×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

New Advance Confines GMOs To the Lab Instead of Living In the Wild

AaronLS Re:Until... (128 comments)

He didn't say the statistics favored no evolution. You have the reading comprehension of a blind squirrel.

4 days ago
top

Ask Slashdot: High-Performance Laptop That Doesn't Overheat?

AaronLS All-in-one (325 comments)

You don't specify why your requirements require a laptop. You talk about doing things "all day" so certainly you are not on battery power all day.

For me I require the portability of a laptop, such that I can move to conferences with my machine and do presentations, or go to coffee shop to work. However, I never need battery power, and am always near an outlet.

The right all-in-one will give you that portability, power, and cooling, but you'll be tethered to an outlet. In the rare case I don't want to shutdown my apps between outlets, I shutdown using hibernate.

I use a Thinkcentre e93z, and for a case I found the ILugger 23, which is intended for a Mac all-in-one, but the internal dimensions matched my machine.

about three weeks ago
top

10 Years In, Mars Rover Opportunity Suffers From Flash Memory Degradation

AaronLS Re:Martian Maintenance Infrastructure (105 comments)

"No, I'd say it's time for you to learn what "one-way" means. Mars ain't around the damn corner."

"martian rover maintenance infrastructure" sounds like the repair infrastructure is on Mars, so you would just bring it back to that location on Mars.

"Calm down there"

His post was pretty calm. Yours... not so much.

about a month ago
top

MIT Removes Online Physics Lectures and Courses By Walter Lewin

AaronLS Re:Sexual Harassment shouldn't cost us knowledge (416 comments)

No I read it correctly, and if you come to me and say I "should" do this or that as a content host, and when I CHOOSE to do otherwise, you start yelling about how "This is total bullshit" then you sound like an ignorant child who is trying to tell people that they should do something where you have no right.

about a month and a half ago
top

BGP Hijacking Continues, Despite the Ability To Prevent It

AaronLS Re:BGP? (57 comments)

I think both sides of the argument are pretty mute anyhow. I don't think much is gained or lost either way you go.

I know what BGP is but I never memorized what the letters stand for. Even if we spelled it out, that barely scratches the surface of what it is and doesn't make the article anymore informative for someone not versed in what BGP is.

Yes, it is usually standard practice in any formal writing. Slashdot is hardly formal though, when Bennet gets to spout his half formed ramblings every week.

about a month and a half ago
top

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

AaronLS Re:PRIVATE encryption of everything just became... (379 comments)

"If only specific files, then simply decrypt those and host them separately"

You are the one who proposed hosting them unencrypted. I read and quoted exactly what you said. I don't have a reading problem at all.

" Decrypt, host separately... done."

Then again you say the same thing.

"A little file the thin clients grab as part of the login script."

You're the one who proposed access controls as part of your architecture. Go back and read your initial statement.

about a month and a half ago
top

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

AaronLS Re:PRIVATE encryption of everything just became... (379 comments)

PGP is an example of asymmetric encryption. You have to encrypt a copy of the payload for each receiver. This is why it's great for messaging, and exactly what I was talking about why its applicable only when sharing something between two people. Whenever you send a message to multiple parties, you have to encrypt a copy of the message separately for each receiver. When you try to apply this same technique to file sharing, it means potentially large files have to be duplicated to allow them to be encrypted with each receiver's key.

about a month and a half ago
top

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

AaronLS Re:PRIVATE encryption of everything just became... (379 comments)

"First rule of computer security is physical security."

Indeed. That's exactly why smart cards are superior. The private key is on the card, and the card is always physically with the owner.

Otherwise you have to lock your office and the cleaners can't do their job. Are they just gonna clean the hallways?

about a month and a half ago
top

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

AaronLS Re:PRIVATE encryption of everything just became... (379 comments)

" that is all you need."

