, with impressive speeds and FXP copy capabilities. You can connect directly, as you would in a standard FTP browser, or you can mount the disk in the same fashion that the latest version of Transmit does. This allows for access to remote files from any application, remote editing and some additional file management tools. ForkLift can save "Droplets," similar to other FTP clients, which give you a drop target for uploading to a specific server and folder. You can also set up a sync between any two folders, remote or local, and save the set as a "Synclet," a small app that will run the sync automatically. The interface is slick, with a few features that make this a killer app for me. It maintains the original ForkLift's two-pane, tabbed interface, and it adds a Favorites panel, better progress meters and extensive keyboard navigation. My favorite new feature is the Stack, similar to what Path Finder has, where you can temporarily collect files on which to perform mass actions. You can turn any file selection into a stack, and you can have multiple stacks going at any time. Another feature I love is Workspaces, which lets you define pairs of folders to open at the same time. It sounds simple, but if you do a lot of filing from one folder to other subfolders, it's a very nice time-saver. The tool set is pretty impressive, too. From being able to create both aliases and real symlinks to splitting and combining large files, it brings in a ton of functionality that Finder has always been missing. It even has a Trash App command for removing an application and its data, à la AppZapper. Selecting files is a breeze with the advanced search, filter and selection tools. ForkLift even has a multi-rename feature for performing mass filename changes. I won't try to detail every one of the new features -- it's an extensive list. I will say that I think ForkLift 2 brings to life a truly integrated file management environment that combines the best features of leading FTP apps and file managers. A single-user license is US$29.95, and ForkLift 1 users can upgrade for US$19.95. There's a family license available as well, which covers all the Macs in your household, for US$49.95. You can find out more, and download a free trial, at the BinaryNights website.
TUAW first look and giveaway: Courier simplifies Mac media sharing
Sharing your files, photos, movies, and images with others through online services can sometimes be a hassle for Mac users. For some of us, it's possible to get all of the various interconnections between services set up in such a way that one tweet sends a photo to Facebook, Flickr, and a variety of other services. But for a surprising number of Mac users, it just isn't that easy. Realmac Software is in the business of making things easy. They're the folks who make website design easy with RapidWeaver, and they've just come out with a tool to make media sharing as easy as putting a stamp on an envelope. Courier (US$19.95 introductory price) is designed so that anyone, even your Mom, can easily upload photos, movies, and the like to a pile of services. A download of Courier is available for a limited trial, and you can make an in-app purchase of the app if you like it. We're going to be giving away five copies of Courier to TUAW readers, so read up on how the app works and then enter the giveaway. Check out the gallery below for a few screenshots, and then read on for a look at this Mac application. %Gallery-101620%
Cyberduck adds cloud file management improvements
My FTP app of choice, Cyberduck, has updated to version 3.6, and as you can see on the changelog, it's a nice, chunky update. The developers have added in support for Google Storage, made things easier for Amazon S3 users, and added a lot of little features and bugfixes that make the whole experience easier and more compatible with other apps and platforms. I still like Cyberduck as an app -- a lot of Mac users praise the heck out of Transmit, and it's also a very nice app, but I like supporting open source (and don't mind the free downloads, either). And Cyberduck is still growing -- they just recently announced that a Windows version is coming soon, so if you need to do some FTP'ing on Microsoft's platform, but want a Mac-quality app to do it with, Cyberduck could be the one. That version is in beta now, and should be out for release soon. Cyberduck, as open source software, is a free download, with the option to make a donation to the hardworking developers over here.
Snow Leopard Services in practice: Amazon S3 uploader
I stumbled upon a great example of the Snow Leopard Services that I've been drooling over. The S3 Upload Service by August Lilleaas is available as a workflow which can be opened in Automator, so you can examine its inner workings. It uses AppleScript and Ruby, easily passed back and forth thanks to Automator's building-block-style workflow. It lets you upload a publicly-accessible file to an S3 bucket, and copies the URL into your clipboard upon successful upload. The workflow requires that you at least have RubyGems installed, and have an Amazon S3 account set up, but it will handle the rest. It asks for your S3 credentials with an AppleScript popup, which has the unfortunate side effect of not being able to be forced to the front very easily and tends to get lost behind other windows. There are workarounds to that, but no way to keep it on top once it's up. It looks possible to build custom nibs for your services, so I might play around with making a general-purpose utility panel popup to fill the void in my own projects. In the process of rolling my own Services in Snow Leopard, I've definitely found some limitations, but I'm having fun working around them. This one is a great example of passing results -- returned from different languages -- and processing them, all within Automator. It's not super-polished -- your mileage may vary -- but a big thanks to August for putting it out there for the rest of us to play with!
Let's do the Time Warp again! Offsite Time Machine backups
Apple did the world a great service when they introduced Time Machine backups to OS X. Suddenly, anyone could attach an external disk drive to their Mac and have a constant set of backups at their fingertips with little or no intervention required. However, there was one very big, hairy fly floating in the soup of backup contentment -- if your backup drive was destroyed or stolen, your backup was gone. Many of us who are paranoid about backups started doing a second level of backups to offsite services such as Mozy, Carbonite, or my personal favorite, BackBlaze. There's a new kid on the block with a different approach to offsite backup -- Time Warp. This US$25 Mac application (free during the beta period) takes your Time Machine backups, compresses and encrypts them with 256-bit AES encryption, and then uploads them to your personal Amazon S3 (Simple Storage Service) account. How does the cost of storage on Amazon S3 compare with the other services? The current costs are $0.15 per GB per month for storage, $0.10 per GB to backup data into S3, and $0.17 per GB to restore data from S3. The Jumping Bean Software team says that backup up 20 GB of personal data would cost about $1.50 per month, which is in line with costs for the other services. Time Warp does intelligent filtering to keep "dumb files" like cache, trash, and temporary files from being uploaded and costing you money.If you take a glance at the sample screenshot at the top of this post, you'll notice that Time Warp does its best to give you a handle on your storage costs, so there's no guesswork involved. Leopard users who have been on the fence about whether or not to invest in an offsite backup solution might want to take advantage of the Time Warp beta.
