Forgot your password?
typodupeerror

Comment: Re:Advertised on YouTube? (Score 4, Interesting) 83

The 'you can skip in 5 seconds' ads amaze me. Presumably the people using them know that they have 5 valuable seconds that everyone can see, yet they uniformly squander them. I've almost never seen an ad that tells me anything interesting in the first 5 seconds, which isn't that surprising, but it's really surprising to me that most don't even tell me what the product is. Several that I've seen use the first 4 seconds to fade from black, then get 1 second of something incomprehensible before I hit skip.

Comment: Re:umm duh? (Score 1) 173

by TheRaven64 (#47544353) Attached to: Dropbox Head Responds To Snowden Claims About Privacy

Please correct me if I'm wrong because I may not have imagined this system properly. I was thinking the idea was that you encrypt each file with a single unique key, and then to use a public-key encryption scheme to encrypt that key. You can then send the encrypted file and the encrypted key to another user, knowing that it will need that users private key to decrypt.

Every time you upload a file, you generate a random symmetric key. You encrypt the file with this key and the key with your public key. If you want to download the file, you get the file and the encrypted key and then you decrypt the key with your private key and then decrypt the file. When you create the account, you upload your public key.

When you want to share a file with everyone, with no access control, you download the encrypted key, decrypt it, and provide it to the server. The server can then decrypt the file.

When you want to share a file with a limited set of users, you download each of their public keys (which you can cache in the client) and the encrypted symmetric key, decrypt the key, and then encrypt it once for each user. They will then only be able to access it with their client.

I'm not sure who you're 'we' as in 'internet community' is. We do have standards and off-the-shelf libraries for everything required to implement this and others have done so in the past (one of my colleagues during her PhD did back around 2006, to give one example, others have implemented more complex and flexible schemes more recently). Note that this is the simple textbook scheme for doing this kind of system. It's been implemented before and doubtless will be again. If you check the research literature then you'll find more interesting schemes.

The only problem is if you want to be able to access it from the browser, without some kind of plugin (Google actually does compile OpenSSL with Emscripten to do ASN.1 parsing, but I wouldn't recommend using it for encryption).

Comment: Re:umm duh? (Score 1) 173

by TheRaven64 (#47539311) Attached to: Dropbox Head Responds To Snowden Claims About Privacy

then you may as well just give the server the AES key and ask it to decrypt the file

But in that model, if "the server" has the key, wouldn't Dropbox have the key? I thought that was the whole thing people were freaking out about.

No, you'd have the key. If you wanted to share the file publicly, then there's no point in keeping it encrypted, so you'd provide the server with the key and it would decrypt, saving you the cost of downloading and reencrypting.

I understand what you (and the AC) are saying about storing an encrypted key on the server, and then re-encrypting the key for each new user you'd want to share with. That's a clever arrangement and I admit that I hadn't thought of it, but it still seems like it has the potential to create more complexity than most people want to deal with. It still means you need to manage various encryption keys, and we (Internet culture) seem intent on not developing a coherent system for managing encryption keys.

The client just needs one key, the RSA (or equivalent) public key. You'd need to copy this between devices, but it's relatively small (under 1KB). It's small enough to fit in a version 40 QR code quite easily, so you could set up mobile devices by displaying the QR code on your laptop screen and point the mobile device's camera at it, if you don't have any sensible way of transferring files between devices. The client then has to download the file and the associated key, decrypt the key with the locally-stored key, and then decrypt the file, but that's not something that's exposed to the user.

Comment: Re:umm duh? (Score 1) 173

by TheRaven64 (#47529479) Attached to: Dropbox Head Responds To Snowden Claims About Privacy
The anonymous poster pointed out a simpler mechanism, which is used in practice on file stores that want to be encrypted on the server. This technique also has a number of advantages. Using a symmetric cypher is generally faster than an asymmetric one and using a different key for each file is just good practice anyway as it limits the damage that certain kinds of trojan can do. If you're sharing with everyone, then you may as well just give the server the AES key and ask it to decrypt the file. If you're sharing with just a few people, then sending them a (fixed-size) key for each file is not too much overhead.

Comment: Re:Astronomy, and general poor night-time results. (Score 1) 532

by TheRaven64 (#47529469) Attached to: Laser Eye Surgery, Revisited 10 Years Later
The thing that's really put me off the surgery is the improvement in contact lens technology over the last 10 years. My sight is sufficiently bad in one eye that I'd have to have an implanted contact lens, although the other could be fixed by burning the cornea. The contact lenses that I have now; however, are so thin that I don't notice that I'm wearing them most of the time and can be worn overnight. I put them in at the start of a month and then change them a month later. There's a slightly increased risk of eye infection, but they come with six monthly checkups to prevent this. I was wearing the previous generation of lenses (which were noticeably thicker) for about 10 years without serious issue, but with slight irritation around the eyelids caused by the thickness of the lens (and my eyes sometimes getting very dry, because it took a long time for the lens to dry out, so I'd forget to blink sometimes). With the newer ones, it's basically as if I had fully working eyes and if my prescription changes then I can put in different lenses next month.

