Slashdot Mirror


User: SanityInAnarchy

SanityInAnarchy's activity in the archive.

Stories
0
Comments
12,413
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,413

  1. Re:A slight oxymoron here. on Secure File Storage Over Non-Trusted FTP? · · Score: 1

    Well, I suppose that should be:

    Winning the lottery, and then getting killed by lightning...

  2. Re:A slight oxymoron here. on Secure File Storage Over Non-Trusted FTP? · · Score: 2, Informative

    Lol.. If your going to pay for insecure redundancy, why not consolidate the expense and use a secure solution from the start?

    That's assuming a "secure solution" exists. I think I adequately proved that such a "secure solution" is at least as impractical -- it pretty much involves a machine that you've configured running in the apartment of someone you trust not to let it be physically tampered with.

    Your missing the point, FTP isn't secure. You transmit the user name and passwords in plain text.

    Yeah, I got that. So what?

    And even though crypto is pretty good, it isn't fool proof nor it is impossible to break.

    Fine then -- so suppose I use your "secure solution" from the start, and I'm using rsync over ssh to a machine in my friend's apartment.

    What's to stop them from cracking the SSH?

    After checking your credentials, making sure you as well as your server is in the US and under the US's jurisdiction, yes, I probably would. I'm not against a remote backup,

    Neither am I.

    Suppose for a moment that you wouldn't. Does encrypting the files start to make sense?

    If you're already encrypting the files, SFTP doesn't buy you a lot over FTP.

    Well, there are some things that you have to trust that ethic laws and plain old laws will stop someone from doing something.

    Unless my files are encrypted. Then I don't actually have to trust "ethic laws" or "plain old laws" -- short of being myself kidnapped and waterboarded, I'm safe.

    AES 256 is something like 10^(76) possible answers which is huge. But by breaking down the possibilities, you have a better chance of getting lucky.

    Right. But let's do the math. Assume a million computers:

    10^76 / 10^6 = 10^70.

    Is it really that much more likely that you will get lucky with 10^70 possibilities than with 10^76?

    when you divide the pool down to the number of nodes, you could end up with it being within the first day of calculation.

    Right. Still isn't going to happen.

    See, Quantum Physics also predicts that it's entirely possible that every molecule in your body could simultaneously jump a foot to the right. It's just so ridiculously improbable that, in fact, no one has ever seen it happen -- and no one ever will.

    Let's assume, for the moment, that each compromised machine has a dual-core 2 ghz chip -- likely far less on most, but let's just assume. Assume 1.5 million of them. Assume that it takes only one cycle to attempt one key -- it doesn't, but pretend it does. And assume that threading is perfect -- you can keep both cores warm -- you can't, but pretend you can.

    Note that all of these allowances are in your favor.

    So, that's 2 ghz = 2 billion operations, times 2 cores per machine, times 1.5 million machines. By my count, that's 6 quadrillion tests per second. That's a lot, right?

    Let me give you some more numbers: 60 seconds per minute, 60 minutes per hour, 24 hours per day, 365 days per year. So, a little over 31.5 million seconds in a year.

    It will take 52849653306274315810851830343929408752938685099409408 years to search that keyspace.

    That also means that the probability of a hit in the first 100 years, assuming that the key could be anywhere in the keyspace, is approximately 0.00000000000000000000000000000000000000000000000000189216 -- percent.

    Adjusting for Moore's Law, and assuming that we'll have 2^(2*50) = 2^100 times more power by then -- and then, to make the math simpler, assuming we have that kind of power from now until then -- it's still about 0.0000000000000000000023986 -- again, that's a percentage.

    I keep trying to make your odds better, and I still can't get anything remotely realistic to suggest that even if a botnet were devoted full-time to cracking my personal backup, that there's even a reasona

  3. Re:Sometimes the correct answer is the simplest on Why Corporates Hate Perl · · Score: 1

    My editor make spaces visually obvious to me, so this probably wouldn't even be saved. Does negative time count?

    Disclaimer: I write Ruby, not Python. I do, however, use haml, and I'm seriously considering Lazibi -- the indentation is one of the things I miss from Python.

