Slashdot: News for Nerds


Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Ask Slashdot: How Can We Create a Culture of Secure Behavior?

Dr. Crash Re:How is a password written down "worse than noth (169 comments)

Most people don't have a private, lockable office.

Most people don't even have an office that has a door.

They have a cubicle, and one without a lockable file drawer... (as though typical office furniture locks weren't jokes to anybody with two paper clips and the MIT Lock Picking Guide)

Some people don't even have a cubicle. Look at an "Open Architecture Office"... they have one two floors down. I'm not sure if I would pick that or pick McDonalds as better or worse.

That's the problem. You need to keep the security token (be it a yellow stickie-note or an RSA key) on your person, all the time.

And it still doesn't stop a good phish, or the next Heartbleed.

      - Dr. Crash

about 3 months ago

Ask Slashdot: How Can We Create a Culture of Secure Behavior?

Dr. Crash Strong passwords == useless (169 comments)

Strong passwords are useless - well, they're useful only against a brute-force attack and that's not the big threat anymore. A 64-character password is worth nothing against a phishing attack, and is worse than nothing if you have to write it down.

Maybe the cure is to have the incoming mail server destroy all clickable links (or point them at an internal "you will need to navigate to that URL manually" warning page, and simply delete anything executable.

about 3 months ago

3D Printing: Have You Taken the Plunge Yet? Planning To?

Dr. Crash I got a Velleman K8200 - and LOVE it. (251 comments)

I bought a Velleman K8200 ($750) essentially on "impulse", as
I have access to a StrataSys 3D printer at work and so it might
seem "redundant".

Guess what? I LOVE IT! Sure, there is no reason why I couldn't
make this or that by hand-carving it out of a solid block of acrylic,
or wait till Monday morning to run the parts on the StrataSys at work,
but now I can drop into OpenSCAD (or my wife can drop into Blender),
design the thing, hit "print", and then cook dinner while the machine
does the drudge work. A few minutes of hand clean-up later (mostly
reaming holes if we want snug fits) and the part is done- or more
likely, we decide we want to change it. Some parts go through
three or four iterations before we decide it's perfect. That's the
seductive part of 3D printing - the cost of a prototype approaches

I'm probably $1200 into this by now (filament goes typically for
$40 a kilogram, and some of the stuff like the extrudable rubber
and the water-clear, FDA-approved PET is almost twice that), but
darn it, this is fun!

Sure, you can spend a lot of bucks on the toolchain but you
absolutely don't have to spend anything at all. (Solidworks $8000?
Got it at work. Don't need it; OpenSCAD and Blender and FreeCAD
are adequate for me, and free for the download).

Yeah, my wife has dreams of making gee-gaws and knick-nacks to
sell at her conventions, but I'm happy to spin out replacement ladders
for my son's toy fire engine and custom rail crossings for his railroad, and
"companion cubes" and little unicorns for my daughters.... as well
as the occasional screen door handle, refrigerator shelf holder,
cellphone mount, consumer electronics case / case replacement,

Note- there's no "driver issue" - with rare exception, all cheap
3D printers all talk G-code via RS-232 or USB-TTY at 250,000
baud (yeah, nonstandard baud rate because most 3D printers are
based on Arduino cores, and that's one baud rate that has essentially
zero error due to CPU clock speed). The printer control "front panel"
is a big Python script (several options are there; Repetier-host and
Pronterface both are nice); the slicer that turns STL models into
G-code is open-source (I use Slic3r at home and Cura at work).

It's a big, big win. Really. I can sit down with one of my kids and
make something they want and have the printer spit it out while
we read a book or watch a show. Maybe every home doesn't
need one, but I'd rate it right next to "belt sander" in the home arsenal.

about 4 months ago

Dial 00000000 To Blow Up the World

Dr. Crash Actually, PAL wasn't the issue. (306 comments)

IIRC, the issue was that the US Navy fleet ballistic subs _always_ had the authority to launch on their own. The Air Force didn't like the idea that the navy was "trusted" but they weren't, so the PAL code was set to 00000000 and never changed (just like how the "war plan 1" and "war plan 2" control on a Minuteman control desk was never used).

