Website made in Sheffield

[the_bloke 17]

Security;

 

I clicked on your link above (http://chillingsafe.com/a24f422dc0b77110)

 

Viewed the source of the image (http://chillingsafe.com/show_image.php?idt=007644cabbf9eafa94d1ebedf788f707&f=806) and taking that URL as a cue, opened a totally different file (http://chillingsafe.com/19296877ab7c1ca3) by changing 806 to 804

 

Assuming the idt=xxx is an access token it's also possible to mangle the token and still open the file.

 

Other schoolboy URL mangling opens pages that are blank, and others saying the file has been removed and others open other image files, such as band posters and others with branding on them.

 

I'm not sure if you have these files as intentionally public or not?

[JDanielM 10]

I'd personally want to see the site using SSL before I upload any files. Is this in the pipeline?

 

More than possible, the prices are quite reasonable.

 

You need to consider what makes it useable.

 

No SSH or secure upload will hurt. People are not going to put stuff in the cloud unless it's encrypted or secure in transit.

 

Price. Free is good but it makes me think that you have no buisness plan for large growth. What if I suddenly upload my entire datastore? I can put 100G a day onto that from home, without really trying. What if you go bust? How do I get my data then? Are you going to be cheaper than Amazon Glacier? A cent a gig a month is a tough order to beat...

 

Made in Sheffield. That'll sell yes and people will go for that there are always people who support the local guy. There are perhaps a million potential users in Sheffield and the nearby area. The world IT market is perhaps 2 billion people. The "made in Sheffield" USP is therefore relevant to 0.0005% of your potential market (you are in the same market as your competitors - like it or not I'm afraid).

 

You need to find some other way to stick out, other than free space (Dropbox beats you) cheap space (Amazon Glacier) and locality - you will on locality but it really hurts your market and Sheffield is probably not a large enough market to make it viable as a business. As a hobby that pays it's way in terms of hardware you are possibly onto a winner. Best of luck.

 

Though there is no SSL the files are encrypted when uploaded and the files themselves on the server looks a little like 600 lines of this: <?xpacket end="w"?>��C��C������ and therefor would not be accessible if there were a security breach.

 

As of now the hosting is not too expensive, but I do pay for a backup server just to add an extra level of security. As for going bust, I would purchase a cheap hosting server at around £40 for a year, re-upload the website, link to the backup server and allow for users to sign in to retrieve their files for a year.

 

Because it is free and you have no dropbox style infrastructure - People will be reluctant to use it for mission critical stuff. You could walk away at any time.

 

You NEED a paid option

 

Hi, there is a paid option /pro_membership.php just right now it is not activated as I am trying to grow the website's user base. It gives for additional features as displayed on the bottom of the homepage.

[Guest]

As of now the hosting is not too expensive, but I do pay for a backup server just to add an extra level of security. As for going bust, I would purchase a cheap hosting server at around £40 for a year, re-upload the website, link to the backup server and allow for users to sign in to retrieve their files for a year.

 

Hosting may not be expensive but you need a very fat pipe for people to upload/download as and when they want. You need a **** load of storage which also isn't cheap.

 

You have investigated the infrastructure you need for a site like this haven't you? It isn't a case of hosting a website. I assume you've got plans written down etc.

[Obelix 11]

More than possible, the prices are quite reasonable.

 

 

 

Though there is no SSL the files are encrypted when uploaded and the files themselves on the server looks a little like 600 lines of this: <?xpacket end="w"?>��C��C������ and therefor would not be accessible if there were a security breach.

 

As of now the hosting is not too expensive, but I do pay for a backup server just to add an extra level of security. As for going bust, I would purchase a cheap hosting server at around £40 for a year, re-upload the website, link to the backup server and allow for users to sign in to retrieve their files for a year.

 

 

 

Hi, there is a paid option /pro_membership.php just right now it is not activated as I am trying to grow the website's user base. It gives for additional features as displayed on the bottom of the homepage.

 

OK putting my investigators hat on..

 

What encryption algorithm are you using? Hash functions. Are you salting the files and what salt length. How do you set keys and how are keys seperated from the servers if they are comprimised? What's the underlying OS?

 

If you ran out of space you'd get a hosting server? That statement scares me. It sounds like you are not a real big player. Why are you not hosting it yourself? I could easily fill a typical hosting server for you in about 10 days dumping backups up to the cloud (about 1TB a week is generated) How will you deal with that?

 

What in fact is any better than someone getting a copy of Owncloud and doing it themselves if you are just using a hosted server. I can go get a cheap hosted server from Hetzer for example for very little money - although still costing much more than Amazon Glacier...

 

What's the storage backend? How are you managing disc growth? Response time - are you nearlining stuff off to shingled discs? What tapes are you backing up to? Where are they offsited? Recovery time? What's the encryption on the tapes?

 

Bandwidth to the servers? (you are running more than one right?) have you redundant links, from different carriers? How are you dealing with DDoS attacks? Whats' your total upload capacity? How many gb/sec are we talking about?

 

You really need to think it though and have good solid answers to all these questions and many before it moves from a niche hobby idea to being anything feasible.

Edited August 5, 2014 by Obelix

[Paul2412 10]

You need to consider what makes it useable.

 

No SSH or secure upload will hurt. People are not going to put stuff in the cloud unless it's encrypted or secure in transit.

 

Price. Free is good but it makes me think that you have no buisness plan for large growth. What if I suddenly upload my entire datastore? I can put 100G a day onto that from home, without really trying. What if you go bust? How do I get my data then? Are you going to be cheaper than Amazon Glacier? A cent a gig a month is a tough order to beat...

