Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Comment: Re:Backups are not secure (Score 1) 173

by stub667 (#48631745) Attached to: Backblaze's 6 TB Hard Drive Face-Off

My bank now offers a storage space that is supposed to automatically receive bills and similar crap (for now .pdf bank statements land there, which is pretty cool if I somehow need to find that old stuff) ; files can be stored as well, uploaded to the web interface, no other means available.
That seems to be a good place to store keys. Else I'd be thinking of paper notes in a bank safe (and/or the kind of attorney that does things on your behalf when you're dead or incapacitated, in growing order of cost)

If the keys are encrypted, maybe. The bank is using this to store bills and bank statements. This storage doesn't need to be secure, it just needs to be more secure than your letter box. The bank doesn't need to keep the storage private from its employees, as its employees already have access to your bank statements and bills. About the worst thing you could upload there is your internet or phone banking password in cleartext, as it would be visible to exactly the people who know how to best exploit it.

Comment: Re:Backups are not secure (Score 1) 173

by stub667 (#48631675) Attached to: Backblaze's 6 TB Hard Drive Face-Off

The flaw in your design is that when the PC dies, you can no longer decrypt the backup because you just lost the private key.

I see it as a requirement rather than a flaw. If my data can be decripted after I have lost my key, then other people had copies of my key. It is a well known and documented fact that we can't trust everyone with access to the other copies of my key.

You never see my requirements or feature requests or responses on user serveys, or those from people who ask me for help, because your product doesn't meet my needs and gets discounted in the first round (along with almost all of your competitors).

Some online backup companies in the past have solved this by having you store your private key in yet a 3rd party "escrow" location, so you don't have the only copy and yet the company with your backup data does not have the private key either. In essence that is what Backblaze does, just in an "easy to use" way. We store the private encryption keys on one particular server, completely separate from your data. The data is all on "pods". Is it as secure? I don't think anybody can claim 100 % security, we do the very very best job we can.
 

Yes, the escrow solution has exactly the sames flaw as Backblaze's model. Security is fundamentally flawed as soon as users lose control of their key. All that effort ensuring keys are never writen to disk provides some protection against hackers, but can be completely bypassed by authority. The list of people and organizations that can gain or already have such authority is always surprisingly large. You are doing the very very best job you can for the model you have chosen to implement.

Fixing key loss problems requires guiding or ensuring that the user to keeps copies of their key. Maybe you can even offer to keep a copy for nieve users, or make some pocket money selling keyfobs, but if you start from the position of compromiable keys you can't support people with a healthy dose of paranoia. And that is becoming more and more of us. We are stuck with encrypting *before* we use your service, which makes your service less usable and less attractive.

I always find it sad when people advocate blacklists to protect their sensitive data. 'Encrypt your most sensitive data first'. It doesn't work, as it assumes you know what your most sensitive data actually is and don't make mistakes. You need to protect *all* your data by default, and open up data you determine to be not sensitive when necessary ('Share this photo with friends', 'Sync with Contacts').

Comment: Re:Tribler works around site outages (Score 1) 302

by stub667 (#48615055) Attached to: The Pirate Bay Responds To Raid

"Search and stream torrents. Towards anonymous streaming."

Because of the focus on streaming? Streaming simply doesn't work across of this planet and for less popular content, unless you are YouTube and have invested in a global network of proxies. When I read streaming, I translate it to broken. I look at the front page, see what seems to be a tightly integrated app designed for first world consumers of popular content, and move on.

But since you prompted me to look deeper, yeah, it looks very interesting. It might even be useful for getting that obscure movie from the one seeder in Brazil into my media player in my backwater on the other side of the planet.

Comment: Re:Sounds like movie reviews (Score 1) 474

I don't understand why publishers are so interested in preorders.

Publishers in all industries like preorders because it creates a spike of sales on release day. This is required to get on best seller lists, because they are usually about total sales over the last week or month.

Comment: Re:20 years there was no index (Score 1) 144

by stub667 (#48147425) Attached to: Google Rejects 58% of "Right To Be Forgotten" Requests

The people who will be running the show in 20 years from now are not on Facebook. For a while now, the people running the show have been groomed for power. If you are a senator wanting to continue your dynasty, you send junior to private and exclusive schools and now days certainly don't let them near the Internet using their real name or real face. That embarrassing photo of your son would not only throw away everything you have invested, but also torpedo your own position of privilege. Not all trust fund kids are Paris Hilton.

