"...one wonders why Swedish Bahnhof would take on the challenge of hosting a site that will probably be under permanent attack for the foreseeable future.
Unless it's for the PR value"
That's a good example of allowing one's imagination of possibilities to wander over very short distances. Is it that inconceivable that a company might be motivated by something other than the bottom line? Arvinjoar commented earlier on the principled character of the Bahnhof's founder: http://news.ycombinator.com/item?id=1959961
Most journalism today is driven by profits, not principles. Sites like this are practicing textbook yellow journalism, trying to grab eyeballs to save the sinking ship of newspapers. Principles and integrity are now so foreign an idea for them that it comes out in the writing.
Julian Assange and Wikileaks are muckrakers, and that makes a lot of people uncomfortable. Directly, the exposed governments and corporations. But indirectly, also the titans of "journalism" and news.
Journalism is meant to push society, and right now Julian Assange is doing exactly that. WikiLeaks is like a new kid on the block, turning over rocks and standing up to bullies.
In the reception area of that particular server hall, they have a small, wall-mounted box labeled "FRA collaboration point" (FRA being the Swedish equivalent of NSA, more or less). From that box, two cut cables are sticking out. :-)
As far as articles go, I'm not impressed with this one. Although I'd be willing to admit that my interest in all things Wikileaks is seriously waning.
That said, there was little to no information about the actual data center, other than a link to a Forbes article about the first time Wikileaks moved there. They even embedded the same video from that original article.
Throw in an offhand and speculative comment about Amazon bowing "to political pressure" and a few Flickr pictures and presto! I almost felt like I was reading another one of Shaun Gallagher's "I wrote this article with one mouse click" experiments.
Bahnhof is pretty amazing. They have great interior design too, almost like a movie set (although I haven't visited in person yet).
While for reasons of principle, hosting controversial content is great, and if it's legal in your jurisdiction, it is up to you if you want to do it, as a practical matter, a site getting >10Gbps DDoS while paying presumably close to nothing is going to potentially impair the usability of other sites in the datacenter. Even if you don't put profits above principle, you have a responsibility to your other customers to not fuck them over.
A pure colocation (vs. managed or hosting) facility in a legal to host jurisdiction, near or at a carrier hotel where you can cheaply buy bandwidth from a bunch of different providers (on their core networks), and with great filtering agreements in place with the upstreams, is probably the only way to go. The colocation facility is just renting you space and power, and it's a much more arms length relationship; you can rapidly turn up network connections from other providers within the facility, vs. your own building somewhere (where running fiber often requires digging up the streets).
Back in 2000 I did this with ~2Gbps of aggregate transit/peering to people inside London Telehouse, and 4xE1 + WiFi to the hosting location, with VPN over VSAT as a backup.
You want to be able to put "problem" customers on their own subnets, potentially on their own routers and even transit connections, to isolate them from the rest of your customers. Combined with the regulatory constraints, Stockholm and Amsterdam are probably the best places to do this right now (or SFBA if it's a customer who will not be a legal problem in the US).
Back in the late 1960s, and early 1970s, AT&T built a series of nuke resistant bunkers. The typical specs were concrete walls 36" thick, self contained turbine generators, water and air purification, plus rations to last up to 6 months. Some of those facilities are still around and operating (including one not far from me). I would expect that the switching gear of todays vintage takes up much less space and power than it did in 1971. Back then the interconnections were via long-distance coxial cable and microwave. Today there are fiber huts adjacent to the bunker.
I wonder what AT&T uses all that extra floor space for now.
I don't think you were referring to these, but there are actually a few windowless, fortified concrete skyscrapers in New York that were built as telephone switching centers. Here's one in Lower Manhattan that is 29 stories:
They were likewise designed to withstand nuclear fallout. Because telephone switching equipment has shrunken over the years they now rent out some of the floor space as a hosted ultrasecure datacenter.
> I don't think you were referring to these, but there are actually a few windowless, fortified concrete skyscrapers in New York that were built as telephone switching centers.
Actually no. The ones I'm referring to were (usually) built way out in rural areas, where they were away from the expected blast area of a hit on a major city. The one I'm aware of is built mostly underground, then backfilled so that it looks like a natural hill (a hill with a concrete top, and a big microwave tower).
> The floors are also unusually strong, designed to carry 200 to 300 pound per square foot (10 - 15 kPa) live loads.
This is pretty much the coolest thing I've seen all day. I'm not sure what kind of standards buildings are held up to in terms of load-per-foot-squared, but that seems like an awful lot to me. That building is incredible.
Most purpose built datacenters are >100 lb/sf. You only really need in excess of that for rooms full of batteries. Even generators, while individually heavy, usually have enough spare space around them that the overall loading in the room isn't approaching banks of batteries.
Most datacenters which are in excess of that were either originally built for telcos (crazy battery banks for the DC plant), or were industrial (e.g. the TANK FACTORY in SF which became 360 Spear/365 Main).
> You only really need in excess of that for rooms full of batteries.
Behold, racks of crossbar switches (from one such AT&T facility). I'm glad these things are pretty much a relic of the past. I suspect the weight of those racks was one reason for the floor load ratings.
http://long-lines.net/places-routes/MoundsOK/DSC00536A.html
I don't know about now, but my father spent Y2K in an AT&T bunker as "essential personnel." So my guess is they are probably still in use. Not necessarily because of the nuke resistant part so much as self contained with generators and on-site security measures.
Arguably some of the material on Wikileaks violates Amazon's acceptable use policy. For example, you can't use Amazon services to host things that are violations of privacy.
