Just because something isn't surprising does not mean it isn't newsworthy.

Right. But for a dashboard (what I use it for) that will rarely be closed or refreshed, the size is unimportant.

The bigger issue is would he have been extradited to the US to face draconian charges for whistleblowing.

Perhaps they already knew about the location, but were looking for some appropriate cover to protect an asset. Further, the US military may wish to make ISIS fearful of using social media, which has been a powerful tool for them.

I'll stop my one-man boycott when they end the "love" campaign. It's quite disturbing that they're trying to substitute a cheap hamburger for love. It's a microcosm of what's wrong with this culture.

Anyone care to leave a comment as to why they're downvoting?

Didn't downvote myself but one-liners often are not popular in this community.

Are all positions flexible to work remote?

Perhaps by using homomorphic encryption?

http://en.wikipedia.org/wiki/Homomorphic_encryption

No. It is possible to do it without HE! Full HE is 10^12 slower than normal computations, so impractical yet.

In our case, the actual computations are done on the client

So if I have, say, 10,000 patients, and I want to sort them by name, or search for those whose names begin with 'D', I need to fetch them all first?

To be precise, when you dataset is large, you fetch about log(index_size)

More than the size of the data read (which I'm not sure how big would actually be) I'm more concerned about the latency. Isn't a lot of normal db server side operation now a fetch-from-db + do-calculation-on-client type operation?

And a compromise client can still pull data by running query against the server right? So is the primary improvement that one cannot use database tools to easily export the full dataset? If I know correctly isn't database with encryption support also do dumps and other full db operations encrypted too?

> I'm more concerned about the latency

Very valid concern. That is the bottleneck, and that was the first thing we've checked.

> Isn't a lot of normal db server side operation now a fetch-from-db + do-calculation-on-client type operation?

Not if you want to find something. Calculation-on-client is probably html rendering etc.

> And a compromise client can still pull data by running query against the server right?

Yes, but it's ok if you have millions of users, each with his own private data. It would probably cost too much to break into each client's computer (imagine a million bitcoin wallers with 0.1 bitcoin each).

Currently available databases, when used with encryption, store the key in memory. So, memory dump or mitm attack could help an attacker to collect the key.

No, you don't fetch them all. In fact, we tested search over encrypted archives of linux kernel mailing list w/o downloading that :-)

The server knows which pieces of the trees are you reading. That's all it knows.

It was my understanding that homomorphic encryption was not yet ready for deployment. I didn't see that mentioned in the too brief blog post.

What did you realize?

I believe he meant to imply that the government wants the ability to lean on the SSL cert companies.

And get rid of hallway usability tests.

Not sure why you think that. I have found getting feedback from team members before user testing finds a lot of low-hanging issues.

I'd be okay if it just said "usability testing". In my company that's just a part of the testing phase. But no way I'm just going to grab someone walking down the hall. I assume people are busy enough.

Is this meant to be taken literally? Fog Creek companies work remotely. How would you even physically grab someone in the hallway? As for how we do internal testing, we simply ask around on Slack and get a solid group of people to test for us before moving forward. Works out great.

> But no way I'm just going to grab someone walking down the hall. I assume people are busy enough.

That seems like a kind of joyless approach to life.