×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Biofuels From Corn Can Create More Greenhouse Gases Than Gasoline

dgatwood Re:10% ethanol also means 20% MPG lost (94 comments)

E85 is 85% ethanol, 15% gasoline, not the other way around. A 10% ethanol blend (10% ethanol, 90% gasoline) is called E10, not E90. Using E10 reduces your fuel economy by about 3–4%, and a 15% blend reduces your miles per tank by about 4–5%, assuming a modern, fuel-injected engine. I would expect the impact to be worse for an engine with a carburetor, but I don't know for certain. Either way, I'm pretty sure it's nowhere near 20% even with older engines.

Yes, if it were legal to sell E90, it would reduce your fuel economy by somewhere in the neighborhood of 20%. Of course, your car wouldn't start in the winter, and in most cars, parts of your fuel system would likely rust out pretty quickly, spewing fuel all over the hot engine, thus ending your life in a blaze of glory, so fuel economy would be the least of your problems....

10 hours ago
top

Why Portland Should Have Kept Its Water, Urine and All

dgatwood Re:Lanted Ale.. (217 comments)

And they say American beer tastes like...

11 hours ago
top

Google's New Camera App Simulates Shallow Depth of Field

dgatwood Re:Why? (121 comments)

I'm a little bummed about this. My first reaction was, "Oh, cool. This is just like the idea I had a few days ago." Then, I realized they're trying to do it from a single photo instead of taking advantage of the camera hardware to obtain actual depth info.

You have a lens that can focus. Take your shot, throw the focus off as far as you can (in whichever direction you can move the focus farther, by some definition of farther), then take a second shot. You can then compute some reasonable approximation of distance for every pixel without guessing. You can also likely compute a reasonable bokeh based on the size and location of bright areas in the out-of-focus areas and based on how much they spread in the out-of-focus shot. It's not perfect, but I suspect you could get close enough to fool just about anybody.

yesterday
top

The Case For a Safer Smartphone

dgatwood Re:Human beings are not born with smartphone attac (184 comments)

Google's self-driving cars have gone 300,000 miles without an accident. That's somewhere in the neighborhood of 30–42 average-teen-driver-years worth of driving. Statistically, about 1 in five teenagers reports having an accident in any given year. So we would expect that the same number of miles driven by teenagers would have resulted in, on average, 6–8 accidents—more if we're talking about teenagers in their first year of driving.

In other words, Google's self-driving cars are already at least an order of magnitude safer than teen drivers. That's probably a statistically significant difference.

about a week ago
top

Not Just Apple: GnuTLS Bug Means Security Flaw For Major Linux Distros

dgatwood Re:Old news (144 comments)

You missed one major technical rule: all browsers on iOS that support local rendering are required to use the system rendering engine.

Actually, no, I'm pretty sure they're just not allowed to use any JavaScript engine other than the built-in JavaScriptCore. And as of iOS 7, it's theoretically possible to actually do so without using WebKit.

about two weeks ago
top

Federal Bill Would Criminalize Revenge Porn Websites

dgatwood Re:Good! (328 comments)

It's not willful ignorance. It's actually a legitimate question. From everything I've read, there are roughly two types of revenge porn:

  • Fake revenge porn, in which someone pretends that he or she is getting revenge on a former significant other so that people will be more turned on, but in reality, it's just commercial porn, and legal.
  • Fake revenge porn, in which someone surreptitiously cracks into the victim's computer and records that person in his or her own home, which is already illegal. And this is what the lawsuits have mainly been about.

I suspect that the real revenge porn, if it even exists, is just about lost in the noise caused by the two forms listed above.

about two weeks ago
top

Federal Bill Would Criminalize Revenge Porn Websites

dgatwood Re:Freedom of Participants trumps Picture Owner (328 comments)

... the homeowner does NOT automatically gain the right to record the guest WITHOUT permission.

If that were true, then "NannyCam" footage would be inadmissable. Different states have different laws that carve out specific places where recording is not allowed—most forbid recording in bathrooms, for example—but as a rule, if you're in someone else's home, you should generally assume that you have little or no right to privacy.

about two weeks ago
top

Your Car Will Tell You How To Hit the Next Green Light

dgatwood Re:Its called paying attention (364 comments)

I was referring to normal traffic lights that lack any indication of when the light is about to change, not the rare lights with countdown timers or the hypothetical lights with a dashboard assist. The split-second decision to floor it or slam on the brakes is a bigger problem when you're accelerating from a stop as the light changes to yellow, not when you're going way over the speed limit, for two reasons: A. there may not be any choice that doesn't result in either getting rear-ended or being in the middle of the light when it turns green in the other direction, and B. your foot is on the wrong pedal to stop, adding critical latency to that decision, should you choose to stop.

