Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Ebola Does Not Require an "Ebola Czar," Nor Calling Up the National Guard

David Jao Re:As some one recently pointed out to me (287 comments)

Is there a death I haven't heard of? As far as I know, only one person has died of Ebola on US soil (Duncan), and he wasn't American by nationality; he's Liberian. Only one American (Sawyer) has ever died of Ebola, but not on US soil; he died in Nigeria.

12 hours ago
top

After Negative User Response, ChromeOS To Re-Introduce Support For Ext{2,3,4}

David Jao Re:Quite the opposite. Acer, Samsung, HP - all unl (183 comments)

Developer mode is often a pain to invoke. Oftentimes there's no way to boot developer mode by default -- you have to press a key combination to override the default, and you have to do it every single time you boot into developer mode. On the Chromebook Pixel it imposes a 30-second delay on you every time you boot into developer mode without pressing the key combination.

5 days ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

David Jao Re: Oh great (546 comments)

A quantum computer can brute force a password quadratically faster than a classical computer. This speedup is much slower than the exponential speedup that a quantum computer enjoys against RSA. Long passphrases are still very secure against quantum attacks.

about a week ago
top

Getting Into College the Old Fashioned Way: With Money

David Jao Re: Parent of University Frosh Twins: "Thank You" (161 comments)

To clarify, the goal is to be rich enough that I won't need to borrow money. I'm not implying that I insist on some sort of draconian no-debt stance. If I fail in my goal then sure, I'll borrow what's sensible. But I'm not starting out with debt as a goal. I can't see how car loans make sense under any circumstances. The basic purpose of a car is to get me from point A to point B safely and reliably. Such a car, used, costs well under $5000 in almost all localities. This is not a useful or interesting enough amount of money to be worth taking on debt.

about a month and a half ago
top

Getting Into College the Old Fashioned Way: With Money

David Jao Re: Parent of University Frosh Twins: "Thank You" (161 comments)

That's kind of my entire point. The market rate is the correct rate for economic optimality. A rate below market rate attracts far too many borrowers who would normally not merit a loan.

about a month and a half ago
top

Getting Into College the Old Fashioned Way: With Money

David Jao Not the old-fashioned way (161 comments)

The approach mentioned here may get you into college, and it may cost money, but it is not old-fashioned. The old-fashioned way to get into colleges with money goes something like this: "My dad is a trustee at Princeton, so I knew I would get in." If you have 2 million dollars to spend, endowing a faculty chair at a university is a much better bet than paying for high-priced consulting services.

about a month and a half ago
top

Getting Into College the Old Fashioned Way: With Money

David Jao Re:Parent of University Frosh Twins: "Thank You" (161 comments)

Need based tuition scholarships do not come close to explaining the extraordinary rise in tuitions. The real reason is decreased state funding (for public universities) and government-guaranteed student loans (affecting all universities).

Without student loans, colleges would only be able to charge what the market can bear. No entity can violate this ironclad law of economics. If families can't pay the amount of tuition that you charge, you're not getting that amount of tuition, period. Loan availability increases the amount that families can afford to pay. In principle, there is nothing wrong with this idea, and in fact if the free market were allowed to determine loan availability, the system as a whole would quickly converge onto the optimal amount of loan availability. Under this hypothetical free-market scenario, banks wishing to make student loans would have to vet their students properly and make sure with reasonable confidence that they will be repaid. If the free market were at work, there would be a natural market-based limit on the amount of loan money available, simply because not every student is going to represent a good investment.

