Unexpected Security Issues In The Cloud

Lots of new and interesting things happen when you move to the cloud that you didn’t expect to have to deal with before (e.g. how to automatically bootstrap auto-scaled instances, etc.) One area that has a lot of complexity and uncertainty around it is certainly cloud security. As someone found out on OpenStack, there are things you rarely ever needed to think about, like the RNG not being random enough and doing things like generating the same SSH key multiple times. Not that this couldn’t have happened outside of the cloud, but as you scale systems and spin up instances dozens or hundreds of times a day, problems with small chances of occurring can suddenly start to appear at an alarming rate.


Dreamhost’s Dreamobjects

Dreamhost offers a decent looking object storage implementation called DreamObjects, powered by Ceph, which reminds me a little bit of EMC Atmos. What I didn’t immediately find while looking through their documentation was whether or not the data is ever synched to another datacenter, but I rather suspect it’s not. If that’s the case, even with their durability SLA of 99.99999% it sits somewhere between S3’s standard durability SLA of 99.999999999% and their Reduced Redundancy Storage durability SLA of 99.99%. Reduced Redundancy Storage costs $0.076 in US East, at the time of this post, and $0.095 for Standard Storage. With DreamObjects offering $0.07, it’s actually a pretty good deal, particularly for home users that want to play with an object store that offers an S3 API. Great as another place store critical data.