about two weeks ago
top

Your Car Will Tell You How To Hit the Next Green Light

dgatwood Re:Its called paying attention (364 comments)

Actually, it's the opposite. The worst speed to be entering a traffic light is near zero. You've slowed down to a low speed because of someone slowing to turn right ahead of you. The traffic behind you collapses to be nearly bumper to bumper at 15 MPH in a 40 zone. The light is timed for 40 MPH. You don't realize that the light is about to turn yellow, so rather than just coming to a stop, you decide to enter the intersection. Then the light turns yellow and you're moving at a speed that will put you and the two cars behind you in the middle of the intersection when it turns green in the other direction. Whether you floor it to get through the light legally or slam on the brakes and get rear-ended, the car behind you is screwed.

about three weeks ago
top

Senate Report Says CIA Misled Government About Interrogation Methods

dgatwood Re:So Arrest Them (207 comments)

I will gladly contribute money to the election campaign of any otherwise-electable congressional candidate who makes this one of his or her campaign promises.

about three weeks ago
top

OKCupid Warns Off Mozilla Firefox Users Over Gay Rights

dgatwood Re:No OkQupid is braindead (1482 comments)

Well, it is kind of an April Fools story. It says he came out against Prop 8 (a gay marriage ban), which would mean that he was in favor of gay marriage. Unless all the previous stories I've read were wrong, I'm pretty sure they got that backwards.

about three weeks ago
top

OKCupid Warns Off Mozilla Firefox Users Over Gay Rights

dgatwood Re:Stop using JavaScript! (1482 comments)

There's nothing wrong with JavaScript, language-wise. I mean, sure, I'd prefer for closures to be explicit rather than implicit, in part because it tends to confuse the newbies a bit, but otherwise, it's a reasonable language. The problems mostly stem from:

  • All the built-in functions—the JavaScript DOM, XHR, etc.—which are designed in strange ways that assume everyone understands closures
  • The single-threaded design (not inherent in the language, but mandated by the DOM spec, IIRC)
  • Overuse of completion handlers even for things that really don't need them, mainly to workaround the lack of threading

None of those things would improve with a different language except possibly the first one.

about three weeks ago
top

Why Darmok Is a Good Star Trek: TNG Episode

dgatwood Re:Darmok is Science Fiction about an idea (512 comments)

It wasn't a bad episode, though in retrospect, it kind of felt like a ripoff of Enemy Mine in a lot of ways (the book, that is).

about three weeks ago
top

Why Darmok Is a Good Star Trek: TNG Episode

dgatwood Re:Can I vote for.. (512 comments)

... all of them? Seriously the inclusion of a trained Shakespearian actor (Stewart) was the only saving grace of that branch-off of TOS.

come on... it's not like the series didn't have any redeeming qualities at all... is it?

I can think of one really good episode. It involved the captain getting his brain rewired and living an entire lifetime on another planed in a dream induced by an alien probe. Why was it good? Because it focused on one character (played by Patrick Stewart) and really developed him.

The one with Picard leading the kids up the lift shaft was also good.

And I enjoyed the whole "Sometimes a cake is just a cake" episode. I mean, it was absurd, but it was amusing.

Worst episode? Anything with Wesley Crusher. They were almost all painfully written. How many times can a single kid put everybody in mortal danger and then somehow manage to save the day in some contrived fashion?

about three weeks ago
top

FTC Settles With Sites Over SSL Lies

dgatwood Re:Tip from a programmer (78 comments)

Why would they need to compromise your CAs? They can compromise any CA, because unless the client uses a tighter-than-normal designated requirement, it will trust any cert for your domain as long as it is signed by any of dozens of CAs. That's what makes TLS so flawed.

about three weeks ago
top

Some Mozilla Employees Demand New CEO Step Down

dgatwood Re:No (824 comments)

The boss doesn't ask employees to leave. The employee just gets to work one day and find their desk on the front lawn.

You mean we get to keep the desk? If I had known that, I'd have gotten myself fired a long time ago!

about three weeks ago
top

Job Automation and the Minimum Wage Debate

dgatwood Re:Who'll spit on my burger?! (870 comments)

Self checkout is just making the customer do the cashiers job for free before realizing that customers suck at doing these things correctly because it's not their job.

So what's the cashiers' excuse for not doing it correctly? :-D

No, seriously. I tend to order things with various customizations (e.g. no [insert ingredient]). I haven't done the math, but I suspect that I have at least a 10% return rate at many businesses. How hard is it to push "Only" followed by the ingredients that the customer specifies? Point-of-sales systems suck, but at least if I'm in control of it, I can see that the order is right, and if it is wrong, it's my fault.

about a month ago
top

Big Data Breaches Give Credit Monitoring Services a Boost

dgatwood Re:We need to solve this problem already (48 comments)

You're on the right track, but that implementation is way more complicated than it needs to be. Any PIN should be handled by the device itself, and should be easy to change to any arbitrary PIN. Or you might even use a fingerprint reader.