Unfortunately, what we have right now in the student loan market is not even close to a free market. The dominant lender is the government, and even in the case of privately held student loans, the laws and regulations governing student loans are highly and artificially favorable to the lenders. To give just a few examples, unlike any other form of loan, student loans (including private loans) can almost never be discharged in bankruptcy; cannot expire from statute of limitations; allow the lender to garnish wages, tax refunds, social security, and disability payments without a court order; and repayment is guaranteed by the government, even if the borrower defaults (but the lender can still pursue the borrower for repayment even after the government makes them whole). The result of such amazingly biased and favorable laws is exactly what you would expect: lenders throw money at students far out of proportion to the actual amount of money that it would make economic sense for them to lend under ordinary circumstances. Having this much money supply available in the system is then the primary factor that enables and allows ridiculous increases in tuition.

I don't have school age children yet, but I will soon. I have no intention of taking out loans or making them take out loans, no matter how hard it is to achieve this goal. I would love to compete on a level playing field with other similarly responsible parents, but unfortunately I'm not going to have that chance. Instead I'm going to have to compete with irresponsible borrowers who have borrowed way more money than anything that remotely makes sense for them to borrow.

about a month and a half ago
top

Wi-Fi Router Attack Only Requires a Single PIN Guess

David Jao Re: Wireless security (84 comments)

If you're using client certificates for authentication, and an attacker obtains the server cert, then the attacker can successfully fool you into thinking that you have connected to the real server, but the attacker cannot successfully fool the real server into thinking that you have connected to it. This kind of "half-MITM" attack is not usually thought of as a full MITM. The authentication protocol uses a challenge/response protocol which incorporates ephemeral keys and hence is not portable even between two entities both holding the same server cert. That is, if A and B both have the server cert, and A challenges C, and B obtains C's response to A's challenge, B cannot then impersonate C to A, since B does not know either C or A's ephemeral DH keys. Even if the attacker just blindly proxies between the real server and the real client, it won't work; in this case the communication would just be a real connection that the attacker can't decrypt or alter in any way thanks to forward secrecy.

about 2 months ago
top

Wi-Fi Router Attack Only Requires a Single PIN Guess

David Jao Re: Wireless security (84 comments)

Having all their traffic to and from one server is not as devastating an attack as having their password. For one thing, users tend to re-use passwords across multiple sites. I'm sure you can think of plenty of other reasons why client certs are at least *slightly* safer than username/passwords.

about 2 months ago
top

Wi-Fi Router Attack Only Requires a Single PIN Guess

David Jao Re: Wireless security (84 comments)

The idea is defense in depth. If server cert validation fails for any reason and you're using passwords, the enemy learns all your secrets. With client certs your master secret remains safe even if a single session is compromised.

about 2 months ago
top

Dropbox Caught Between Warring Giants Amazon and Google

David Jao Re:How about storage that cannot be read by the NS (275 comments)

Tarsnap offers NSA-proof cloud storage and provides all the source code for all the client programs to back up their claims (in fact the installation is only available in source code form). But it costs way more than the competition.

about 2 months ago
top

Microsoft Surface Drowning?

David Jao Re:The problem of Microsoft (337 comments)

You often can't customize your own install without breaking the law. The GP post specifically mentioned OEM Windows licenses as a way of getting cheap Windows licenses. This is no accident: OEM licenses are the only way to get cheap Windows licenses. Any sort of enterprise license will be far more expensive. But an OEM license is the least customizable of all the options. You can't even legally install an OEM licensed copy on any other machine other than the individual machine that the software came with, since an OEM license is tied to an individual machine. To get a custom install starting from an OEM copy, you can't just make one custom version and install it on all your machines; that kind of activity is specifically forbidden by the terms of the OEM license. You'd have to spend 30 minutes individually on each and every machine in your organization if you go the OEM license route and you don't want to break the law. Those 30 minutes of staff time are way more expensive than the bare-bones OEM license cost. Alternatively, you could purchase an enterprise license, but now we're no longer talking about cheap Windows licenses, we're talking about very expensive Windows licenses.

So, yes, you can customize Windows installs, but it's much more expensive to do so in any legal way, since you need an enterprise license, which really does cost ridiculous amounts of money. There is no cheap way to get customizable Windows. Even then, it's a bit of a hassle compared to Linux.

about 2 months ago
top

Microsoft Surface Drowning?

