Forgot your password?
typodupeerror

Comment: Re:umm duh? (Score 1) 170

by TheRaven64 (#47539311) Attached to: Dropbox Head Responds To Snowden Claims About Privacy

then you may as well just give the server the AES key and ask it to decrypt the file

But in that model, if "the server" has the key, wouldn't Dropbox have the key? I thought that was the whole thing people were freaking out about.

No, you'd have the key. If you wanted to share the file publicly, then there's no point in keeping it encrypted, so you'd provide the server with the key and it would decrypt, saving you the cost of downloading and reencrypting.

I understand what you (and the AC) are saying about storing an encrypted key on the server, and then re-encrypting the key for each new user you'd want to share with. That's a clever arrangement and I admit that I hadn't thought of it, but it still seems like it has the potential to create more complexity than most people want to deal with. It still means you need to manage various encryption keys, and we (Internet culture) seem intent on not developing a coherent system for managing encryption keys.

The client just needs one key, the RSA (or equivalent) public key. You'd need to copy this between devices, but it's relatively small (under 1KB). It's small enough to fit in a version 40 QR code quite easily, so you could set up mobile devices by displaying the QR code on your laptop screen and point the mobile device's camera at it, if you don't have any sensible way of transferring files between devices. The client then has to download the file and the associated key, decrypt the key with the locally-stored key, and then decrypt the file, but that's not something that's exposed to the user.

Comment: Re:umm duh? (Score 1) 170

by TheRaven64 (#47529479) Attached to: Dropbox Head Responds To Snowden Claims About Privacy
The anonymous poster pointed out a simpler mechanism, which is used in practice on file stores that want to be encrypted on the server. This technique also has a number of advantages. Using a symmetric cypher is generally faster than an asymmetric one and using a different key for each file is just good practice anyway as it limits the damage that certain kinds of trojan can do. If you're sharing with everyone, then you may as well just give the server the AES key and ask it to decrypt the file. If you're sharing with just a few people, then sending them a (fixed-size) key for each file is not too much overhead.

Comment: Re:Astronomy, and general poor night-time results. (Score 1) 526

by TheRaven64 (#47529469) Attached to: Laser Eye Surgery, Revisited 10 Years Later
The thing that's really put me off the surgery is the improvement in contact lens technology over the last 10 years. My sight is sufficiently bad in one eye that I'd have to have an implanted contact lens, although the other could be fixed by burning the cornea. The contact lenses that I have now; however, are so thin that I don't notice that I'm wearing them most of the time and can be worn overnight. I put them in at the start of a month and then change them a month later. There's a slightly increased risk of eye infection, but they come with six monthly checkups to prevent this. I was wearing the previous generation of lenses (which were noticeably thicker) for about 10 years without serious issue, but with slight irritation around the eyelids caused by the thickness of the lens (and my eyes sometimes getting very dry, because it took a long time for the lens to dry out, so I'd forget to blink sometimes). With the newer ones, it's basically as if I had fully working eyes and if my prescription changes then I can put in different lenses next month.

Comment: Re:~50% have no degree... (Score 4, Insightful) 169

by blazer1024 (#47522799) Attached to: For Half, Degrees In Computing, Math, Or Stats Lead To Other Jobs

I used to be a programmer with no degree. I'd like to think I was pretty darn good at it... I knew several languages (C, C++, Python, Perl, Java, and several more) that I had taught myself. I did this for about 9 years, before I finally got a degree in CS, and then got a Master's in CS shortly afterward.

One thing this did for me is open up my mind quite a bit. I'm still a good programmer, but I now know programming isn't it. There's a lot more that goes on when it comes to developing good software, and though I could code up some pretty good stuff really quickly, now my code is better, more thought out, and most importantly, I am much more likely to ask the question "Is this really the problem we're trying to solve?" leading to actually useful code instead of neat stuff it turned out really wasn't what was needed.

