Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment Re:This is 2015/2016 Fuck living in california. (Score 1) 464

Not just the quality of specific cities, but the climate of the area.

Personally, I'd rather not live where the average temperature is below freezing for a month at a time. I'd also prefer not to live where the average temperature goes over 90 deg F for over a month at a time. Iowa has cheap housing, but it's climate isn't what I am looking for.

I live in Silicon Valley (just south of San Francisco) and the housing prices are BRUTAL here, but the weather is pleasant. It's November and I'm wearing shorts today. :-) This isn't the only place with decent weather, but I grew up south of Portland, Oregon and I'm never moving back there. It is dreary and overcast like 90% of the time. It crushes my soul to spend a week up there now. I like to see sunshine and blue skies at least 250 days a year. That narrows it down to the tech scene in California, Austin Texas, maybe Colorado? Probably a few states on the east coast in that same latitude band, but I'm not that familiar with the east coast.

Comment Re:This is why you call your bank before tourism (Score 4, Interesting) 345

> The "fraud detection" is completely broken

I absolutely agree. They have THE WORST programmers/statisticians working on this.

How about adding a simple two-factor authentication? Instead of rejecting the payment outright and freezing the card, text message my phone IMMEDIATELY and I can read a 6 digit code to the cashier to allow the transaction. It isn't perfect, but that one simple step would make it about 90 percent better, more secure, and cut down on false positives. I swear this would increase customer satisfaction and increase the amount of money the credit cards make because they would then accept a higher number of legitimate transactions. What is wrong with that industry?

Comment It's GREAT when research groups go make products.. (Score 3, Insightful) 137

From time to time, a group of researchers split off and make products that are useful right away (as opposed to research focused maybe 5 years or further out), and I think that's AWESOME. Why wouldn't it be great?

Look at some examples from Stanford University: SUN Microsystems was founded in 1982 as "Stanford University Network" created by Andy Bechtolsheim as a graduate student at Stanford. SUN productized RISC systems, NFS, Unix, etc. Really great stuff. This didn't bother or hurt Stanford one bit, just made it a more attractive place for future entrepreneurs to attend/work for a while.

In the same 1982, Jim Clark was an (associate?) professor at Stanford doing research in 3D graphics, and he split off Stanford and formed Silicon Graphics with his graduate student team (Tom Davis, Rocky Rhodes, Kurt Akeley, etc) that they basically had created without taking any personal risk while working at Stanford. Nothing but great news for Stanford, people FLOCKED to join the university that produced that talented team.

A couple years later in 1984, Leonard Bosack and Sandy Lerner were running the Stanford University computer systems and they split off forming Cisco.

A few years later in 1998 Stanford professor Mendel Rosenblum, with his Stanford grad student Ed Bugnion, and some others spun up VMware.

The list goes on and on for Stanford alone.

All these really awesome people came up with solid ideas in academia that were applicable in the next few years as viable products, then these people stepped up to form companies and make products I buy and use every day (or I use their descendant products) and these people formed companies that employed a lot of good people (I worked at Silicon Graphics for four really fun years), putting out solid products and making enough money to let some of us save up and do our own startups in time.

Seriously, this is really positive stuff. Why is anybody afraid of a team stepping up and out of academia? Usually it just means the possibility of a product that will make my life better. Heck, succeed or fail, I've seen some of those early guys back in the University system helping out again and finishing their PhDs they started years earlier when they got distracted (Rocky Rhodes, Ed Bugnion, etc). And there always seems to be a flood of new blood feeding up into the University, earlier successes CONTRIBUTE to recruitment to these Universities, it is a selling point that Stanford has produced some great companies.

If Uber grabs up a lot of great people from Carnegie Mellon, a flood of 18 and 22 year olds will flow in to replace them and get trained up. And I say good for EVERYBODY.

Comment Make the reasons transparent - problem goes away (Score 1) 250

There are two reasons to raise prices during a surge:

1) There are not enough drivers and we all want to encourage more drivers to get out of bed and drive. In this case 100 percent of the addition money goes to the drivers, Uber gets none of the increase.