  4. Re:Sometimes the correct answer is the simplest on Why Corporates Hate Perl · · Score: 1

    As Talderas says, there's always use strict;

    And what you're talking about is a language enforcing a coding standard -- particularly syntax-wise -- which just strikes me as a bad idea, especially considering that if the only thing forcing you to write maintainable code is a stricter language, it's going to surface in other ways.

    If you look at The Daily WTF, you'll find that there's pretty much equal opportunity f*cked up code.

    Yes, Perl makes it easy to write such code, if you really want to. But it's ultimately your choice whether to write readable code or not, just as it's your choice whether to use ObjectWrapper.

  5. Re:Why banned on airplanes? on Japan Demands Probe of iPod Nano Flameouts · · Score: 4, Insightful

    If something's not essential, even if the chances are low of things going wrong, the risk (potential mass loss of life) usually dictates that the chance is just not worth taking.

    Depends how low.

    I would actually file this under the pseudo-Ben-Franklin-quote: "Those who would trade essential liberty for temporary security deserve neither."

    Ok, it's overkill -- iPods on planes is not essential liberty. But my point is, absolutely everything is a risk, and trying to cover every risk misses the point. For example:

    Now what airplanes could do with is lil USB ports to plug memory sticks in with lil headphone jacks so you can copy a bunch of mp3s to listen to during the flight if there really is demand for it.

    So now we'll find that there's both faulty and terrorist-created memory stick which burst into flames -- or which launch a virus which somehow makes its way into the navigation system, flying you into a building.

    If you're paranoid enough, everything's a risk. Since everything's a risk, the only way you know which risks you should care about is by calculating them -- what's an acceptable loss, which is the greater of two risks (and thus deserves more attention), and so on.

    By the way: You can't say "acceptable loss is 0", because then the math won't work. What you can do is start at, say, 99% probability of safety, and keep adding nines until you're happy -- realizing that each nine is going to cost you a fuckton of money and convenience, while providing no visible benefit -- after all, people don't notice when things work, they notice when they break.

    Again: If it's more likely that your plane's engine bursts into flame, knowing how much rigor they put into making sure that doesn't ever happen, I think you're pretty safe from your nano. If those odds scare you, you probably shouldn't be flying in the first place -- or going outside.

    Also, considering that there have been no major injuries or damage... How much of a risk is this, even if it did go off? How big of an "explosion"?

  6. Re:spontaneous combustion on Japan Demands Probe of iPod Nano Flameouts · · Score: 1

    ...Yeah, pretty much.

    Well, I'm not gerf, but I agree with them.

  7. Re:Nexenta on OpenSolaris From a Linux Admin and User Perspective · · Score: 1

    Did you somehow miss me saying I don't want to rehash this over and over again?

    And yet, here you are. If you really didn't, there's a solution: Don't push reply.

    Instead, you wrote quite a lot of rehashing here.

    Again, like many other areas I ran into with the distro, it locks you in and removes choice.

    I haven't seen anything in any of your other comments which lock you in to anything, or remove any choice, except this one, which I'm still not convinced of.

    In fact, maybe 30 seconds on Google, and here you go. Notice the section called "Rebuilding linux-restricted-modules" -- which isn't even required -- but if you really need to, it links to yet more detailed instructions on how to build them.

    Search terms were: custom ubuntu kernel howto. That was the third link down. Which raises the question: Are you even trying?

    Shuttleworth always says that Ubuntu "just works", yet the Hardy release was a very bad example of that.

    Again, citation needed. Because it did just work for me.

    What about it doesn't just work?

  8. Re:Nexenta on OpenSolaris From a Linux Admin and User Perspective · · Score: 1

    Yeah, sorry about that. Found that after I posted. (I get email notifications, which I've been following in chronological order.)

  9. Re:Nexenta on OpenSolaris From a Linux Admin and User Perspective · · Score: 1

    I think I may have to bring back my old sig. Here's what it said:

    If you're going to reply to this post, please read it first!

  10. Re:Nexenta on OpenSolaris From a Linux Admin and User Perspective · · Score: 1

    The bloat.

    Be specific.

    The crappy icons and "art".

    Matter of taste, and it's a skin. Don't like it? Install your own!

    The shitty keyboard shortcuts that conflict with control characters.

    That can all be customized with K->System Settings->Keyboard.

    If you can't tell, you must not use computers.

    Ad-Hominim. Thanks for the compliment.