And it's not just two guys turning keys. It's much more secure, really. Each silo has two guys who have to turn keys. But that doesn't launch the missile. It sends a message to all missile silos in the wing - and also ALL OTHER command silos in the wing that someone wants to launch a missile. If nobody else _also_ does a keyturn, the missile does not launch. After that message goes out, there is a time window where another silo MUST also do a keyturn to allow the missile to launch, and a _longer_ time window where _any_ silo in the wing can issue a "stand down" order (and other silos include silos that are off-duty, have no missiles under direct control (e.g. the usually-unused control silo three floors underground under the base commander's office), or are "air silos", like a control silo located in an aloft KC-135, with HF radio links rather than copper wiring).

Now, there is a thing called "sole survivor" where there's a rather long timer (90 minutes, IIRC) where a silo can launch on only one keyturn, but that requires that all other silos be silent for that entire timer period (but that also allows one silo to take over and control the entire missile wing).

Forgive me if I got any of this wrong, it's been 30 years since I read the manual.

But PAL wasn't to stop Broken Arrow scenarios. It's to satisfy Congress. The real protection against Broken Arrows was twenty thousand airmen all keeping their wits about them. I salute them.

about 8 months ago

Pre-Dawn Wireless Emergency Alert Wakes Up NYC

Dr. Crash Re:WTF? (382 comments)

If it means I get jolted awake by my phone SHRIEKING at the top of it's volume setting every third day sometime between midnight and 3 AM when I have to go to work the next morning, then YES, my sleep is more important.

Waking up five million people from a sound sleep once a week or so just isn't feasible; it's crying wolf and people will simply turn their phones off (which defeats the whole purpose of it). And it's not something you can set to low volume; at least on a Verizon Droid 3, even if it's set on vibrate, an alert blares at maximum alarm volume and with a particularly annoying shriek and you CANNOT set it to a lower volume; there is only "SHRIEK" and "ignore".

1 year,11 days

Pre-Dawn Wireless Emergency Alert Wakes Up NYC

Dr. Crash Same thing in Boston when the Alerts went live... (382 comments)

The same thing happened in the Boston area within a week of the alert system going live; we got two alerts in 48 hours, one at about 11 PM and the other at 2 AM; the whole Boston area got jolted awake by their phones shreiking at full volume.

Next day, everyone and their brother was scrambling to figure out how to TURN OFF THE $($(#( alerts.

Net result is that we've lost a possibly-useful resource. What should have happened is that there should be an "I'm mobile" test in the chain; Amber alerts should shriek at you only if you're actively moving right then.

1 year,11 days

Ask Slashdot: Video Streaming For the Elderly?

Dr. Crash Get them a used Wii (165 comments)

A used Wii ($99 at your local GameStop) loaded up with NetFlix and Hulu will do everything you need.

My three-year-olds can use it, and they can't even read.

It's also a heck of a lot cheaper than any of the other solutions, too, and it's totally zero-maintenance. And if/when they break it, it's a tiny cost
to just get a new one.

1 year,14 days

Orson Scott Card Pleads 'Tolerance' For Ender's Game Movie

Dr. Crash How about him simply _APOLOGIZING_? (1448 comments)

I hear a lot of words coming out of Card's mouth (or his keyboard;
little the difference).... and strange among this is that none of them
contain a simple _apology_.

An apology says:
  1) I was wrong
  2) I am sorry for what I did
  3) I will try not to do it again.

And ALL THREE of these parts are missing. He wants forgiveness,
but he's not willing to admit that maybe he was wrong, sorry for what
he did, or that he won't do it again!

Therefore, I will boycott Ender's Game, and encourage others to
do so as well. When it becomes available in a format that does
not put money into Card's (or his compatriots) pockets, such
as Netflix, then perhaps I'll see it.

Or perhaps not. I don't know yet, and I don't care.

1 year,18 days

Why Engineering Freshmen Should Take Humanities Courses

Dr. Crash Humanities Humanize? HAH!!! (564 comments)

(disclosure: I've been a student and I've been faculty. I write from the position of both)

Most of the STEM topics, even at the freshman level, are taught by people who *are* willing to consider that they've "got it wrong" - that their understanding of the subject is in fact incorrect or insufficient, and if someone - anyone - comes to them with a good reason to think otherwise, it's a learning opportunity for everyone. Sure, you need to show a good test case, but there's nothing like getting a full professor into the lab with you and an oscilloscope to really *learn*.

