Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Passwords: Too Much and Not Enough

firewrought Re:Why so high? (122 comments)

Why would it ever be even close to that high. Every decent system I have ever encountered raised some serious flags after 3-5 wrong guesses. If you flag an account after 10 wrong guesses, start requiring a CAPTCHA after the first one, and ban ip addresses when you detect massive multiple account attempts, you can offer security fool proof security, with, lets say, around 100 guesses.

If it only takes 100 guesses, then an attacker can slowly try passwords stretched out over time, depending on his victim's routine behavior of logging in a couple times per day to reset the fail count. Or maybe he can try 1 guess (with 1/100th odds) on each account in the target system. If there are hundreds of accounts... well, you get the idea.

IP-based banning can make this harder (forcing the attacker to find/use multiple victim PC's), but it's not widespread yet (for instance, I don't think Active Directory or slapd support it).

2 hours ago
top

How To Beat Online Price Discrimination

firewrought Re:I can't stand coupons (139 comments)

[Coupons are] there to get people to make decisions that they otherwise wouldn't make, usually bad ones.

In addition, they serve as a form of price discrimination: you can save a nice chunk of change on groceries by taking an hour each week to clip your way thru the Sunday paper, but once you have enough disposable income (and perhaps less leisure time) it's no longer worth it.

3 hours ago
top

DHS Investigates 24 Potentially Lethal IoT Medical Devices

firewrought Re:Since these people still don't get it.... (78 comments)

Don't get me wrong: safer programming languages and runtimes definitely help, especially with buffer overflows (thanks C++!), but it's one aspect of many that impact security.

it won't prevent devs from concatenating SQL with user input

You can't do this in, say Haskell, unless you write your own SQL interface library that builds solely on strings.

Granted, I lost interest in Haskell somewhere around hitting the Functor/Monad point, but if devs can send raw SQL to the database, they will do so.

misusing threading primitives

You can't do this in concurrent safe languages, like Concurrent ML, Rust and Haskell.

Yes, you can.

So basically, safety properties have importance on par with domain requirements, and must be subject to the same rigour that domain features get, ie. testing, verification, etc.

Good luck spreading that attitude. Makers of device drivers, SCADA, etc., dearly need it.

Basically, the safer the language, in the sense that the more properties can be assured at compile-time, the more features and safety properties you can verify, and the fewer security vulnerabilities.

That helps get us closer, certainty. The language and runtime can help catch/eliminate common, elementary mistakes. It's not the silver bullet though: wherever creative work is being done, therein lies the potential for new vulnerabilities.

yesterday
top

DHS Investigates 24 Potentially Lethal IoT Medical Devices

firewrought Re:Since these people still don't get it.... (78 comments)

Anything computerized with a network connection can (and most likely WILL) be hacked...

Not if you take appropriate precautions, like using a safe programming language.

Don't be naive... security is a deep and subtle problem, full of nasty surprises. There is no magic bullet solution... your "safe programming language" has thousands of bugs in its standard API and run-time; it won't prevent devs from concatenating SQL with user input, misusing threading primitives, or bungling up an authentication protocol; it certainly won't patch up the numerous ways of subverting https or the modern web browser. To be secure (or have a reasonably good chance at being secure), you must at minimum use an approach where (1) security is a primary design concern thru the entire product lifecycle, (2) security solutions are deployed in a structured/layered approach using (3) actual expertise, and (4) security is an ongoing program with both proactive and reactive elements.

(Convincing your government to help software/hardware/network companies fix their security problems instead of purposely introducing them would be a good idea too, but it looks like society is determined to learn this the hard way.)

2 days ago
top

How Our Botched Understanding of "Science" Ruins Everything

firewrought Sigh... (795 comments)

Countless academic disciplines have been wrecked by professors' urges to look 'more scientific' by, like a cargo cult, adopting the externals of Baconian science (math, impenetrable jargon, peer-reviewed journals)...

How dare those academics use math, specialized jargon, and peer-review! Witchcraft, I tell thee, witchcraft!! (Quick hint for whatever PR firm submitted this: science is extremely complex and extremely specialized these days. Sorry if your marketing degree didn't prepare you for anything better than spreading FUD.)