  11. Re:A slight oxymoron here. on Secure File Storage Over Non-Trusted FTP? · · Score: 1

    Whats going to happen when it isn't there if you need it? Or that specific revision of it?

    Then I'll go to a different server, where I've also got them backed up. Or I'll notice that the file is gone (by auto-checking for it) before I have a catastrophic failure.

    Either way, I'm better off than with no backup, unless people are constantly deleting every single file.

    Well, fist of all, I wouldn't be under any illusion that any security was there at all.

    Erm, crypto is pretty good these days.

    With all that being said, no, I wouldn't trust you because I know how the security of FTP works.

    Assume for the moment that I'm using SFTP. Would you trust me then, any more than if I was using normal FTP?

    And yes, I would pay someone for a more secure backup that I could trust. Even if that backup person is me with a collocation somewhere.

    Unless that colo is, say, in the apartment of someone I trust implicitly, I don't really see how it improves things.

    A brute force attack on a AES-256 bit key spread out over a 1.5 million node bot net [informationweek.com] could get lucky a couple of times.

    Could it really? I don't actually know the mathematics on this.

    I do know that it would likely have no chance against, say, 4096-bit RSA.

    Now, generally, RSA isn't used to actually store the encrypted document -- that'd be AES. My point is, barring huge advances in quantum cryptography, I can probably trust that my data is safe. Even if a 1.5 million node bot net could compromise it, how long would it take? It'd be a hell of an expensive attack (considering that botnet could be used to generate revenue), which means I'd have to really have something of value, and they'd have to know.

  12. Re:Nexenta on OpenSolaris From a Linux Admin and User Perspective · · Score: 1

    Seems to range from vague:

    Fire up a Knoppix CD, or Kubuntu and you'll basically see a vanilla KDE desktop. They don't customize the packages, install addition patches, or do anything....

    (but no mention of what patches you'd like to see, what features you're actually missing...) ...from vague, to uninformed:

    They've gone out of their way to patch into their kernel sources a measure to stop you from using proprietary modules.

    Well, no, your problem was much simpler:

    it would not load the ATI module at all. It gave me an error about how it could not load the module because it was missing a restricted modules .deb package.

    So install the restricted modules .deb package. It's trivial. Or does that not work with a custom kernel?

    In fact, you're compiling your own source. Why not download the ATI drivers straight from ATI? If you're compiling a kernel, it might make sense to consider all kernel drivers to be your responsibility.

    It's worth mentioning that Ubuntu's focus is not on people hardcore enough to compile their own kernel. I think it still does a pretty good job at this.

    Kubuntu got KDE 4 shoehorned in, with what was universally reviewed as the worst KDE 4 packages out there.

    I can only assume you're talking about Hardy, in which KDE 4 was not considered stable. The stable Kubuntu Hardy featured KDE 3.5.

    Shuttleworth said it was okay to have such a buggy major release because these things get patched.

    If true, he's probably making the same assumption I am -- that KDE 4 was not for users yet, and that these problems would probably be patched by the time it actually was -- maybe Intrepid? ...from vague and uninformed, to outdated:

    Again, I think this was going on two years ago.

    That is, two years ago that you tried it. Obviously, the KDE4 stuff wasn't 2 years ago -- but then, I'm guessing you didn't try it.

    So much for that comment. Would you like to point me to another?

  13. Re:Nexenta on OpenSolaris From a Linux Admin and User Perspective · · Score: 1

    Kubuntu's KDE has bugs like mixing up Konqueror tabs contents, defaults I don't like and aren't easy to fix without a different installation at hand (And I wonder if some changes are still easy to revert) like the braindead "Firefox-like" layout in Konqueror, Strigi popping out when I don't care a shit about it...

    That's a start. I guess I'll have to look at how upstream does it differently, but for what it's worth, I don't mind Konqueror at all the way it's currently laid out.

    And "mixing up Konqueror tabs contents", I've honestly never seen. Not once.

    I wonder why I should _fix_ something that is just fucking what upstream provides the way I want.

    I've never been happy with what any upstream provides, or what any distro provides. I either try to find someplace that's just a bit off of the defaults so I can remember it, or I carry around my home folder for half a decade.

    There are reasons other than KDE that I like Ubuntu, and prefer it over vanilla Debian.