Comment: Re:umm duh? (Score 5, Interesting) 173

by TheRaven64 (#47521437) Attached to: Dropbox Head Responds To Snowden Claims About Privacy
There are techniques that allow searching within encrypted files, but they rely on the client creating the index. You can then search the index for an encrypted search term and, if you know the keys, interpret the answer. Getting this right is quite tricky (there are several research papers about it), so he's right, but it's not impossible.

The main reason that I suspect DropBox discourages encryption is that they rely a lot on deduplication to reduce their costs. If everyone encrypted their files, then even two identical files would have different representations server-side if owned by different users, so their costs would go up a lot.

Comment: Re: Code the way you want... (Score 1) 367

by TheRaven64 (#47521383) Attached to: 'Just Let Me Code!'
Yes, almost certainly. The market for compiler engineers is very much a sellers' market at the moment. Universities neglected it for so long that most people graduate from undergraduate degrees with basically no knowledge of how a compiler works (if they're lucky, the know how compilers worked in the '80s), so there are 10 jobs for every person.

Comment: Re:"Just let me build a bridge!" (Score 1) 367

by TheRaven64 (#47521177) Attached to: 'Just Let Me Code!'
In The Humane Interface, written in 2000, Jef Raskin made the same complaint. The time between turning a computer on and having written a program to add two numbers together on, say, a C64 or a BBC Model B, was about 30 seconds. On a modern computer of the time, you wouldn't even have finished booting - starting the IDE would take even longer. The problem is, this misses the point. There are lots of scripting languages with REPL environments, including a POSIX shell and PowerShell on Windows, that can do this as a single command once the computer is running (on OS X, you can add numbers in Spotlight, so it's even quicker - just hit command-space and type the sum). If you want to write a more complex application, it's vastly easier today. Extend that simple calculator to show an editable history and show equations, and you'll find it a bit easier today. Now extend it to be able to print - if you've ever written applications to print in the era before operating systems provided a printer abstraction then you'll know how painful that was.

Comment: Re:Analogies are poor... (Score 1) 367

by TheRaven64 (#47521159) Attached to: 'Just Let Me Code!'
I don't understand why you think 'yum install gcc' is somehow different from 'download and run the installer for the VS command-line tools'. Especially on a modern Linux distro, where libraries come with -devel variants to save you the 10KB taken up by the headers in the normal install, so you end up having to install a load of headers as well to get the system useable.

Comment: Re: Code the way you want... (Score 1) 367

by TheRaven64 (#47521141) Attached to: 'Just Let Me Code!'
I was a consultant for a few years and didn't find that it did. Most of my customers found me, as a result of my open source work (usually to work on the same projects, sometimes to work on projects in similar fields). Contract negotiation didn't take very long (they list some requirements, you mutually agree on a date, you pick a number, if they haggle then you politely decline).

Comment: Re:The British Way (Score 2) 115

by TheRaven64 (#47513997) Attached to: UK Users Overwhelmingly Spurn Broadband Filters

That's as maybe but we have Healthcare that is FREE at the point of delivery.

That's not quite true for dental work, but the price is capped, so you'll typically pay £18.50 to see a dentist, £50.50 if you need something done, or £219 if you need something serious. It's only free if you qualify for extra assistance, which is automatic if you are under 18, under 19 (25 in Wales) and in full-time education, on income support or similar.

Bug

Researchers Test Developer Biometrics To Predict Buggy Code 89

Posted by Soulskill
from the subject-was-asleep-when-this-code-was-checked-in dept.
rjmarvin writes: Microsoft Research is testing a new method for predicting errors and bugs while developers write code: biometrics. By measuring a developer's eye movements, physical and mental characteristics as they code, the researchers tracked alertness and stress levels to predict the difficulty of a given task with respect to the coder's abilities. In a paper entitled "Using Psycho-Physiological Measures to Assess Task Difficulty in Software Development," the researchers summarized how they strapped an eye tracker, an electrodermal sensor and an EEG sensor to 15 developers as they programmed for various tasks. Biometrics predicted task difficulty for a new developer 64.99% of the time. For a subsequent tasks with the same developer, the researchers found biometrics to be 84.38% accurate. They suggest using the information to mark places in code that developers find particularly difficult, and then reviewing or refactoring those sections later.

"Just think of a computer as hardware you can program." -- Nigel de la Tierre

Working...