Skip navigation
Help

RSA

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.
Original author: 
Todd Hoff

This is an email interview with Viktor Klang, Director of Engineering at Typesafe, on the Scala Futures model & Akka, both topics on which is he is immensely passionate and knowledgeable.

How do you structure your application? That’s the question I explored in the article Beyond Threads And Callbacks. An option I did not talk about, mostly because of my own ignorance, is a powerful stack you may not be all that familiar with: Scala and Akka.

To remedy my oversight is our acting tour guide, Typesafe’s Viktor Klang, long time Scala hacker and Java enterprise systems architect. Viktor was very patient in answering my questions and was enthusiastic about sharing his knowledge. He’s a guy who definitely knows what he is talking about.

I’ve implemented several Actor systems along with the messaging infrastructure, threading, async IO, service orchestration, failover, etc, so I’m innately skeptical about frameworks that remove control from the programmer at the cost of latency.

So at the end of the interview am I ready to drink the koolaid? Not quite, but I’ll have a cup of coffee with the idea. 

I came to think of Scala + Akka as a kind of a IaaS for your process architecture. Toss in Play for the web framework and you have a slick stack, with far more out of the box power than Go, Node, or plaino jaino Java.

The build or buy decision is surprisingly similar to every other infrastructure decision you make. Should you use a cloud or build your own? It’s the same sort of calculation you need to go through when deciding on your process architecture. While at the extremes you lose functionality and flexibility, but since they’ve already thought of most everything you would need to think about, with examples, and support, you gain a tremendous amount too. Traditionally, however, processes architecture has been entirely ad-hoc. That may be changing. 

Now, let’s start the interview with Viktor...

0
Your rating: None

Tim Lord met Jay Kim at the RSA Conference in an Francisco. Kim's background is in manufacturing, but he's got an interest in security that has manifested itself in hardware with an emphasis on ease of use. His company, DataLocker, has come up with a fully cross-platform, driver independent portable system that mates a touch-pad input device with an AES-encrypted drive. It doesn't look much different from typical external USB drives, except for being a little beefier and bulkier than the current average, to account for both a touchpad and the additional electronics for performing encryption and decryption in hardware. Because authentication is done on the face of the drive itself, it can be used with any USB-equipped computer available to the user, and works fine as a bootable device, so you can -- for instance -- run a complete Linux system from it. (For that, though, you might want one of the smaller-capacity, solid-state versions of this drive, for speed.) Kim talked about the drive, and painted a rosy picture of what it's like to be a high-tech entrepreneur in Kansas.

Share on Google+

Read more of this story at Slashdot.

0
Your rating: None

Aurich Lawson / Thinkstock

Encryption, the transformation of data into a form that prevents anyone unauthorized from understanding that data, is a fundamental technology that enables online commerce, secure communication, and the protection of confidential information.

Encryption algorithms are the mathematical formulae for performing these transformations. You provide an encryption algorithm with a key and the data you want to protect (the plaintext), and it produces an encrypted output (the ciphertext). To read the output, you need to feed the key and the ciphertext into a decryption algorithm (sometimes these are identical to encryption algorithms; other times they are closely related but different).

Encryption algorithms are designed so that performing the decryption process is unfeasibly hard without knowing the key.

Read 55 remaining paragraphs | Comments

0
Your rating: None


A representation of how TLS works.

Nadhem J. AlFardan and Kenneth G. Paterson

Software developers are racing to patch a recently discovered vulnerability that allows attackers to recover the plaintext of authentication cookies and other encrypted data as they travel over the Internet and other unsecured networks.

The discovery is significant because in many cases it makes it possible for attackers to completely subvert the protection provided by the secure sockets layer and transport layer protocols. Together, SSL, TLS, and a close TLS relative known as Datagram Transport Layer Security are the sole cryptographic means for websites to prove their authenticity and to encrypt data as it travels between end users and Web servers. The so-called "Lucky Thirteen" attacks devised by computer scientists to exploit the weaknesses work against virtually all open-source TLS implementations, and possibly implementations supported by Apple and Cisco Systems as well. (Microsoft told the researchers it has determined its software isn't susceptible.)

The attacks are extremely complex, so for the time being, average end users are probably more susceptible to attacks that use phishing e-mails or rely on fraudulently issued digital certificates to defeat the Web encryption protection. Nonetheless, the success of the cryptographers' exploits—including the full plaintext recovery of data protected by the widely used OpenSSL implementation—has clearly gotten the attention of the developers who maintain those programs. Already, the Opera browser and PolarSSL have been patched to plug the hole, and developers for OpenSSL, NSS, and CyaSSL are expected to issue updates soon.

Read 13 remaining paragraphs | Comments

0
Your rating: None