 

Made in Sheffield. That'll sell yes and people will go for that there are always people who support the local guy. There are perhaps a million potential users in Sheffield and the nearby area. The world IT market is perhaps 2 billion people. The "made in Sheffield" USP is therefore relevant to 0.0005% of your potential market (you are in the same market as your competitors - like it or not I'm afraid).

 

You need to find some other way to stick out, other than free space (Dropbox beats you) cheap space (Amazon Glacier) and locality - you will on locality but it really hurts your market and Sheffield is probably not a large enough market to make it viable as a business. As a hobby that pays it's way in terms of hardware you are possibly onto a winner. Best of luck.

 

Comparing this site with Glacier is like comparing apples to oranges unless the download turnaround time is several hours after the request has been made.

 

A better comparison would be Amazon S3, but still S3 is very cheap for geo redundant data.

[Cyclone 10]

It's much more like the wide range of real time file hosting solutions, dropbox (already mentioned) googledrive, skydrive (or whatever microsoft are calling it now) and a whole host of smaller players doing similar things.

 

They all offer some free space, none of them offer unlimited space, because as Obelix points out, that WILL be very expensive.

[Techtomic 10]

Doesn't stack up to me. There don't appear to be any terms and conditions, how will you handle the sharing of illegal content which this will no doubt attract with no registration requirement? Ideal for sharing naughty files eh.

 

Though I suspect it's a shared hosting account being used promising unlimited storage (plenty of other sites on the IP, cPanel/WHM based...) & ResellerClub based domain name registration. Not sure how files might be encrypted in such a way that a hacker couldn't find the algorithm/key by looking at the PHP that is used to download them for (anonymous) users.

 

Also there's a spelling mistake on the front page, "simultanious"

[Cyclone 10]

Public/Private key encryption, with the home user keeping the private bit and all communication being secured by SSL first.

[andyofborg 11]

Made in Sheffield. That'll sell yes and people will go for that there are always people who support the local guy. There are perhaps a million potential users in Sheffield and the nearby area. The world IT market is perhaps 2 billion people. The "made in Sheffield" USP is therefore relevant to 0.0005% of your potential market (you are in the same market as your competitors - like it or not I'm afraid).

 

If the intention is to challenge the likes of Amazon, Google, Dropbox and those of that ilk then you have a point but if the op has slightly less ambition and desires only to capture the local market then the "Made in Sheffield" tag is a very good selling point.

 

If we want to build a strong IT technical base in this country then small businesses like these are where we have to start. I've no idea where the OP's servers physically are, but there are advantages to having the actual physical boxes close to you since you always have the option of turning up at their door with an external drive and getting your data back. Something you cant do with the big players since they and you have no idea where your data actually is!

[dosxuk 10]

"Made in Sheffield" doesn't mean the site is physically located in Sheffield though. If it's running on a shared hosting account, for all we know the actual storage could be located just outside Washington DC.

[ShefStealth 10]

If the intention is to challenge the likes of Amazon, Google, Dropbox and those of that ilk then you have a point but if the op has slightly less ambition and desires only to capture the local market then the "Made in Sheffield" tag is a very good selling point.

Yes, the tag "Made in Sheffield" is a very good selling point, and it's why you have to register yourself with the relevant bodies in order to be able to use it. www.madeinsheffield.org. Use of 'Made in Sheffield' has been patented and trademarked in order to protect the brand worldwide. As an aside, your argument about keeping it local goes against the ethos of the whole 'Made in Sheffield' argument, which looks to promote Sheffield quality on the international stage.

 

 

If we want to build a strong IT technical base in this country then small businesses like these are where we have to start. I've no idea where the OP's servers physically are, but there are advantages to having the actual physical boxes close to you since you always have the option of turning up at their door with an external drive and getting your data back. Something you cant do with the big players since they and you have no idea where your data actually is!

 

Good luck trying your luck just walking up to a secure data centre with an external hard drive and an invoice that says you were a customer of a random company and that you want your data back. Telecity Group (page on security) are a good example for securty, as most ISPs use their point-of-presence in the London Docklands areas for peering and transit termination points. If your idea of security is that you're physically able to easily get your data back then in that instance you'll be very much disappointed. For your own peace of mind in your own scenario you'd be better to just encrypt an external hard drive and put it in a safety deposit box in the bank, but do this a couple of times at different locations in order to ensure that there's redundancy in case one of the banks loses your data.

[andyofborg 11]

Yes, the tag "Made in Sheffield" is a very good selling point, and it's why you have to register yourself with the relevant bodies in order to be able to use it. www.madeinsheffield.org. Use of 'Made in Sheffield' has been patented and trademarked in order to protect the brand worldwide. As an aside, your argument about keeping it local goes against the ethos of the whole 'Made in Sheffield' argument, which looks to promote Sheffield quality on the international stage.

 

 

Perhaps but in this market the international stage is made up of the likes of Google, Amazon and Microsoft and while it would be very nice for a small Sheffield company to take them on and beat them realistically it's not going to happen. I don't see why a quality local company which takes pride in its offering and provides a fast, prompt, high quality service and support function can't use the branding. Even if they can't or choose not too then basing your marketing strategy around being a local company for local people could be a winner. At least with any telephone interaction the people at both ends of the connection will likely have the same accent or at least be able to communicate effectively.

 

Clearly, you don't turn away people from outside the region and you offer them the best service and support you can, but you keep your primary focus on local people.

 

 

Good luck trying your luck just walking up to a secure data centre with an external hard drive and an invoice that says you were a customer of a random company and that you want your data back.

 

My posting style may have been a bit flippant but my general point that, in principle, it would be possible to physically get to your data following appropriate identity verification was correct and, for some, could be a decider for using the service. However, it requires the servers to be physically in or near the city and not another country.