Most of the "humanities" topics are taught by people who fall to the "proof by authority" model; that because someone Respected says it's so, then it's so and any other viewpoint is simply incorrect. This point of view is especially rife in the Classics; given the finite set of source material (what remained after Alexandria burned), one can only mull so much, then it's all just rote learning. (I'll give a shout-out to sociologists here, because a lot of them at least try to do good science.)

What I still don't understand: how someone can get a four-year degree yet be unable to solve a simple system of linear equations (say, three unknowns)... and then consider themselves to be "well-rounded". Even two unknowns... and occasionally to my chagrin - ONE unknown. As in "didn't pass algebra". W. T. F. ??? Or not know the difference between mean, median, and mode? Or why light beams are a quarter as bright from only twice as far away... or how salt dissolves differently from sugar.

No wonder there's a glut of worthless college degrees on the market; rote learning without ability to reason is sufficient only to earn the title of "well educated slave", not "contributor to society".

We don't need more well-educated slaves. We need contributors.

about a year ago

U.S. House Wants 'Sustained Human Presence On the Moon and the Surface of Mars'

Dr. Crash Why go? (285 comments)

Kennedy had it right: "We choose to go to the Moon. We choose to go to the Moon, not because it is easy, BUT BECAUSE IT IS HARD."

Sometimes you have to push the envelope. And sometimes, that means good people have put their life on the line. Humans in general don't get really serious about things unless they have skin in the game. You have to get them interested. Call it STEM motivation. But one Apollo launch is worth a million laptops in some third-grade classroom.

Forget STEM. Let's think about JUST ONE question on Mars... one we cannot possibly answer inside Earth's atmosphere; only long-term exploration of the Martian surface will suffice: Is there life on Mars? The possible answers are "No", "Yes, a long time ago.", and "OH MY GOD IT'S EIGHT FEET TALL WITH SIX EYES AND IT WANTS TO SPEAK TO YOU SIR!"

Say it's "no" - there's no life on Mars, and never was. That tells us something important - Life is precious, life is delicate. Very important

Or there _was_ life on Mars: what kind of DNA did it have, if any?
Again, very important message: either DNA can fly thru space ("panspermia"- and we are _NOT_ alone) or it evolved separately-
and we are still NOT alone - but there's another way for life to happen!). ... or... if the physics are such that it couldn't have happened naturally, then (1) we are not alone, and (2) Mom is out there somewhere...

Or there _is_ life on Mars: Same messages above, plus a whole new and mostly untarnished ecosystem to understand. We have only 1.1 ecosystems here (I count the undersea "black smokers" as 0.1 ecosystem). Add another, and maybe we can make some understanding headway.

What will we need to invent? I don't know! Neither do you. Neither did Kennedy. And it wasn't velcro, Tang, and funny ballpoint pens that were important. It was things like radar, and heat-resistant materials (look up Carnot efficiency to understand why that's important), and lightweight sensors, and lightweight, fast electronics, and computational fluid dynamics, and finite element methods, and precision navigation, and ...

We went into 1960 as a species that, if you couldn't solve it with fifty guys with pencils, papers, and slide rules, we couldn't solve it. (that shot of a roomful of guys in white shirts with slide rules calculating like crazy in "Apollo 13" was real, dudes.)

We came out of Apollo as a species that, if the problem was important enough, we had the means, the methods, and (most importantly, the confidence) to throw as much computation as had ever been done in the whole history of the world, every second, at the problem.

Oh- and that computer you're reading this on? Doesn't matter what brand, what OS... Wouldn't have happened if it wasn't for deciding that we needed to solve those FEMs and CFDs needed for space flight.

Those solar panels? Every gram you put into space costs you about $500. You're damn right we're gonna go full-bore on making good solar panels, simply because it's cheaper to spend a hundred million bucks on the research than to loft one more overweight comsat.

That pretty weather report with satellite images? Never would have happened if the First Seven hadn't all been shutterbugs, taking photos of weather systems like they were all out for the Pulitzer Prize. Same with the GPS in your phone, or your satellite TV.

