Forgot your password?
typodupeerror

Comment: Re:umm duh? (Score 1) 170

by TheRaven64 (#47539311) Attached to: Dropbox Head Responds To Snowden Claims About Privacy

then you may as well just give the server the AES key and ask it to decrypt the file

But in that model, if "the server" has the key, wouldn't Dropbox have the key? I thought that was the whole thing people were freaking out about.

No, you'd have the key. If you wanted to share the file publicly, then there's no point in keeping it encrypted, so you'd provide the server with the key and it would decrypt, saving you the cost of downloading and reencrypting.

I understand what you (and the AC) are saying about storing an encrypted key on the server, and then re-encrypting the key for each new user you'd want to share with. That's a clever arrangement and I admit that I hadn't thought of it, but it still seems like it has the potential to create more complexity than most people want to deal with. It still means you need to manage various encryption keys, and we (Internet culture) seem intent on not developing a coherent system for managing encryption keys.

The client just needs one key, the RSA (or equivalent) public key. You'd need to copy this between devices, but it's relatively small (under 1KB). It's small enough to fit in a version 40 QR code quite easily, so you could set up mobile devices by displaying the QR code on your laptop screen and point the mobile device's camera at it, if you don't have any sensible way of transferring files between devices. The client then has to download the file and the associated key, decrypt the key with the locally-stored key, and then decrypt the file, but that's not something that's exposed to the user.

Comment: Re:umm duh? (Score 1) 170

by TheRaven64 (#47529479) Attached to: Dropbox Head Responds To Snowden Claims About Privacy
The anonymous poster pointed out a simpler mechanism, which is used in practice on file stores that want to be encrypted on the server. This technique also has a number of advantages. Using a symmetric cypher is generally faster than an asymmetric one and using a different key for each file is just good practice anyway as it limits the damage that certain kinds of trojan can do. If you're sharing with everyone, then you may as well just give the server the AES key and ask it to decrypt the file. If you're sharing with just a few people, then sending them a (fixed-size) key for each file is not too much overhead.

Comment: Re:Astronomy, and general poor night-time results. (Score 1) 527

by TheRaven64 (#47529469) Attached to: Laser Eye Surgery, Revisited 10 Years Later
The thing that's really put me off the surgery is the improvement in contact lens technology over the last 10 years. My sight is sufficiently bad in one eye that I'd have to have an implanted contact lens, although the other could be fixed by burning the cornea. The contact lenses that I have now; however, are so thin that I don't notice that I'm wearing them most of the time and can be worn overnight. I put them in at the start of a month and then change them a month later. There's a slightly increased risk of eye infection, but they come with six monthly checkups to prevent this. I was wearing the previous generation of lenses (which were noticeably thicker) for about 10 years without serious issue, but with slight irritation around the eyelids caused by the thickness of the lens (and my eyes sometimes getting very dry, because it took a long time for the lens to dry out, so I'd forget to blink sometimes). With the newer ones, it's basically as if I had fully working eyes and if my prescription changes then I can put in different lenses next month.

Comment: Re:umm duh? (Score 5, Interesting) 170

by TheRaven64 (#47521437) Attached to: Dropbox Head Responds To Snowden Claims About Privacy
There are techniques that allow searching within encrypted files, but they rely on the client creating the index. You can then search the index for an encrypted search term and, if you know the keys, interpret the answer. Getting this right is quite tricky (there are several research papers about it), so he's right, but it's not impossible.

The main reason that I suspect DropBox discourages encryption is that they rely a lot on deduplication to reduce their costs. If everyone encrypted their files, then even two identical files would have different representations server-side if owned by different users, so their costs would go up a lot.

Comment: Re: Code the way you want... (Score 1) 367

by TheRaven64 (#47521383) Attached to: 'Just Let Me Code!'
Yes, almost certainly. The market for compiler engineers is very much a sellers' market at the moment. Universities neglected it for so long that most people graduate from undergraduate degrees with basically no knowledge of how a compiler works (if they're lucky, the know how compilers worked in the '80s), so there are 10 jobs for every person.

Comment: Re:"Just let me build a bridge!" (Score 1) 367

by TheRaven64 (#47521177) Attached to: 'Just Let Me Code!'
In The Humane Interface, written in 2000, Jef Raskin made the same complaint. The time between turning a computer on and having written a program to add two numbers together on, say, a C64 or a BBC Model B, was about 30 seconds. On a modern computer of the time, you wouldn't even have finished booting - starting the IDE would take even longer. The problem is, this misses the point. There are lots of scripting languages with REPL environments, including a POSIX shell and PowerShell on Windows, that can do this as a single command once the computer is running (on OS X, you can add numbers in Spotlight, so it's even quicker - just hit command-space and type the sum). If you want to write a more complex application, it's vastly easier today. Extend that simple calculator to show an editable history and show equations, and you'll find it a bit easier today. Now extend it to be able to print - if you've ever written applications to print in the era before operating systems provided a printer abstraction then you'll know how painful that was.

Comment: Re:Analogies are poor... (Score 1) 367

by TheRaven64 (#47521159) Attached to: 'Just Let Me Code!'
I don't understand why you think 'yum install gcc' is somehow different from 'download and run the installer for the VS command-line tools'. Especially on a modern Linux distro, where libraries come with -devel variants to save you the 10KB taken up by the headers in the normal install, so you end up having to install a load of headers as well to get the system useable.

Comment: Re: Code the way you want... (Score 1) 367

by TheRaven64 (#47521141) Attached to: 'Just Let Me Code!'
I was a consultant for a few years and didn't find that it did. Most of my customers found me, as a result of my open source work (usually to work on the same projects, sometimes to work on projects in similar fields). Contract negotiation didn't take very long (they list some requirements, you mutually agree on a date, you pick a number, if they haggle then you politely decline).

Comment: Re:The British Way (Score 2) 115

by TheRaven64 (#47513997) Attached to: UK Users Overwhelmingly Spurn Broadband Filters

That's as maybe but we have Healthcare that is FREE at the point of delivery.

That's not quite true for dental work, but the price is capped, so you'll typically pay £18.50 to see a dentist, £50.50 if you need something done, or £219 if you need something serious. It's only free if you qualify for extra assistance, which is automatic if you are under 18, under 19 (25 in Wales) and in full-time education, on income support or similar.

Real Programmers don't write in PL/I. PL/I is for programmers who can't decide whether to write in COBOL or FORTRAN.

Working...