David Jao Re: The problem of Microsoft (337 comments)

It's not the price (free or pay). It's what you can do with the software. Apple software is still subject to BSA audits. You can't distribute customized versions. Things are slightly better in that hardware support is uniform and there are no client access licenses, but you also encounter new problems like Apple dropping software support for your hardware. Free software is just better. The cost of purchasing the software is insignificant. The time and hassle saved by free software is the real jewel.

Microsoft and Apple are poor choices unless your (sysadmin, IT, and staff) time isn't worth anything.

about 2 months ago
top

Microsoft Surface Drowning?

David Jao Re:The problem of Microsoft (337 comments)

The Microsoft tax is not just about the monetary price of Windows. That's actually the least burdensome part of the tax. The real problem is the cost of license compliance. Most obvious are the direct costs: license management, purchase records, and receipt tracking. How much staff time are you going to spend on keeping track of Client Access Licenses? Is this expense worth it, when there are free platforms with no CAL requirements? I bet you didn't know the MS EULA gives the BSA the right to audit your premises at will. That's another huge overhead which simply does not exist with free software: A single small screw-up (almost inevitable, given the minuteness with which the audit is conducted) results in heavy fines plus having to pay the considerable costs of the audit. Compared to this insanity, anyone using exclusively free software can simply slam the door on the BSA and tell them never to come back unless they have a warrant.

Those are just the direct costs of compliance. The indirect costs of Microsoft's licensing model are something that even fewer users realize. You can't customize a distro and legally release the result to anyone outside of the organizational unit holding the license. You can't slipstream updates and legally distribute to outside parties. You can't create USB bootable media and legally release it to anyone else. Rescue discs and installation discs customized for particular hardware are left to the mercy of your OEM. All of these restrictions cause considerable friction which slows down the agility of your business. If nothing else, it makes it very hard to outsource IT functions; at most, you can hire contractors who have to keep your OS software bits separate from everyone else's OS software bits. How can this situation possibly compare favorably to free software where anyone can create and share anything? It really can't.

about 2 months ago
top

Skype Blocks Customers Using OS-X 10.5.x and Earlier

David Jao Re:and linux aswell (267 comments)

Yeah, you're right, I logged out and now it's not working. Oh well, on to version 4.3. On the other hand, I have a hard time seeing this move as evil. Skype was already maximally closed-source. It can't get any worse.

about 2 months ago
top

Skype Blocks Customers Using OS-X 10.5.x and Earlier

David Jao Re:and linux aswell (267 comments)

Uh, what? I've been using Skype 4.0.0.8 on Linux (CentOS 6) for years. It still works. Nothing's been cut off.

about 2 months ago
top

Google Spots Explicit Images of a Child In Man's Email, Tips Off Police

David Jao Re:Hash Collision (790 comments)

Finding an incidental collision in SHA512 is newsworthy. SHA512 is an iterated hash function (more specifically, a Merkle-Damgard construction). Any iterated hash function has the property that a single collision can be leveraged to produce arbitrarily many collisions. A single collision would destroy the entire utility of the hash function for almost any application that depends on collision resistance.

about 3 months ago
top

Ask Slashdot: Where Can I Find Resources On Programming For Palm OS 5?

David Jao Re:SDK available here: (170 comments)

Following the link to the SDK gives a 404. Palm development tools were never readily available even when the platform was popular. Now they're almost impossible to find. Obstructing access to development tools is one sure-fire way to kill off a platform.

about 3 months ago
top

Western US States Using Up Ground Water At an Alarming Rate

David Jao Re:Should the United States accept more foreigners (377 comments)

10% of poor Americans are homeless. That alone renders all of the article's claims nonsensical on their face. There is no way that 97% of poor households have refrigerators.

about 3 months ago

Submissions

David Jao hasn't submitted any stories.

Journals

David Jao has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?