You should be able to basically eliminate any additional risk from a modified device or payment terminal (except perhaps the risk of someone physically stealing the device and using it) by doing the crypto as follows:

  • The business generates the transaction receipt and signs it with its public key.
  • The user pushes the button on the card to initiate the payment handshake. This causes the device to broadcast a Bluetooth Low Energy beacon.
  • The payment terminal (computer, POS terminal, cell phone) detects the beacon and sends the transaction receipt to the card.
  • The device shows the business info, dollar amount, etc. on its screen.
  • The user presses a button to authorize the transaction.
  • The device signs the transaction using its private key and sends its response back to the payment terminal.
  • The payment terminal sends the doubly signed receipt back to a payment processor.
  • The payment processor verifies the signatures using public keys stored in the business's account and the user's account and verifies whether funds are available.
  • The payment processor sends back a signed response containing the transaction receipt and a status field that indicates whether the transaction was authorized or not.
  • The payment terminal provides the signed response to the device so that the user can verify that the payment was accepted or rejected. (This prevents double charging fraud.)
  • If the signatures are valid and funds are available, the payment processor automatically transfers the funds to the business.

In an ideal world, the transaction would then be applied to the default credit card in your online account profile, but you should have the ability (up to a few days after the transaction) to redirect the transaction to a different card by logging in to your online payments account and saying "Bill it to X". Alternatively, you could have multiple PK pairs, one for each account, and you could choose the account on the device itself.

The way you handle offline sales with this model is also pretty straightforward. You use either a mobile app on your phone or a website on your computer (requires browser support), as follows:

  • Enter the name of the business.
  • The payment app provides a list of matching businesses. Choose the right one.
  • Enter the amount of the payment.
  • The payment app generates a transaction.
  • You push a button on the device, and the payment app does the BTLE handshake.
  • You push another button to authorize the transaction, and the payment app sends it to the payment processor.
  • The payment app issues a funds hold against your account and gives you a unique transaction ID for that hold. You give that transaction ID to the store.
  • The store, upon accepting the order, uses that transaction ID to convert the hold into an actual charge.

The existence of that transaction ID in the merchant's account is proof that the payment occurred. At most, the only thing the merchant would have to do to prevent fraud would be to ensure that nobody uses the same transaction ID to pay for more than one purchase. This is, of course, a trivial local database lookup.

You would also need an app (mobile or desktop) that can download the public key from the device (if the device gets stolen, you'll need to associate the new device's public key with your payment account) and occasionally update its firmware to fix any bugs in the crypto code.

about a month ago
top

AT&T Exec Calls Netflix "Arrogant" For Expecting Net Neutrality

dgatwood Re:It's not arrogant, it's correct. (466 comments)

ATT's customers should be able to leave, because ATT sucks.

AT&T's customers would need a viable alternative first.

about a month ago

Submissions

top

Richard Stallman to Start Fashion Line

dgatwood dgatwood writes  |  1 year,19 days

dgatwood (11270) writes ""Walking down the halls of MIT, I’d often see my colleagues dressed rather shabbily, and it was then that I decided to do something about it," said Richard Stallman, 60, of Cambridge, MA. So Stallman, a leader in the Free Software community with decades of software design experience, is ready to turn that experience towards a new target: clothing. He is expected to showcase his new line at FOSSCON 2012."
Link to Original Source
top

Feds announce bailout of Kit Kat Club

dgatwood dgatwood writes  |  about 5 years ago

dgatwood (11270) writes "Federal regulators announced today that they have decided to provide a $69 billion bailout to the financially strapped Kit Kat Club. On further questioning, regulators said that dancer Jugs Aplenty was "an American icon who is simply too big to fail" and described the chain of night clubs as "the last bastion of freedom in a sea of scandals and coverups".

The manager of one club spoke with a Slashdot indy reporter under the condition that he remain anonymous. "Things have been kind of tight for us lately. My customers keep telling me that it is hard for them to find the cash to visit nude bars with the economy in the doldrums. This bailout will ensure that Kit Kat Clubs across the nation can continue to provide quality entertainment and live dance shows that help weary investors beat the economic downturn." He went on to say that he could not think of any business more deserving, saying, "I've got a bone to pick with politicians who wasted all those billions of dollars on banks. What good have banks done for our country lately?"

As always, we will keep you abreast of the latest developments as more information becomes available."