2) Uber is profiteering/gouging. There are plenty of drivers, but Uber raises rates and keeps all the addition money.

I cannot imagine anybody objecting to #1, it solves a profound scarcity problem in an elegant way for tiny amounts of money, plus consumers can simply take other modes of transport (trains, taxis, rent a car) if the price is too high. Everybody is against #2 and it might even be illegal. So Uber should make the numbers and reasons completely transparent and all complaints will go away.

Comment Re:Security theater (Score 2) 224

In San Francisco Airport (SFO) PreCheck is often the longer slower line now. It makes more sense NOT to do PreCheck now.

An alternative would be to default people to PreCheck, call it "regular", and do away with the security theater parts of TSA immediately and forever. Like the quart container of liquids limit - which you can easily circumvent if you are a terrorist in several undefeatable ways - such as hiding liquids in prescription liquid bottles (hint: they do not ask you to produce any prescription) Or alternatively two terrorists meet in the bathroom past security and combine their liquids into one - instant and full proof defeat.

"Disco Clam" Lights Up To Scare Predators Away 49

sciencehabit writes When predators get close, the bright, orange-lipped "disco clam" flashes them to scare them off. But it's not just the light that's important. Researchers have found that the clam has sulfur in its fleshy lips and tentacles and suspect that, like another clam species that drop tentacles laden with sulfuric acid to deter predators, the disco clam's sulfur also gets converted into a distasteful substance. The flashing may warn predators away, similar to the bright orange of a monarch butterfly warning birds of its toxic taste.

Comment Re:speeds (Score 1) 173

> BackBlaze could find a way to get more bandwidth so their shitty service backed up a rate faster than 300KB/sec per client

You should absolutely be getting more bandwidth than that, you might contact our support to see what's up? We have students from Universities hitting 100 Mbits/sec upload rates, plus I suspect a few engineers in datacenters are getting even higher. We do not inherently throttle, although we use RAID6 with groups of 15 drives so inherently you are probably rate limited to 1 Gbit/sec by either the 1 Gbit/sec network card in the pod, or ?? which is the disk drive transfer rate.

Comment Re:Little more than free advertising (Score 1) 173

> counter Linux-unfriendly Backblaze's propaganda

Backblaze employee here. By the way, we're not "Linux-unfriendly", every single last datacenter machine is running Debian, that's like 950 machines! Most laptop customers use Windows or Mac so we did those versions first, and we're trying to get the Linux client finished up, it just got pushed down in priority a few times, but we don't mean it as a slight against Linux.

About CrashPlan - I have ALWAYS liked CrashPlan, and I think they are great and people should certainly consider CrashPlan if it fits their needs. You might also consider Carbonite and Mozy, I think these are all good products with a few tradeoffs here and there. Backblaze isn't perfect for all customers, for example, we don't yet have a Linux client. I believe Mozy has a better small business administration portal than Backblaze has also, if that's what your needs are.

Comment Re:Backups are not secure (Score 1) 173

> unclear that Backblaze supported incremental backups

Backblaze does support incremental backups, but it is a fairly simplistic incremental. For any file less than 30 MBytes there are no partial files, we just push a whole new copy to a whole new location in our datacenter. For any file more than 30 MBytes, we break the file into 10 MByte "chunks" and push each individual chunk if that chunk has changed. So the WORST thing you can do is prepend a single byte to the large file - this essentially causes every single 10 MByte chunk to change (slide to the right?) and so we have to retransmit the entire thing.

For a lot of programs dealing with large files, they tend to append bytes to the end of their file formats, which works great. If it is an entire bootable computer image, a lot of stuff will probably not move around (like huge swaths of binaries sitting in that computer image) and a lot of stuff WILL move around that will "accidentally" be backed up.

One final hint: by default TrueCrypt specifically thinks changing the modification time is "leaking information". Make sure you check the checkbox that when TrueCrypt changes the image, it needs to also update the last modified time. Backblaze uses that as a hint to go examine every byte in the file to see if it should be retransmitted.