It's not what we know we will find. It's what we don't know that is the value.

about a year ago

Ask Slashdot: Why Buy a Raspberry Pi When I Have a Perfectly Good Cellphone?

Dr. Crash Try the Adafriut IOIO (273 comments)

The Adafruit IOIO gives you a bunch of analog and digital IO's, runs on
a battery, talks via Bluetooth, and comes with an Android dev kit
so you don't have to figure out the bit-banging interface.

The only downside is that it is limited to Bluetooth's bandwidth
and latency, which may or may not be compatible with your
other project requirements.

about a year ago

Can You Really Hear the Difference Between Lossless, Lossy Audio?

Dr. Crash The only way to know is to test. (749 comments)

You won't know until you test. So I did. Here's my results:

With the aid of my girlfriend, I tested myself to see just what I could tell apart. The test music was "Veteran of the Psychic Wars", by
Blue Oyster Cult, listening through some very high end Audio-Technica headphones I picked up in Akihabara earlier that year.
I tested:

16bit WAV (GRIPped right from the CD, 1440 Kbit equivalent)
320Kbit LAME ABR MP3
256Kbit LAME ABR MP3
192Kbit LAME ABR MP3
128Kbit LAME ABR MP3

I found that the WAV and the 320Kbit LAME were "different", but I couldn't tell which was better. So, dead heat. I could tell that the
256Kbit LAME encoding was pretty damn close, but not quite as clean (the snare drums were the giveaway). Anything less was
clearly not as good. 128Kbit was practically unlistenable when I A/Bed it against the WAV or 320Kbit, it was that bad.

So there; now when I rip my CDs I keep the .WAV and encode
at 320Kbit ABR

about a year ago

Meet the Very First Rover To Land On Mars

Dr. Crash Well, "impact". It never actually did anything (59 comments)

The PROP-M carrier vehicle made it down- but failed after 20
seconds. If the rover even deployed, we never knew it, and
we definitely never actually got data back.

about 2 years ago

Does Grammar Matter Anymore?

Dr. Crash Clarity trumps grammar (878 comments)

Grammar is just an aid to clarity- when the two conflict, geek rule is that clarity trumps grammar.

For example, consider the old format:

    Helen asked "How do you plan to do that"?

versus the newer:

    Helen asked "How do you plan to do that?".

The first form, although "grammatically correct" according to S&W, is ambiguous - did the speaker state that Helen asked a question, or ask if Helen did so? The second form is unabiguous; the speaker states that Helen asked a question.

about 2 years ago

Ask Slashdot: What's the Best Way To Deal With Roving TSA Teams?

Dr. Crash What I actually did, two weeks ago (PorterSq) (1059 comments)

I was entering the MBTA T station at Porter square about two weeks ago, and was accosted by a Massachusetts State Policeman.  He politely told me that I was "selected" for a search.

me: "And what does this search entail?"
him: "We swab the outside of your bag and look for explosive residues".
me: "And if I decline?"
him: "You'll have to leave the station."
me: [looking up thru the skylights at the nice day outside]
me: "It's a beautiful day.  Thank you officer, I think I'll walk."
him: "Have a nice day."
me: "You too."
..... and I turned, went up the escalators, and out of the station.

No problems, nobody followed me, shouted to me, nothing.
And no Gitmo team either.

I'd say, by demonstration and experiment, you can just decline
and walk out without any repercussions besides having to walk
to the next T station, which is usually about a 15 minute
walk away (worst case: catch a cab).

At least the supreme court has held that declining a search on
public property is not cause for arrest nor for a search.

more than 2 years ago

Setting the various household clocks ...

Dr. Crash I had to wait up til midnight (344 comments)

My bedroom alarm clock has broken set-the-time switches.

So I had to wait up till (new) midnight, and plug it in right then
so that it would be on time.

So, I set an alarm for myself to wake me up in time...

more than 2 years ago

Ask Slashdot: Best Way To Destroy Hard Drives?

