[lug] NoVAD: Protecting Cloud Data

Mon Jul 14 10:45:19 MDT 2014

Rob Nagler wrote:
> On Mon, Jul 14, 2014 at 1:33 AM, David L. Anselmi<anselmi at anselmi.us>  wrote:
>> Not commenting on the NoVAD idea...
>
> It would be great to hear your feedback.  Do you have suggestions to
> prevent "meltdown" of cloud deployments from software mistakes or
> intruders?

So I can't say I know that much about cloud.  But to consider the nuclear power industry I would say 
the cloud is about as mature as nuclear was in the SL-1 days (that was a mess).  Since then I think 
we've demonstrated that by taking the risks seriously we can build systems that are safe.

The difference with the cloud will be the variety of uses.  Everyone knows that an unsafe nuclear 
reactor will cause Total Planetary Annihilation(tm) when something goes wrong.  So every reactor is 
built with Nuclear Level Safeguards(tm) (modulo what a given country considers safe).

But there are big differences between running your business in the cloud, running your life safety 
business in the cloud, and storing your family photos in the cloud.  You won't use Nuclear Level 
Safeguards(tm) on your family photos and it would be silly to run a nuclear reactor with automation 
provided by Amazon's infrastructure.

So there's probably a market for NoVAD features.  But it isn't universal.

>
>> Critical is not the word you want.  Melted down maybe.  In the US no one has
>> died from a nuclear reactor accident since "safeguards and sophisticated
>> technology" have been employed.
>
> Thanks for the clarification. Nuclear reactors have SCRAM and other
> physical safeguards to protect in the event of a serious problem
> (ignoring technical terms).  I borrowed the term, because we have
> nothing comparable to stop a serious destructive event in a cloud
> deployment.

Sure, it isn't a bad name/analogy.  Back when I drove a nuclear-powered submarine Greenpeace was 
actively protesting nuclear anything.  Our reactor was mostly critical while at sea and frequently 
super-critical.  Greenpeace would have had a heyday with that because the terms sound scary even 
though we're talking about standard operation.  Thank you public education science classes. :-)

I read several years ago that the founder of Greenpeace now supports nuclear energy as an 
alternative to global warming.  His quote was along the lines that they originally conflated nuclear 
power with nuclear weapons but nuclear power isn't so bad.  But the damage is done--they caused a 
lot of money to be wasted.

> Fukushima was SCRAMmed, btw.

Yes.  Probably all the reactors that have melted down were also.

<digression>
The problem after a scram is decay heat, which continues to be produced and must be removed.  When 
Fukushima's emergency power was flooded they lost the ability to remove decay heat.  At that point 
they no longer had shiny reactors but large piles of nuclear waste.  And eventually some airborne 
contamination.  Chernobyl was much worse and there are more dramatic accidents that have happened 
(like SL-1).
</digression>

Thanks for listening.
Dave