> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Tom Metro
>
> > You seem to think there's an obstacle which isn't really real -
> > Encryption is very cheap computationally, so cheap indeed it can be
> > done by the disks themselves.
>
> Yes, disk that have hardw
Edward Ned Harvey (blu) wrote:
>>Tom Metro wrote:
>> I imagine it would be challenging to pull off encryption well with
>> appliance hardware. The first problem is getting the software to do
>> it. (Plus all the automation you've previously discussed to set up
>> the keys on boot.) The second chal
On 7/9/2015 10:05 PM, Derek Atkins wrote:
Does this $2239 price include the 8 drives?
Yes: "with 8x3TB". The empty chassis is about $1K.
WOW!!! Your electricity is EX..PEN...SIVE! Assuming my math is right,
The $1600/year figure includes ISP cost. Yeah, I worded that poorly.
Actual elec
> What puzzles me is what people are doing at home to use up all that
> disk space.
My music collection is about 150GB. I like to keep 3 copies of everything so
there’s 450GB. I don’t keep a copy offsite in the cloud just because of it’s
size. I keep one copy on a USB drive in a fire proof s
On Thu, Jul 09, 2015 at 10:05:14PM -0400, Derek Atkins wrote:
> > It
> > pulls up to 250W so it will cost a little more to power so somewhere
> > around $4000 the first year and $1600/year to operate.
>
> WOW!!! Your electricity is EX..PEN...SIVE! Assuming my math is right,
> 250W is 1kWh ever
Rich,
On Thu, July 9, 2015 7:50 pm, Richard Pieri wrote:
> If you want to step up to something a little more enterprise-y, a
> Synology DS1815+ with 8x3TB is currently $2239 on Amazon right now.
Does this $2239 price include the 8 drives?
> It
> pulls up to 250W so it will cost a little more
On 7/9/2015 10:47 AM, Rich Braun wrote:
I think I'm digressing from original topic by a substantial margin,
but eventually those of us who fancy bigger NAS boxes for our homes
will turn our attention to cloud-based equivalents.
I don't think so. As capacity (or desire for capacity) grows, the n
Jack Coats wrote:
> Rich, your post reminded me of this sticker I saw:
>
> (There is no cloud, it's just someone else's computer)
;-) Amusing but not quite a precise description of the dominant industry trend
happening to data centers. The "cloud" is actually software-defined and
software-impl
On 7/9/2015 9:55 AM, Derek Atkins wrote:
However. (and this is the big gotcha)... the certification does
not talk about HOW the crypto is used! For example, if you're running
disk encryption the *crypto* can be fully FIPS compliant, but it could
still do something stupid with the FIPS-cert
Richard Pieri writes:
> On 7/8/2015 10:23 AM, ma...@mohawksoft.com wrote:
>> The problem with internal drive encryption is getting any level of
>> disclosure and accountability.
>
> This is simply not true.
>
> FIPS security profiles are public record. Here's the security profile
> for the crypto
Yay, I started a flame war. :-D
(Sorry).
Anyway, if anybody cares, I'm not a cryptographer but I am a pro crypto
developer. The difference is you're a mathematician who understands how to
design a good s-box, versus you're a software developer who understands the
correct usage of all the crypt
Rich, your post reminded me of this sticker I saw:
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
Rich Pieri wrote:
> Paranoia is an
> irrational fear. We should not be paranoid. We should be rational about
> security.
On this flogged-to-death topic, I finally spotted a statement that I can agree
with (the other) Rich on! Brought a smile to my face.
A lot of the statements in this heated d
On 7/8/2015 9:32 PM, Daniel Barrett wrote:
Oh, please. Nobody actually believes that open source scrutiny will
find *every* security problem.
You know what? I honestly thought that there was no way that anything as
ubiquitous as BASH could have bugs more severe than edge case
inconveniences.
On July 8, 2015, Richard Pieri wrote:
>All of us... well, most of us anyway, myself included, were blinded
>by the illusion [that open source affords more assurance than closed
>source]. We believed if there were problems then "some smart people"
>would have noticed them and fixed them because that
On 7/8/2015 4:47 PM, ma...@mohawksoft.com wrote:
There are a lot of moving parts. Take for instance, the AES encryption
algorithm. This is a known quantity and you can "trust" that it works when
given any two independent implementations of it can encrypt/decrypt.
Yes. And this is one of the w
On Wed, Jul 08, 2015 at 04:47:19PM -0400, ma...@mohawksoft.com wrote:
>
> "trusting" that a closed system like encrypted hard disks is probably OK,
> but if you are paranoid, it isn't. We should all be paranoid.
>
Always remember: "trusted system" means that you have to trust it,
not that you ha
> On 7/8/2015 3:19 PM, Chuck Anderson wrote:
>> Sorry, I call BS. My point was that having access to source code is a
>> prerequisite. If you don't have access to the source code, it becomes
>> MUCH harder to audit because you are limited in the techniques you can
>> use, such as black box testin
On 7/8/2015 3:19 PM, Chuck Anderson wrote:
Sorry, I call BS. My point was that having access to source code is a
prerequisite. If you don't have access to the source code, it becomes
MUCH harder to audit because you are limited in the techniques you can
use, such as black box testing. If you h
On Wed, Jul 08, 2015 at 11:53:35AM -0400, Richard Pieri wrote:
> On 7/8/2015 11:06 AM, Chuck Anderson wrote:
> >I think this whole discussion revolves around choice. With open
> >source, I have a choice to audit the code if I so desire, or to hire
> >someone to do so on my behalf. With internal d
On 7/8/2015 1:18 PM, Derek Martin wrote:
But it does not matter; you asked if I know any such people; you did
not ask me to prove it. Moreover, MY trust depends neither on my
ability nor my willingness to prove my trust TO YOU.