Dr. Crash Gun, Bandsaw or Hydraulic Press (1016 comments)

Assuming the information on the hard drives is just PII, but not
covered by HIPAA or some other government regulation, there are
three quick and easy ways to destroy them that I've used. All three
work at the "I have $10,000 to spend to recover the data" level of
disk recovery (i.e. the NSA probably could pull some data and
so could the FSB or Mossad, but not your local script kiddie).

1) Gun. Take 'em to the firing range and "pop a cap in 'em".
Preferably several rounds each. The idea is to bend the
platters enough that they can't be easily read. Note that this
is step 1 in "military decommissioning". It is also a lot
of fun.

2) Bandsaw. Cut the disks in half. This is much less fun
than it seems; you will spend more time than you expect
doing this. Wear eye and ear protection. Your local high
school or tech/voc probably has a bandsaw you can use.
Don't cut right through the hub, as the hardened steel ball
bearings will really mess up the blade. Cut to the side of
the hub only. DAMHIK.

3) Hydraulic press. This is what we currently use at work.
Just push a 4 cm. steel bar endwise through the middle of
the disk drive till it comes out the other end. We use a
20-ton press (from Harbor Freight - it's cheap enough
that we don't care), with both hand and pneumatic pumps, and
we can decommission a disk in about thirty seconds,
without even having to remove it from the server cage
sheet metal. Most machine shops as well as the
tech-voc highschool will have a hydraulic press in this

more than 2 years ago

What's the Carbon Footprint of Bicycling?

Dr. Crash Average Commuter != Tour de France competitor (542 comments)

Major bugs in the assumptions of this paper: they assume the
average commuter can do 14 MPH on an unassisted bicycle,
that personal time is valueless, and that bicycles are as safe
as cars.

I ride in Cambridge near MIT, and when I was in *decent*
shape (i.e. doing half-century rides back-to-back) I was lucky to
peak at 17 MPH and maintain an average of 10 MPH during traffic.
I'm sure a Tour-de-France competitor could maintain 14 MPH in
traffic, but I don't think an average Cambridgeite could come close.

They further assume that the person's time is valueless, so walking
at 3.5 MPH and bicycling at 14 MPH have no impact on the overall
quality of life. Similarly the time you "recover" (reading on the bus
or subway, listening to the radio in the car) is zero-value as well.

Nor do they factor in the (significant in Cambridge) medical
costs due to the high rate of bicycle-to-car and bicycle-to-pedestrian
accidents. Since a single accident with an associated E.R. visit
would cost ~$1000, that would completely invert the ranking
and make the bicycle the most expensive transportation

more than 2 years ago

Saving Gas Via Underpowered Death Traps

Dr. Crash Statistically, smaller == deathtrap and that's it. (585 comments)

The Economist published a study on exactly this about ten years ago. They took the full NHTSA collision database of all fatalities in multivehicle accidents, and looked for "significant effects".

There was only ONE indicator that rose to statistical significance- weight of the vehicle. More precisely, the probability of a person dying in a two-vehicle collision is proportional to the inverse square of the masses of the vehicles; heavier vehicle wins, and it wins by the _square_ of the ratio of the masses. Half the mass == FOUR TIMES LIKELIER TO DIE. A third the mass == NINE TIMES LIKELIER TO DIE.

The worse part: NOTHING ELSE MATTERED. Super-safe "brands" like Volvo and Mercedes did no better on a weight-by-weight basis than Subaru or Ford; the highly touted "design for safety" did absolutely _nothing_ (in a statistical sense) to help passengers survive.

In short- saving fuel may be good for politics, global warming, etc. Therefore it's a good idea to get everyone _else_ into small light cars, but it's an even better idea to keep yourself and those you hold dear into the heaviest vehicle you can afford to buy and operate.

more than 2 years ago



Dr. Crash Dr. Crash writes  |  more than 7 years ago

Dr. Crash writes "The MIT Spam Conference has been greenlighted for March 30, 2007. Changes this year — the conference is now accepting papers on "Spam, Phishing, and Other Cybercrimes", which looks to include all sorts of interesting nasties like IM spam, SMS spam, bot army rental, and day-zero exploit sales, as well as the spam filter author talks. Showing up at the conference is free, but preregistration is requested. Paper deadline for the conference is the end of January this year."


Dr. Crash has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account