It's also possible that some of the materials violate copyright, and so hosting it would violate Amazon's AUP. Works authored by government employees within the scope of their employment will be public domain so most of the material is probably OK, but is all of it?
Finally, under the law on the books, I believe it is illegal to make much of the material available, and hosting illegal content violates the AUP. (And could get Amazon in trouble). It is possible that under the Supreme Court decision in the Pentagon Papers case that the First Amendment would override that.
I say "possible" because it doesn't seem at all certain to me. That case was largely, I seem to recall, about prior restraint, and it was kind of a fuzzy decision.
Amazon just wants to host stuff. If there is some serious question over whether it is legal or not, I don't think they want (or should be expected to want) to be the ones to deal with that fight--that's for whoever wants to actually publish the documents.
I'm curious if wikileaks picked Amazon knowing they'd be kicked off (either for political or technical reasons), just to increase their own media profile.
They get an easy pass. The idea of this ever going to Amazon in the first place just seems extraordinarily ill-conceived: There was no way it was going to stay up.
Wikileaks is pursuing a remarkably old-school method of releasing these, with the whole centralized distribution point.
They should release the entire set via P2P with collections symmetrically encrypted. They could then -- via the most rudimentary methods -- release individual keys at chosen intervals to still obtain the same throttled response. And one day when the feds are kicking in the doors, just drop the entire key collection.
I know we all assume that because something seems obvious that people must have though of it, but history has shown that it isn't the case. It could be simply that they haven't though of it.
Maybe send them a email?
As for the visibility of Wikileaks, I think that what matters is that journalists get the files. That's how most people hear of them. So it wouldn't really matter if they were released in a distributed P2P fashion, as long as the files are easy to find and recognize (f.ex. Wikileaks-01-01-2010-003.PGP or whatever).
It's far less visible to normal, ordinary people, who they need to reach. The success of WikiLeaks depends in part on being highly visible and accessible by anyone and everyone- ironically, much the same as terrorism. (Not that I believe they are a terrorist organization, but they definitely function kind of like one, at least superficially)
I imagine the day somebody figures out how to make a HTTP-compatible P2P network that allows you to browse web pages hosted on bittorrent will be the day WikiLeaks moves to P2P.
I think there is more to it than a desire to space the releases to get better PR.
They may want to verify the authenticity of the documents to avoid fake leaks. They may also want to edit some documents to remove data that would put individual persons at risk, like they did with Cablegate.
Doing this takes time, and may not be short-circuited easily.
They can't simply encrypt the files, release them using P2P, and then edit them / check them for authenticity. I guess it would be useful as an insurance, though.
Even better, they should encrypt with a method that is reasonably, large-scale crackable around the window of their planned release. That would bring a lot of attention to cryptography (and the vulnerability of the same) as every media organization rents out massive AWS GPU clusters to try to crack it. That would be pretty entertaining.
And if something happened to them...well it's going to be discovered anyways.
Well, no. Competently done crypto is uncrackable for all practical purposes without side-channel attacks. Or, maybe, quantum computers (RSA; but why would you use RSA for this?)
Are there any forms of encryption which take a predictable and precisely defined amount of computing power to decrypt?
e.g. Some asymmetric so that I could encrypt something easily but then require someone who wants to decrypt the message to perform 100 Trillion operations to decrypt it?
It's almost always probabilistic - someone guessing the right key the first time could break it very quickly.
It may be possible to reduce variance in cracking times by requiring multiple cracks (use a secret sharing scheme to break up the "real" key in chunks; encrypt each chunk in a crackable way.)
Well, yes, of course. Competently done. Competently done crypotgraphy is rare, and most common cryptography is not competently done. Which is exactly the point of my post.
Most crypto implementations are vulnerable, yes, but the percentage of vulnerable deployed crypto implementations as a fraction of all deployed implementations looks much better.
Note that I'm talking crypto: the OpenSSL people seem quite able to make all sorts of mistakes, but it's almost never the crypto itself that is at fault. (Today's news: a workaround for Netscape's stupidities apparently allows attackers to downgrade to a worse protocol suite in certain cases. Stupid bug, but not crypto per se.)
So yes, there are errors, but publishing something AES-encrypted and giving away, say, half the key doesn't tell us anything about those.
"Wikileaks is pursuing a remarkably old-school method of releasing these, with the whole centralized distribution point."
Please could you clarify what you mean. According to cablegate.wikileaks.org the distribution is being done via torrent (with an increasingly large number of seeds becoming available quickly).
Can anyone with more technical knowledge comment on this facility's connectivity to the internet, and how damage-resistant that is? If someone were to forcibly take Wikileaks offline, I would think internet connectivity would be the easiest attack vector, especially if they're located in a remote bunker which probably limits their options.
No bunker is really completely nuke-proof - even Cheyenne mountain had multiple SS-18s with single 25 megaton warheads targeted at it - it would not have survived.
You might survive a near miss or fallout in a bunker - but in the age of precision delivered and/or high yield bombs nowhere is 100% safe.
Yes, the author of the article must not have watched the video he linked to. The CEO of Bahnhof himself jocularly admits it wouldn't survive a direct hit.
Unless it's for the PR value"
That's a good example of allowing one's imagination of possibilities to wander over very short distances. Is it that inconceivable that a company might be motivated by something other than the bottom line? Arvinjoar commented earlier on the principled character of the Bahnhof's founder: http://news.ycombinator.com/item?id=1959961