    Of course, if I was more of a C programmer, and I was particularly unhappy about what upstream provided, source-wise, I would probably still be on Gentoo. But I think my (very limited) Kernel-hacking days are over.

    Strigi popping out when I don't care a shit about it...

    Citation needed. I don't have Strigi installed at all.

  14. Re:Nexenta on OpenSolaris From a Linux Admin and User Perspective · · Score: 1

    Just look for previous posts (like the ones I've listed above).

    Actually, no, you haven't. That's one of the things I was asking for -- if you don't want to repeat yourself, link me to one of your oh-so-unfairly-modded posts. I promise I'll read it.

    Trolls get off on pissing people off. I'm trying to avoid an argument. How the hell does that make me a troll?

    If that's really your intention, you are doing so pretty unskillfully.

    If anything you're trying to bait me, and frankly I could care less.

    First: Your grammer sucks -- unless that is intended to mean that you really do care a lot, and that you therefore could care less.

    The phrase is supposed to be "I couldn't care less." That way, it actually makes sense.

    And second, you've posted several times on this thread -- in reply to me, and to others. Obviously, you care enough to keep posting. You're just too lazy (or scared? Of what?) to post a real argument, so you're having a meta-argument.

  15. Re:Nexenta on OpenSolaris From a Linux Admin and User Perspective · · Score: 1

    they don't owe you anything at all.

    That's a strawman. I didn't say they owe me anything. Trolls don't owe me anything, either.

    But if you're just going to throw around blanket statements, without backing them up, you're just causing a lot of noise without a lot of signal. And to top it all off, the excuse for not backing it up is "I might be modded down!" (Oh no!)

    Which brings us to what you've done here, which is to drive it offtopic, while also saying inflammatory things. This wasn't a discussion of the moderation system, it was a discussion about various OSes and distros.

  16. Re:A slight oxymoron here. on Secure File Storage Over Non-Trusted FTP? · · Score: 1

    With no server side support you would have to transfer the entire contents of the file every time you you wanted to view the encrypted file.

    Erm... why? I don't have to read the entire contents of my encrypted partition every time I want to seek somewhere in it.

    Then if it isn't what you want, it would transfer all back.

    WTF?

    This kind of makes me question your understanding of computers beyond "This is a mouse."

    It's called copying. I download the file to view it, which is copying it -- if I didn't want it, I do not then have to re-upload the entire file -- it will still be on the server, because I copied it, not moved or deleted.

    That's probably not what you meant, but the way it's worded, it sure as hell looks like it.

    With plain FTP, it just gives you the header name so you can see the file is there in much the same way as ls or dir displays a directory listing.

    Right.

    If you want to view the contents, you have to download it

    FTP supports resuming a download. Even if it doesn't support specifying that you only need some tiny chunk of it, you can always close the connection (canceling the download) once that amount has been transferred.

    So no, you don't have to download the entire file.

    Same with HTTP -- only moreso; I believe you can request a specific byte range of a file.

    you can create a secure connection, have the server decrypt the files as needed

    Both of which assume you trust the server -- because the server now has unfettered access to your files.

    I don't know about you, but I'm a little more paranoid. I'd rather the server not be able to get at my files.

    render the contents in a viewer that transmits only the characters your looking at, at a time.

    Ok, first off, that is a retarded idea, if you're actually talking about characters (as in, chunks of a text file). Text is small enough, and compresses well enough, that it makes more sense just to send the whole file. It'll use more bandwidth, but it will perform much better, because you won't need a roundtrip to page down.

    I'll grant that it does make more sense for low-latency, low-bandwidth scenarios. But I can't think of such a scenario -- the only place where that bandwidth might matter is dialup, which tends to have a high latency, mostly because it has so little bandwidth that any other, simultaneous activity will saturate the connection and slow everything down.

    Second, as stated above, there's absolutely no reason you can't do this with encrypted files stored via FTP.

    You can even use server side support to open large archives or zipped files and present individual files within them.

    And you know what? You can use client-side support to do that, too!

    For a really impressive example, take HTTPFS -- you can mount an ISO over HTTP, and it's actually fast enough to browse files and such.

    The only place where this would matter is for things like tarballs -- in which case, you're forcing the server to read the entire archive from disk (probably decrypting it in the process) before sending pieces of it back.