No hardware is not all you need, you have to build an architecture and software platform. you said yourself:

"You have per client access rules and passively encrypt everything. What is more, the encryption keys can be held on office thin clients that transparently download the decryption engine and keys from an onsite server"

Someone has to do onsite key management. Either you are manually copying keys to each thin client, or your onsite server has ACLs that decide who gets what keys. It also needs to be able to integrate with the cloud storage to pull the upstream encrypted files, which means implementing whatever API is used to access the upstream server. Most small businesses I know, even if they have a couple programmers, aren't skilled enough to grasp these web APIs.

about a month and a half ago
top

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

AaronLS Re:PRIVATE encryption of everything just became... (379 comments)

"Decrypt, host separately... done."

Then anyone at the hosting company can access the decrypted files. You're just describing the same process in use today that is vulnerable to all the problems we were addressing above. You missed the whole point of the discussion.

about a month and a half ago
top

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

AaronLS Re:PRIVATE encryption of everything just became... (379 comments)

"Your private key is useless for securing information originating from you, since your public key is, well, public."
"Your private key is useless" ... " since your public key is, well, public."
You are arguing the private key is useless because the public key is public. That is utter nonsense. Your private key is not useless. The whole point of public/private key pairs is that one is public and the other is private.

With assymetric encryption, the sender uses their private key, and the receiving party's public key. The process creates an encrypted payload that only the receiver can decrypt. This is a good place to educate yourself on how public-key cryptography works, aka assyemtric encryption: http://en.wikipedia.org/wiki/P...
"Public-key encryption, in which a message is encrypted with a recipient's public key."

"'combining your private key and their public key' statement is nonsense"
No you idiot, that's exactly what asymmetric encryption is. You need to educate yourself before you start telling people what is nonsense.

I have implemented several forms of asymmetric encryption leveleraging Bouncy-Castle Crypto libraries, and have done extensive reading of the RFCs related to these processes.

You also don't understand symmetric encryption but enough time wasted on you.

about a month and a half ago
top

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

AaronLS Re:PRIVATE encryption of everything just became... (379 comments)

It doesn't. As far as I can tell from his vague description of XOR'ing "random bits" with "nonrandom bits", he's talking about a very specific mode of using AES, which is OFB or CTR. In both cases it is clearly documented that reusing the key stream would destroy security. As long as you follow the specification for these modes it is secure.

about a month and a half ago
top

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

AaronLS Re:PRIVATE encryption of everything just became... (379 comments)

Someone could probably make a business of exactly the architecture you describe, providing a small onsite appliance that does this orchestration. So you use their cloud storage solution, and they provide an architecture that guarantees only your onsite appliance has the keys capable of decrypting the data.

about a month and a half ago
top

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

AaronLS Re:PRIVATE encryption of everything just became... (379 comments)

"What is more, the encryption keys can be held on office thin clients that transparently download the decryption engine and keys from an onsite server which likewise can serve both to remote users as part of their login script."

This would be a great architecture for a business when talking only about accessing data that is shared among employees.

However, if they want to share certain files with another business to remotely access the encrypted data, then you have to also share the encryption key to support client side decryption, and you encounter the same problem as before. There are certainly businesses that have moved the majority of their data storage to the cloud, but there are a greater number who haven't made that kind of commitment, and only use cloud storage for sharing certain files/data with business partners. You could host a local server that retrieves the data from the cloud, decrypts it using the onsite stored keys, and serves it to authenticated business partners. This would mean deploying onsite the your own implementation of a web API or website that provides the interface for third parties to login and access authorized data. Half the reason to move to the cloud is to avoid implementing, deploying, and managing this kind of infrastructure.

And of course for individuals sharing with other individuals, this approach doesn't work either.

Essentially, as even your example demonstrates, somewhere a central system must orchestrate access and decrypt the data or provide keys to clients. Moving that system onsite mitigates risk by putting it in your control and affording the business the opportunity to legally challenge information/search requests, but it also decreases the benefits of using the cloud since you've now moved a major piece of infrastructure back onsite.

about a month and a half ago
top

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

AaronLS Re:PRIVATE encryption of everything just became... (379 comments)

Not disagreeing with you, but want to clear up what it means to make cloud storage, or any type of server storage, secure and inaccesible from court orders:

In the case of dropbox, data is stored encrypted, but the server software holds the encryption keys so it can serve the data to clients unencrypted. This means subpeanas and other legal/law enforcement actions can access the data by going to the server operators, who likely will not challenge the order.