Comment: Re:Scripting language du jour (Score 1) 547

by stub667 (#48118647) Attached to: Goodbye, World? 5 Languages That Might Not Be Long For This World

Well done. I've not heard Python descripted as 'scriping language du jour' for a decade. I tend to date the time when Python started getting taken seriously at version 1.5.2, April 1999.

Of course, if real code is written in C/C++, then no true scotsman would ever consider scripting languages the right tool for the job :)

Comment: Only part of Skype functionality (Score 1) 174

by stub667 (#47814783) Attached to: Tox, a Skype Replacement Built On 'Privacy First'

There are many services that tackle parts of Skype's functionality, but I have yet to see one that tackles them all. Not only does Skype to chat and client-to-client video conferencing, but it also gives you access to a global POTS gateway both outgoing and inbound, and is available to customers outside of the USA. Viber, Line, WeChat, Google and tox don't have the functionality to take away Skype's business. So we remain stuck with Skype, despite their ever worsening service and dubious allegence.

+ - PostgreSQL vs. MongoDB - Call for New Benchmarks

Submitted by RaDag
RaDag (3455045) writes "Postgres software and services provider EnterpriseDB published a testing framework on Github with instructions on how to benchmark the performance of PostgreSQL and MongoDB. Lot of claims being thrown around and advances in Postgres with JSON/JSONB on top of its longtime HSTORE capability have made Postgres a pretty strong document database and key-value store with the added benefit of ACID compliance. The testing framework and results of some initial tests were published so contributors in the PostgreSQL and MongoDB communities could prove or disprove results that showed PostgreSQL outperformed MongoDB."

Comment: Re:Deja Vu (Score 1) 222

by stub667 (#47117399) Attached to: China Looks To Linux As Windows Alternative

I thought this was a Slashdot story from years ago when China was supposed to ditch Windows...so here we are again and China still has no viable homegrown distro. I thought years ago they phased out Windows and used GNU/Linux. Not so. I know a Chinese insider who tells me that the Government handed out bales of cash to develop a GNU/Linux distro of their own and all Red Flag Linux is, is Fedora with a some Catonese/Mandarin. It was a scam of public funds. They really did not develop their own GNU/Linux distro properly. was interested because, in a racist way, I thought--wow, Asians doing GNU/Linux, it must be AWESOME and kick the other distro's ass. Asians are hard working and fastidious and the distro will intall without a hitch and it will be great. Not really. One of the issues with investing in China when it comes to business are corrupt officials and lack of accountability. In China, you pay off the right people, you do what you want--until you get caught and are made an example of for the press. Linus Torvalds mentioned something about how GNU/Linux could not really come out of places like India and China as the peole are far too concerned about trying to survive, and Linux is something that came about 'just for fun'.

Ubuntu Kylin is pretty viable. Ubuntu 14.04 specially localized for China, produced by Canonical in partnership with one of the (many) ministries. By bringing in the experts, you avoid all the problems you cite, and it is open source so a Chinese group can take the drivers seat and salvage any lost pride whenever it is viable.

China is huge and the government is huge. IIRC they have had several customized linux variants in development simultaneously (of which we generally know of Red Flag because it had the coolest name).

Comment: Re:There's a gaping hole in his theory (Score 1) 405

The other gaping hole is that Amazon are going to screw their product suppliers so much that there won't be any supply.

"At which point the screws can be tightened indefinitely. And after a while, there will be no more Charlie Stross novels because I will be unable to earn a living and will have to go find a paying job."

Yeah, it would be a fantastic business model for Amazon to kill off the supply of quality books.

Comment: Re:And what's better? (Score 1) 200

by stub667 (#47057143) Attached to: China Bans Government Purchases of Windows 8

If this is because they're upset at Microsoft for dropping XP support so quickly, then what are they going to? What OS has a longer support cycle than XP's 12.5 years?

Red Hat's is 10 years. AIX is 5-7. HP-UX is 8. Ubuntu LTS is 5 years. Mac OS is 4-ish. Solaris is likely the closest at 12 years... But its still less. Maybe they'll roll their own support?

Every Open Source opearting system has support for as long as you want to keep making fixes for it. It isn't like China lacks people capable managing this process and patching the code. And if they somehow can't, it isn't like Canonical or Red Hat or a hundred other companies wouldn't do it for them for peanuts compared to Microsoft licences.

We don't know who it was that discovered water, but we're pretty sure that it wasn't a fish. -- Marshall McLuhan

Working...