In addition, I'm better at interacting with people. I used to have the attitude "This makes no sense to me, therefore it's stupid" and now I realize that maybe I don't have all of the information, there's something I don't know (this is key!) which would help me understand and realize my position isn't exactly right, and so I don't just get mad and storm off anymore when things don't make sense.

Getting a degree made me a more well rounded person... I found a love for history, music and literature that I didn't quite have before. I can have conversations that don't just involve the latest tech and video games. (though I still love talking about that stuff)

I guess my point is... a degree doesn't make a great programmer, but a degree can help make a better person (which is the whole point really... it's not to "learn a trade", it's to expand your horizons and explore the world and become a critical thinker) and so given the situation, I would likely lean toward hiring a great programmer with a degree over a great programmer without one.

Comment: Re:umm duh? (Score 5, Interesting) 170

by TheRaven64 (#47521437) Attached to: Dropbox Head Responds To Snowden Claims About Privacy
There are techniques that allow searching within encrypted files, but they rely on the client creating the index. You can then search the index for an encrypted search term and, if you know the keys, interpret the answer. Getting this right is quite tricky (there are several research papers about it), so he's right, but it's not impossible.

The main reason that I suspect DropBox discourages encryption is that they rely a lot on deduplication to reduce their costs. If everyone encrypted their files, then even two identical files would have different representations server-side if owned by different users, so their costs would go up a lot.

Comment: Re: Code the way you want... (Score 1) 367

by TheRaven64 (#47521383) Attached to: 'Just Let Me Code!'
Yes, almost certainly. The market for compiler engineers is very much a sellers' market at the moment. Universities neglected it for so long that most people graduate from undergraduate degrees with basically no knowledge of how a compiler works (if they're lucky, the know how compilers worked in the '80s), so there are 10 jobs for every person.

Comment: Re:"Just let me build a bridge!" (Score 1) 367

by TheRaven64 (#47521177) Attached to: 'Just Let Me Code!'
In The Humane Interface, written in 2000, Jef Raskin made the same complaint. The time between turning a computer on and having written a program to add two numbers together on, say, a C64 or a BBC Model B, was about 30 seconds. On a modern computer of the time, you wouldn't even have finished booting - starting the IDE would take even longer. The problem is, this misses the point. There are lots of scripting languages with REPL environments, including a POSIX shell and PowerShell on Windows, that can do this as a single command once the computer is running (on OS X, you can add numbers in Spotlight, so it's even quicker - just hit command-space and type the sum). If you want to write a more complex application, it's vastly easier today. Extend that simple calculator to show an editable history and show equations, and you'll find it a bit easier today. Now extend it to be able to print - if you've ever written applications to print in the era before operating systems provided a printer abstraction then you'll know how painful that was.

Comment: Re:Analogies are poor... (Score 1) 367

by TheRaven64 (#47521159) Attached to: 'Just Let Me Code!'
I don't understand why you think 'yum install gcc' is somehow different from 'download and run the installer for the VS command-line tools'. Especially on a modern Linux distro, where libraries come with -devel variants to save you the 10KB taken up by the headers in the normal install, so you end up having to install a load of headers as well to get the system useable.

Comment: Re: Code the way you want... (Score 1) 367

by TheRaven64 (#47521141) Attached to: 'Just Let Me Code!'
I was a consultant for a few years and didn't find that it did. Most of my customers found me, as a result of my open source work (usually to work on the same projects, sometimes to work on projects in similar fields). Contract negotiation didn't take very long (they list some requirements, you mutually agree on a date, you pick a number, if they haggle then you politely decline).

Comment: Re:The British Way (Score 2) 115

by TheRaven64 (#47513997) Attached to: UK Users Overwhelmingly Spurn Broadband Filters

That's as maybe but we have Healthcare that is FREE at the point of delivery.

That's not quite true for dental work, but the price is capped, so you'll typically pay £18.50 to see a dentist, £50.50 if you need something done, or £219 if you need something serious. It's only free if you qualify for extra assistance, which is automatic if you are under 18, under 19 (25 in Wales) and in full-time education, on income support or similar.

Would you people stop playing these stupid games?!?!?!!!!

Working...