If you instead encrypt the data client side before you send it to the server, then everyone who accesses the data must also have the key.
What if you want to revoke access for one person? You have to download the data client side, decrypt/re-encrypt with a new key, reupload, provide key to remaining sharers. So this technique only really works for data that you do not share, i.e. just your personal stuff, and is essentially what people do now when they encrypt data before uploading it to dropbox.

Asymmetric techniques don't really apply here unless you're only sharing with one party. You combined your private key and their public key to encrypt the data, then only they can decrypt it. This does not work when dealing with 3 or more parties, unless some are going to share the same key for one side of the asymmetric encryption, in which case you're back to the same problem we had with sharing a symmetric key.

about a month and a half ago
top

MIT Removes Online Physics Lectures and Courses By Walter Lewin

AaronLS Re:Sexual Harassment shouldn't cost us knowledge (416 comments)

"shouldn't cost us knowledge"

Oh I comprehend, that he thinks the content belonged to "us". If it does, then he his welcome to setup hist own host and host that content. Nothing is lost if you exercised your right to make a copy under the CC license, assuming it was licensed that way. If not, then it didn't belong to us.

Who the fuck are you to say this or that entity is obligated to be your personal content host? It's not your fucking server. If I run a website, and I decide that an article is out of date and I take it down, that's might right as the owner of that server. Fuck you.

Content and knowledge are related, but are not the same. If someone stops delivering content, that doesn't mean the knowledge is lost.

What you don't comprehend is the distinction between having knowledge, and actually where it is hosted.

This is not like we've taken every written record of physics and banned it. 1) You are still free to host the content at your own free will. 2) That "knowledge" exists in many other forms, so even if was not licensed the knowledge is not lost.

about a month and a half ago
top

MIT Removes Online Physics Lectures and Courses By Walter Lewin

AaronLS Re:Sexual Harassment shouldn't cost us knowledge (416 comments)

So your point is, if twisted juuust right, any slashdot article can somehow be an opportunity for someone to bitch about Obama.

about a month and a half ago
top

MIT Removes Online Physics Lectures and Courses By Walter Lewin

AaronLS Re:Sexual Harassment shouldn't cost us knowledge (416 comments)

You don't own the content. You might have access to it under a CC license, but you don't own it. If MIT wants to take it down, that's their right. The fact that you think you should have some say in the matter is bullshit.

about a month and a half ago
top

Army Building an Airport Just For Drones

AaronLS Re:too expensive (48 comments)

That and "associated maintenance shops, administrative space, storage space, 5-ton bridge crane, oil/water separator, aircraft container and forklift storage, UAV runway, taxiway, access apron, oil and hazardous waste storage buildings, vehicle storage facilities, organizational vehicle parking, and overhead protection/canopy"

about a month and a half ago
top

Bellard Creates New Image Format To Replace JPEG

AaronLS Re:This solves what problem? (377 comments)

Servers always work to reduce bandwidth usage. Bandwidth is expensive when you're talking thousands of users.

Smaller images means faster transfer and faster load times, especially for mobile.

Just look at all the efforts put into bundling/compression/etc. Some companies go as far as reducing all their CSS class names to 3 or less characters. These have different purposes though not always directly related to bandwidth reduction. Bundling is more about reducing the number of HTTP requests than reducing bandwidth though, since it bundles multiple requests for CSS/JS into single request for each, because each HTTP request consumes server resources.

Usage is larger than it used to be as well. Now vast majority of people have a computer in their pocket at all times and access internet much more frequently than the age of desktops, when there was one computer per family accessed intermittently.

Many mobile data connections have lower bandwidth than traditional ground connections, although a few are faster.