Link to Original Source
top

NIST Announces Reverse Leap Day

dgatwood dgatwood writes  |  about 6 years ago

dgatwood (11270) writes "The National Institute of Standards and Technology (NIST) today announced a correction as a result of small errors in leap second calculations arising out of the gradual slowing of the expansion of the universe. At precisely 1:00 A.M. Eastern Daylight Saving Time, the date will skip forward by 24 hours to Wednesday, April 2nd, 2008. Director James Turner described this as the first "reverse leap day" in recorded history. He added that he expected a similar correction each year for at least the next seven years.

Americans are advised to immediately adjust their clocks and calendars forward to April 2nd. Director Turner warned, however, that not all countries in the world have agreed to this change yet. "Americans who regularly interact with people in other countries should expect some minor confusion until this all sorts itself out," Turner said, adding that "We considered simply dropping February 29th, but decided that would be too confusing."

For more information, see the NIST Coordinated Universal Time page at http://www.nist.gov/public_affairs/faqs/time.htm."

Journals

top

Chronicles of GoDaddy: How not to run an ISP

dgatwood dgatwood writes  |  more than 4 years ago

This is a review of the GoDaddy.com ISP. For a brief period of time, I used them for both my SSL certificate provider and my hosting provider. That lasted about a week. This review chronicles my experience with GoDaddy so that others can avoid the same fate.

It's hard to know where to begin when criticizing my experience with GoDaddy. It all started with a GoDaddy SSL certificate that was expiring in mid-August. Things started going wrong when GoDaddy sent me the expiration notice in mid-June. I immediately went to their website to renew. When I got there, I got a message that said I couldn't renew it for three days. I wrote them to complain and their reply basically said, "Yes, you can't renew before a certain date." Three days later, on the day it said I should be able to renew it, it still said I couldn't renew it.

A couple of weeks later, I went back to renew. I submitted a renewal for 9 years and paid for it (almost $270). I thought it was odd that they still hadn't sent out the cert, but I figured it would happen on the billing date for the account.

In the meantime, I decided to try to speed up my website by moving large graphics to shared hosting. Since I had a GoDaddy account already, I added hosting to it. Thankfully, I only paid for two months. While uploading content to the server, I started having weird problems almost immediately, finding that the server would just suddenly block my IP (including pings) for several minutes at a time. I theorized that they were limiting the number of reconnects per minute, so I spread the load out across several IPs and finished my uploading. I did all this over the holiday weekend to minimize impact.

Well, once I had the content on the server, I switched my home server to point to the images on that server. The next night, I tried to view a page full of thumbnail images and it stalled for a very long time. The problem went away after a couple of minutes, so I ignored it. When it happened again the next night, I started becoming concerned. When it happened on the fourth night, I started running a script that requested a tiny 15K image once a minute so that I could characterize the problem.

I contacted GoDaddy at this point, and they blamed my connection. I then reproduced the problem from work (where they have multiple OC-3 connections). I contacted them again. They continued to just say "We can't reproduce this" and actually had the nerve to suggest that I call them when I have the problem. How do you call somebody about a problem that only lasts 2-3 minutes from the start of the hang to the end? That's like telling somebody, "When you see a shooting star, text me so I can look up." Yikes!

Then, it got better. GoDaddy contacted me and said that they couldn't issue my SSL certificate because they now issue them for a maximum of 5 years---this in spite of the fact that their website was perfectly willing to sell me a 9-year certificate. So they started the process of issuing a refund.

A few hours later, they denied the refund. At this point, I wrote them back, chewed them out massively, listing in detail the litany of problems I had experienced with their service, carbon copied the president of GoDaddy, and basically threatened legal action if they didn't fix this mess. They restarted processing of the refund, but continued to refuse to honor the terms of our contract.

Their servers are still performing inadequately, so I plan to drop their service entirely as soon as I figure out where to migrate the files. And my SSL cert no longer comes from GoDaddy. I didn't even wait for my existing cert to expire; I don't want GoDaddy to get the free advertising. It also helps that my new SSL cert provider is free as in beer. I figure it's worth the hassle of renewing the cert annually to save $30 a year.

The bottom line is that I was going to spend about $114/year in hosting and SSL with GoDaddy, but because of their completely inept customer support, I'm now going to spend exactly $0 with them, and I will be spending a fair amount of time over the next few weeks posting detailed, harsh, negative reviews of their hosting service on every site I can find, from FaceBook to Web Hosting Geeks....

If I did my job as well as their customer service reps did their jobs, I would have lost my job after the first day. How, precisely, do these clowns stay in business? And how have they not had their credit card merchant account revoked?

David

P.S. Does anyone know of a web hosting provider that allows SSH, is reasonably reliable, and doesn't claim the rights to produce derivative works based on anything you upload?

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...