Comment Re:Meaningless (Score 3, Interesting) 173

> Then you boys should make an app that every computer enthusiast can use that tracks smart stats/drive failures and collects them at your servers.

I think this would be really awesome. Here's where it gets neat-> we already have an app running in hundreds of thousands of desktop and laptop computers! (Our "online backup application" involves a tiny service that runs to send your files at the datacenter through HTTPS.) So if we just updated the client with a small amount of statistics tracking (and maybe a nice checkbox to opt in or out) then we could immediately start collecting info.

Sort of related: A few years ago I played an online 3D video game (can't remember which one, might have been Quake?) that you could both report your graphics card and RAM configuration to the server, and the server would list the aggregate statistics. So there is some precedent for this kind of data collection and publication.

Comment Re:Backups are not secure (Score 1) 173

> Just have the client use a cheapish symmetric key (AES256 perhaps)

We do use AES to encrypt the files. We used a well known design where we use the public key to encrypt the AES256 key and FEK, then we use the AES key to symmetrically encrypt the file. Then we can use the passphrase to encrypt the private key. So it's kind of an onion, you use the passphrase, decrypt the private key, which is then used to decrypt the AES key and FEK, which is then used to decrypt the file. (We didn't invent this flow, it is used in several encrypted filesystems because it's a great design.) This was it is FAST (symmetric AES) plus has the total awesomeness of pub/private keys and all they imply (the idea that you can encrypt data with the public key that nobody listening can decrypt because they don't have the private key is really quite powerful).

We then use HTTPS to post this data from your laptop to our datacenter. From time to time this "double encryption" of both encrypting on the client and sending the already encrypted data through HTTPS anyway has helped keep our customers safe when HTTPS has been broken for a little while.

Comment Re:Backups are not secure (Score 1) 173

> Private keys (stored on their owner's PC where they should be) are still encrypted
> with passphrases in case the PC is hacked. That's how important keeping the
> private key completely private is.

The flaw in your design is that when the PC dies, you can no longer decrypt the backup because you just lost the private key.

Some online backup companies in the past have solved this by having you store your private key in yet a 3rd party "escrow" location, so you don't have the only copy and yet the company with your backup data does not have the private key either. In essence that is what Backblaze does, just in an "easy to use" way. We store the private encryption keys on one particular server, completely separate from your data. The data is all on "pods". Is it as secure? I don't think anybody can claim 100 % security, we do the very very best job we can.

I leave you with the following thought -> if you would use encryption (like TrueCrypt) on your most sensitive data, *THEN* back up the TrueCrypt image to Backblaze, even if Backblaze wanted to read your data or if the NSA put their processing power on it and cracked your passphrase, they would have nothing, because you encrypted it BEFORE it was encrypted by Backblaze and sent through HTTPS to our servers. Maybe that would allow you to sleep soundly at night?

Comment Re:Meaningless (Score 3, Insightful) 173

> I'm surprised Backblaze has published so much without getting into lawsuit trouble already.

Hopefully "the truth" is a valid defense? :-) Plus I think the drive companies are aware of the "Streisand effect" https://en.wikipedia.org/wiki/... and don't want to call even more attention to the fact that every hard drive is fully expected to fail eventually.

Comment Re:Meaningless (Score 4, Informative) 173

> retail at the 10,000 drive order level

You might be surprised how little discount we get. Our last purchase of 4 TByte Hitachi drives (960 drives in one purchase) we paid $135 each before tax and shipping. "B&H Photo" sometimes wins the bid (I don't know how or why), but you can basically get that same price within a couple bucks in units of 1 or 2 from their website. Note: we have no affiliation with B&H other than satisfied customers, and B&H do not win the bid every time.

With that said, if anybody knows how to get more than $2 off "retail" please PLEASE let us know!!

Pascal is a language for children wanting to be naughty. -- Dr. Kasi Ananthanarayanan