    For an archive of any size where it'd make sense to do this, it probably makes much more sense to unpack the archive, or repack it as something like Zip, which is seekable -- and either situation puts us back to Square 1, where encrypted files over FTP can do the same thing.

    Now, given the question that was asked, I'm assuming it's massively easier for him to add client-side support for this than server-side support. Given what I've just explained above, you can get almost all the same features with client-side supports, and the only ones that would really benefit from server-side support (that you've mentioned) are a bad idea anyway.

  17. Re:If the model doesn't tell you on Getting Human Hands Back Into Digital Design · · Score: 1

    I seriously doubt that farts and shit rival the carbon emissions from even one tractor. Or combine.

  18. Re:Hooray Underdog! on RIAA Pays Tanya Andersen $107,951 · · Score: 1

    Can we switch to a less graphic metaphor now?

    No.

  19. Re:Flash on Why Is Adobe Flash On Linux Still Broken? · · Score: 1

    QuickTime is bloated crap.

    I'm not talking about the player. I'm talking about the format.

    there is no Linux version at all

    Yet mplayer will play MOV files just fine. In fact, so will every media player on my system, including Amarok.

    You mean they are jumping ahead of web standards?

    No, they are following proposed web standards.

    For some reason that reminds me an awful lot of another very popular web browser...

    You mean the one that just made shit up and pretended it was standard?

    Somehow, I don't see the similarity...

    Looks like you just wanted to bash Apple. I use Linux, Firefox and Konqueror. This was not a pro-Apple post.

  20. Re:Flash on Why Is Adobe Flash On Linux Still Broken? · · Score: 1

    Thanks! Good to know.

  21. Re:Flash on Why Is Adobe Flash On Linux Still Broken? · · Score: 1

    You say that the internet thrives on open standards and later go on to say how it isn't open and is thriving despite of it.

    Flash is not an open standard. The Internet thrives on open standards, and despite Flash. Clear enough?

    Your blame of Microsoft who, really, brought more people to the web than any other platform is seemingly blinding you.

    Citation needed.

    I am reading what you wrote and truly wanting to understand but you're not making it easy.

    Meet me halfway.

  22. Re:Flash on Why Is Adobe Flash On Linux Still Broken? · · Score: 1

    Do you know why that is? Flash is a full runtime, the player is their own. They can make the embeded player link to their site when you click on it, they can show branding on the UI, they can show related videos, or insert overlayed ads.

    Given that you can do all this with AJAX, I have one word for you: iframe.

  23. Re:Flash on Why Is Adobe Flash On Linux Still Broken? · · Score: 1

    1. Embedded video could be protected, but the level of protection is minimum, Flash does this well.

    DRM cannot work. Ever. Example:

    (try to Trace Youtube's videos)

    That's so easy it's automatic by now.

    This prevents or makes it harder

    Well, not really. See above.

    "Making it harder" is only a guarantee that someone will turn it into a script of some sort -- an extension, a Greasemonkey script, whatever.

    2. Potential revenue generator. Embeded video does not have a way to have Advertisements in it

    Yes it does.

    Flash allows you to natively feed in Links, Descriptions and Advertisements in a creative way.

    Which, again, can be done with the video.

    The difference is, you would put this in the surrounding HTML and Javascript, not in the flash widget itself.

    I think we should use HTML as what it was intended for

    And what would that be?

  24. Re:Flash on Why Is Adobe Flash On Linux Still Broken? · · Score: 1

    First, its browser support is weak.

    That's to be expected, it's new. Give it time.

    Second, you're dependent on the vagaries and codecs of whatever video player they happen to have installed

    Actually, no, it provides a standard interface to the player. The only concern is what codecs are installed, but I doubt it would be difficult to find a lowest common denominator.

    the YouTube player includes ads and dynamic UI elements, too.

    This can be done in HTML and Javascript -- better known as AJAX.

    Sure, they could switch now if they wanted to make their users jump through hoops

    I wasn't clear... By "switch now", I meant they could switch to progressively (de-)enhancing a video tag -- if it's not supported, replace it with the old Flash version.

  25. Re:Not really animation on Leaping the Uncanny Valley · · Score: 1

    I'm not even sure, listening to the pitch, whether anything was animated except where they made it obvious. So maybe all of it was real video...

    Although a fair amount of it did look uncanny.

    But yes, it's about motion capture, not about the graphics.