My willingness to trust you does. Your claim is that open source i
On Wed, Jul 08, 2015 at 12:08:13PM -0400, Richard Pieri wrote:
> On 7/8/2015 11:47 AM, Derek Martin wrote:
> Do you understand that you are doing the same thing that you accuse
> proprietary software of doing?
The world is full of proprieties--I am subject to some of them the
same as any of us are
On 7/8/2015 11:47 AM, Derek Martin wrote:
Yes, in fact. I can name some of the people who do that where I work,
though I will not do so, as it is not my place to disclose that
information. I can also identify, for instance, Robert Swiecki at Google,
because he was involved in some of the recent
On 7/8/2015 11:06 AM, Chuck Anderson wrote:
I think this whole discussion revolves around choice. With open
source, I have a choice to audit the code if I so desire, or to hire
someone to do so on my behalf. With internal drive encryption, I have
(almost) no choice but to trust someone else's j
On Wed, Jul 08, 2015 at 10:15:02AM -0400, Richard Pieri wrote:
> On 7/7/2015 6:26 PM, Derek Martin wrote:
> >The difference is, the software most of us rely on is open source, and
> >is known to have been inspected by some very smart 3rd parties who
>
> "Some very smart 3rd parties?" Can you actua
On Wed, Jul 08, 2015 at 10:49:40AM -0400, Richard Pieri wrote:
> On 7/8/2015 10:23 AM, ma...@mohawksoft.com wrote:
> >The problem with internal drive encryption is getting any level of
> >disclosure and accountability.
>
> This is simply not true.
>
> FIPS security profiles are public record. Her
On 7/8/2015 10:23 AM, ma...@mohawksoft.com wrote:
The problem with internal drive encryption is getting any level of
disclosure and accountability.
This is simply not true.
FIPS security profiles are public record. Here's the security profile
for the cryptographic module used in several of Se
>> From: John Abreau [mailto:abre...@gmail.com]
>>
>> "Edward Ned Harvey (blu)" writes:
>>
>> > You seem to think there's an obstacle which isn't really real -
>> > Encryption is very cheap computationally, so cheap indeed it can be
>> > done by the disks themselves.
>>
>>
>> Â On Tue, Jul 7, 2015
On 7/7/2015 6:26 PM, Derek Martin wrote:
The difference is, the software most of us rely on is open source, and
is known to have been inspected by some very smart 3rd parties who
"Some very smart 3rd parties?" Can you actually name any of them? I
mean, can you name the specific people at Red H
"Edward Ned Harvey (blu)" writes:
>> From: John Abreau [mailto:abre...@gmail.com]
>>
>> "Edward Ned Harvey (blu)" writes:
>>
>> > You seem to think there's an obstacle which isn't really real -
>> > Encryption is very cheap computationally, so cheap indeed it can be
>> > done by the disks them
> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Derek Martin
>
> The difference is, the software most of us rely on is open source, and
> is known to have been inspected by some very smart 3rd parties who
Au contraire. How did I know this was going to turn into a
On Tue, Jul 07, 2015 at 09:22:19PM +, Edward Ned Harvey (blu) wrote:
> It seems silly not to trust the disk to do encryption, when you'd
> trust some software that you equally haven't decompiled and
> inspected.
The difference is, the software most of us rely on is open source, and
is known to
> From: John Abreau [mailto:abre...@gmail.com]
>
> "Edward Ned Harvey (blu)" writes:
>
> > You seem to think there's an obstacle which isn't really real -
> > Encryption is very cheap computationally, so cheap indeed it can be
> > done by the disks themselves.
>
>
> On Tue, Jul 7, 2015 at 1:1
On 7/7/2015 1:50 PM, Bill Bogstad wrote:
Unless the FIPS certifying agency does code audits,
Which it must:
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
Source code examination is a requirement for FIPS 140-2 cryptographic
module certification with higher security levels req
"Edward Ned Harvey (blu)" writes:
>
> > You seem to think there's an obstacle which isn't really real -
> > Encryption is very cheap computationally, so cheap indeed it can be
> > done by the disks themselves.
>
On Tue, Jul 7, 2015 at 1:14 PM, Derek Atkins wrote:
> I don't trust my disks to d
On Tue, Jul 7, 2015 at 1:31 PM, Richard Pieri wrote:
> On 7/7/2015 1:14 PM, Derek Atkins wrote:
>>
>> I don't trust my disks to do the encryption, mostly because there's
>> really no way to verify that it's doing it correctly, and the key
>> management gets a lot harder.
>
>
> Yes, there is a way
On 7/7/2015 1:14 PM, Derek Atkins wrote:
I don't trust my disks to do the encryption, mostly because there's
really no way to verify that it's doing it correctly, and the key
management gets a lot harder.
Yes, there is a way to verify that they doing it correctly. It's called
FIPS certificatio
"Edward Ned Harvey (blu)" writes:
>> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
>> Behalf Of Tom Metro
>>
>> I imagine it would be challenging to pull off encryption well with
>> appliance hardware. The first problem is getting the software to do it.
>> (Plus all the aut
> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> Behalf Of Tom Metro
>
> I imagine it would be challenging to pull off encryption well with
> appliance hardware. The first problem is getting the software to do it.
> (Plus all the automation you've previously discussed to set
Rich Braun wrote:
> I have two other requirements that at least until now have favored
> "build" rather than "buy": encryption at rest...
Good point. Thanks for the reminder.
I imagine it would be challenging to pull off encryption well with
appliance hardware. The first problem is getting the so
40 matches
Mail list logo