As for as harddrives, the pervasiveness of digital cameras being on every phone in many pockets, means a tremendous increase in # pictures being taken. Storage on phones is higher $/gb than hard drives. Usually these make their way onto a server such as instagram or facebook, who each would be interested in reducing storage size, as the $/gb is high when you consider that data likely has at least two forms of redundancy.

about a month and a half ago

Submissions

top

Unlimited Food Stamps During System Outage

AaronLS AaronLS writes  |  about a year ago

AaronLS (1804210) writes "Electronic Benefits Transfer(EBT) card holders were allowed unlimited spending at some Walmart locations during an outage of the system that is used to determine spending limits. Some people hauling out multiple carts of groceries. According to system operator Xerox, there's an “agreed and documented process for retailers like Walmart to follow in response to EBT outage.” It is not clear whether or not Walmart followed this procedure or not, but Walmart spokesperson stated the decision was made to "contine[SIC] to accept EBT cards during the outage so that they could get food for their families.” Other retailers simply did not allow purchases during the outage. Xerox stated they would work to determine the cause and prevent future outages, but did not specifically state whether they would take steps to prevent unlimited spending during future outages.

Was this unlimited spending a flaw of the system and procedure, an intended procedure, or did Walmart simply not follow appropriate procedure? If Walmart took it upon themselves to allow unauthorized spending during the outage, why did they not at least impose a reasonable limit that would allow a family to get through the next day?

This news has already incited a lot of inflammatory and childish debate across the web from both those who are pro and anti-foodstamps, drowning out any intelligent analysis of the system/procedures that caused this event."
top

Disabling Java Recommended In Response to Vulnerability

AaronLS AaronLS writes  |  about 2 years ago

AaronLS writes "US-CERT is recommending that users disable Java in their browsers due to a 0-day vulnerability which US-CERT is "currently unaware of a practical solution". They indicate that the vulnerability is being actively exploited in the wild, and is available in exploit kits."
Link to Original Source
top

The HP Memristor Debate

AaronLS AaronLS writes  |  more than 2 years ago

AaronLS writes "(Note: I would have included links and appropriate formatting for quotes within the story, but I have searched and searched and found no guidelines in the FAQ or googling your site that indicate what formatting tags or HTML are valid for stories.)

There has been a debate about whether HP has or has not developed a memristor. It being something fairly different from existing technologies, and similar in many ways to a memristor, I think they felt comfortable using the term. However, there are those not happy about HP using that labeling. On the other hand, had HP created a new unique label, they would have probably gotten flack for pretending it's something new when it's not. What positive will come from the debate? Martin Reynolds sums it up nicely:

“Is Stan Williams being sloppy by calling it a ‘memristor’? Yeah, he is,” Martin Reynolds tells Wired. “Is Blaise Moutett being pedantic in saying it is not a ‘memristor’? Yeah, he is. [...] At the end of day, it doesn’t matter how it works as long as it gives us the ability to build devices with really high density storage.”"

Link to Original Source
top

Compromised Steam Data Included Credit Card Info

AaronLS AaronLS writes  |  more than 2 years ago

AaronLS writes "Steam has released additional information about a previous security breach, indicating that with the help of third party security experts they have determined no passwords were compromised, but billing information and credits cards were compromised. This information was encrypted, but no details were given on the level or type of this encryption, which would be significant since the attackers would have free reign to throw as much computing power at trying to decrypt the data, either through brute force guessing of the key or other means if the encryption has weaknesses. Also of significance, would be whether all the data shared the same key, or if each user's billing information was encrypted with a different key."
Link to Original Source
top

Flash Density Increasing w/25nm Triple Level Cells

AaronLS AaronLS writes  |  more than 4 years ago

AaronLS (1804210) writes "StorageReview.com has a story indicating Intel and Micron planning production this year for Triple Level Cell flash on 25nm Lithography. This means that 3 bits instead of 2 can be stored in each cell, and the smaller 25nm Lithography generally allows more cells to be fit in the same area.
  This combination should provide a considerable improvement to the density, and hopefully cost, of flash based storage. Read more at StorageReview.com: http://www.storagereview.com/intel_and_micron_announce_25nm_triple_level_cell_nand"

Link to Original Source

Journals

AaronLS has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?