First Look: Twin 1.0 for Mac OS X
Time Machine made it easy for Leopard owners to back up their Macs on local external hard drives, and lately we've seen a number of online backup services such as Carbonite, BackBlaze, and MozyPro debut for the Mac platform. These online services are great (I personally use BackBlaze), but there's a monthly cost associated with them. What if you already have access to a large volume of server space?App4Mac has just announced Twin 1.0 for Mac OS X (US$39.67, €29.00), an online backup solution that works with all sorts of servers: FTP (all varieties), WebDAV, Amazon S3, and even MobileMe. Unlike many of the other online solutions, Twin claims that it retains all the Mac OS X file metadata, ACLs, and privileges, and your data is kept safe with AES-256 "Jack Bauer quality" encryption. In addition to the online backups, you can use Twin for backing up your files to local drives and have the backups begin when the external drive it plugged in.I'm impressed with the powerful scheduling capabilities of Twin, which include a way to use logical operators to determine exactly when backups should proceed or not. Having an offsite backup is that extra bit of security that every Mac user should have. Check out the gallery below for some screenshots of the app in action. You can also download a free, limited-capability trial of Twin if you're interested in kicking the tires. %Gallery-63477%
ExpanDrive 2.0 expands to Amazon S3
I had to do some extensive testing before I got too excited, but after a conversation with the developers I'm pleased to announce that ExpanDrive 2.0 is out. We've mentioned it before, but to recap: ExpanDrive allows you to mount remote servers as drives directly accessible in Finder. With a completely rewritten (again) SFTP layer, the existing FTP support and new Amazon S3 (Simple Storage Solution) support, it's even more useful than the last time we mentioned it. One of the developers, Jeff Mancuso, mentioned to me back at the last WWDC that the S3 support was in the works; it's great to see it come to fruition. In my testing, I found that a previously-existing S3 option, JungleDisk, can cause conflicts with ExpanDrive's S3 support. JungleDisk users should note that there are some issues, but they seem to clear up if you create vanilla buckets in your account and use those with ExpanDrive. I personally found that I was willing to give up JungleDisk entirely at this point, preferring this direct-mount with all of the perks, including a contextual menu in Finder for quickly setting public read/write permissions. I can attest to the fact that it's faster, and that the S3 support is working (wonderfully, without JungleDisk). ExpanDrive 2.0 is a $39.95 purchase (well worth it if you deal with remote UNIX systems or S3), and a $19.95 upgrade for existing users. There's a free trial available.
Old-school FTP gets souped up: Interarchy 9
Interarchy 9, Nolobe's FTP application, is out Friday 1/11 with over 100 new features. We've covered Interarchy in the past, in part because of its old-school cred, but this release has some new-school polish. In addition to the existing support for the usual protocols and Amazon S3 transfers, version 9 adds a new protocol built on SSH that offers security, speed and flexibility beyond the limitations of SFTP. The protocol is perl-based and should work with any server running perl v4 or later. I'm also happy to see the addition of a Finder-style path bar which accepts dropped files on any part of the path. Some other highlights from the extensive release notes include: Major upgrades to tab functionality A multi-function sidebar for easy access to, well, everything "Copy Public URL" "Preview in Safari" support added Path Finder support Sparkle updates Interarchy 9 will retail at $59, but is available at a $39 introductory price until March 1st. Even with the discount, it still comes in higher than most of its commercial competitors. There is a fully functioning demo you can use to test it against your current solution and see if the hype stacks up to the price. Of course, if Interarchy is your current solution, upgrades are $29 and free for anyone who purchased Interarchy on or after February 1st, 2007.
Panic releases Transmit 3.6
Panic has dropped Transmit 3.6, the latest version of the FTP app that we freakin' love here at TUAW. Included in the new version is all the great old stuff (droplets, and the "edit anything anywhere" ability), and the new features of Amazon S3 support and a "Copy URL web preview" (in which you can right click any file to automatically get a URL for it). There's also a whole host of bugfixes and improvements.Transmit, as always, is available from Panic's website free with a 15 day trial, and $29.95 to purchase.[ Thanks, Jonathan M! ]
Zonbu's subscription-based PC reviewed
PC Mag has gotten its hands on the semi-infamous Zonbu desktop -- a Linux based, environmentally friendly, ultra-small, ultra-cheap PC which is being launched this month -- and they've issued the first field report. The system, which we mentioned back in May, is based around a Via chipset and has no internal storage save for 512MB of RAM and a 4GB flash drive used for the OS. The $99 computer is meant to be used in conjunction with a $12.95-a-month service, much like a mobile phone (with a two year commitment and all), and provides 25GB of storage space on Amazon's S3 servers. The reviewer seems impressed with the speed and stability of the computer, OS, and included apps, but underwhelmed with the online storage process (slow, small), and lack of an included optical drive. The critique also covers a "community" version of the Zonbu ($250), which axes the subscription and adds root access to the computer -- which PC Mag seems to feel is a more sellable option for the new company -- although overall they recommend the system to anyone with basic computing requirements. Of course, you could just get an Apple TV for around that price and hack it, but that might not be up your alley, so check the read link for the whole, exciting breakdown.[Thanks, Corine]
