I must have missed that thread. It's almost the same implementation.
It's just a fun POC. It's not reliable, efficient or fast enough to be something you'd use daily. I imagine it would be quite easy to filter out (and revoke API keys) if something like this started becoming popular.
It isn't a dick move. It doesn't hurt Yahoo, and most likely will hurt the 'abuser' since Yahoo will just suspend such accounts whenever they feel like it, and the stored data will just be gone.
If you say you'll store images, and I make you store things that are not images - taking up hard drive space you didn't intend to let me use - that hurts you financially.
Any other reading of the situation is based on fantasy.
The "financial hurt" is mitigated by the fact that they can just ban your account and your access to your terabyte of stored data and possibly other yahoo services, anytime they want.
>Any other reading of the situation is based on fantasy.
Not necessarily. It is possible that Yahoo engineers may actually be amused and supportive of the way their service was remixed.
Talk about cynicism. As I wrote, it is possible that Yahoo could be amused and supportive of this project, no? Corps react in various ways, and Yahoo could go either way. So unless you're representing Yahoo, why go about bitching at people for a clever remix that technically doesn't violate the TOS and doesn't exploit any vulnerabilities, when Yahoo hasn't even made an official statement.
Second ... you're characterizing it as an "attack"... really? The people who'll try to use it would be people who just want some cheap cloud-storage. And as I said before, they should use at their own risk, else they may wake-up one day and find their account is banned, and the terabyte of data they uploaded (which takes a non-trivial amount of time) will be gone, along with their yahoo mail and anything else yahoo was hosting for them.
This version makes files 2-4x larger than the original. You think engineers and devops like something inherently 2-4x more demanding of storage than it could be? You think CFOs like that?
I've supported similar services, and people who think they're being clever, to exploit my FREE SERVICE to do things it was never intended to do, really piss me off.
Here's an idea: ASK.
Hey, Flickr, a free TB is awesome! Mind if we store arbitrary files on it?
Yes, it's an attack. It's a classic predator-prey relationship. When you proposed that they prey could exert energy to defend the service, you were merely describing the next single step in that relationship.
> The people who'll try to use it would be people who just want some cheap cloud-storage.
...and they won't pay, and they don't care who they hurt.
Would you defend them, if they each made 100 Flickr accounts, just so they could get some more cheap cloud-storage? 1000? What if Amazon decided to implement their S3 storage on top of this free Flickr storage?
Is your argument that there's nothing inherently wrong with exploiting people who offer you something... only if you REALLY, REALLY exploit it?
I read the flickr TOS. I don't think this violates it.
How is this a dick move? Get over yourself. They're valuing the company at $1.1 Billion. If you can actually drain any significant amount of their resources then sure it's a dick move, but crazy impressive.
Besides, you really think Yahoo! would be so upset that hackers are using their site for a public CDN? Sure they might make a big fuss, but they probably would think it's cool too. Afterall, flickr started as an online game. Who's to say they won't pivot again?
Further, as much as anyone wants to complain about the downfall of hacker news quality, this has made me more cynical than anyone's nit or snark or trolling.
You can't use Flickr as a public CDN AFAIK. Their terms require if you use flickr to host an image displayed in another page that page must provide a link to the photo's page on flickr.
Flickr also only allows photos, illustrations and screenshots. (and video). Nothing else.
These terms are not spelled out in the ToS but in their community guidelines and faq
There are plenty of examples of people having their accounts closed for not following these rules.
I definitely thought this was going to be storing data as the image.
I'd be interesting in the (computational) detection for that. Of course, if you just encode/decode it, Yahoo could do the same.
If you encrypt the data, they could just check to see how high the entropy is. If it's higher than what's plausible for a real photograph, they'd delete it. (using ent [1])
Else, you could use good ole stenography. In researching this response I came across the term Steganalysis[2]. Pretty interesting!
This starts to get my imagination going. What if you would use all kinds of websites, which allow user-submitted data, and encrypt and distribute the content. You could create an underground internet hosted unknowingly by other people. You could even encode your data so it looks like real image or natural language data.
I've been thinking about such a thing for a while now. Imagine a tool that uses DHT (distributed hash tables) for indexing and search plus a set of plugins that speak the protocol for each individual datastor be it dropbox, regular http, flickr, etc. It could include redundancy and maybe even bittorrent as one of the datastors.
Not really. As long as you build in redundancy. Ie, automatically distribute multiple copies of the same files or blocks over multiple different sites. Yes, all of the sites could make breaking changes at the same time, but then all of the disks in your raid array could die at the same time too... Hence backups.
If you're unable to use zTXt, you could store the bytes in the RGBA pixel values. Those are compressed, and you get some interesting images as a bonus :)
It was only a matter of time before someone did this, wasn't expecting something so fast though. I bet Yahoo! aren't anticipating people using that whole 1TB, but with something like this I could easily fill 1TB in music/videos very quickly.
Now if someone takes it one step further and creates a Site44 for Flickr: http://www.site44.com/ — we'll truly have it all.
It was only a matter of time until someone came up with something like this. Use at your own risk, and make sure you don't have anything you wouldn't mind losing on the Flickr service since Yahoo can just arbitrarily close your account at any time.
https://news.ycombinator.com/item?id=5741905