This is how you get people asserting that 'science' commands this or that public policy decision, even though with very few exceptions, almost none of the policy options we as a polity have have been tested through experiment (or can be).

Yah, we only have one earth at the moment, so it's sort of hard to directly test the effects of (1) implementing or (2) NOT implementing a carbon excise tax on the next 100 years of climate change. Science can't do that. Of course, neither can lobbyists or SIG's or true believers or anyone else.

What science can do (for a sincere policymaker) is provide the firmest foundation of knowledge to work with. And science quite confidently tells us a lot of things we don't want to hear (like "all this carbon is going to make the environment go wack, do something about it" or "your ass is getting fat on all that sugar and processed foods", or "life arose thru such-and-such set of processes and not ex post nihlo, sorry if that challenges your theology LOL").

about a month ago
top

U.S. Supreme Court Upholds Religious Objections To Contraception

firewrought Re:Bad media coverage (1330 comments)

What happened was that the president of Chik-Fil-A, Dan Cathy, expressed an opinion on same-sex marriage

You forgot to mention the part where Chik-Fil-A's charitable organization was donating millions of dollars to anti-LGBT political organizations. The protests were largely effective at halting those donations.

But, he doesn't claim to be a "Democrat", which is an allegiance which absolves one from all responsibility and repercussions from their opinions.

Obama--for all of his many problems--has done more than any other president to support equal protection under law for people who are LGBT.

about 4 months ago
top

NYC Loses Appeal To Ban Large Sugary Drinks

firewrought Re:Praise the Courts (532 comments)

Maybe we could just work together on that and then most of these abortions need never happen.

Good idea, but you need to get conservatives on board with embracing contraceptives. For many of them, it isn't just about eliminating abortion, it's also about eliminating non-martial sex and boosting the pregnancy rate after marriage. To get there, they are willing to (1) withhold medically pertinent information, (2) cultivate sexual fears and stigmas, (3) encourage premature marriage, and (4) prescribe rigid/misogynistic gender roles. (Source: grew up in a christian school.) A lot of this just naturally flows from the fundamentalist/authoritarian worldview... other christian subcultures may be different.

The number of unplanned pregnancies in the US every year is Insane.

Actually, the rate of teen pregnancies has hit an historic low.

about 4 months ago
top

Docker 1.0 Released

firewrought Re:Holy crap! (88 comments)

Download .deb Double click it Insert password, hit ok Seriously it is a hell of a lot easier than Windows

Oh, I'm sorry. You need libglib2.0-0 (>= 2.35.9), but I'm on libglib2.0-0 (2.34.8) and upgrading it will cause a conflict with libwtf5.0 (1:5.0.99) and also require installing libancientrelic0.8 (0.8.0.012), which I can't seem to find anywhere. Let me suggest removing a bunch of packages (leaving some things broken). Accept this solution? (y/N) Alternately, I could suggest you blow your weekend learning to build a dummy package just to shut me up... there so many wonderful commands that start with deb and dpkg, you'll love digging thru layers and layers of accumulated shell scripts!

about 4 months ago
top

Registry Hack Enables Continued Updates For Windows XP

firewrought Re:This act is highly illegal (322 comments)

The true mind-blower of Unix is how so many people defend their flat files unto death

And their scripts. Don't forget the piles upon piles of scripts that preclude any straightforward notion of what's going on. (Coincidentally, dpkg is a good example of this failure too.)

about 5 months ago
top

Mathematical Model Suggests That Human Consciousness Is Noncomputable

firewrought Re:No need for math model (426 comments)

As always, the truth is in the Bible

Yep, this speciously-reasoned physics paper supports the Absolute Truth(TM) revealed to us in an ancient text of unknown authorship!

about 6 months ago
top

Mozilla Offers FCC a Net Neutrality Plan With a Twist

firewrought Re:There's no financial incentive to play fair (123 comments)

Why? Nothing is blocked, it is just slower. This sucks for streaming, but streaming is not the only way to share information. Speeds that will not work at all for Netflix work fine on The Pirate Bay... It just requires people to think differently and not stream everything but download it instead.

Why? Because now if you want to start an internet business (streaming or not) that becomes even modestly successfully, every ISP on the planet will start looking for a way to demand a chunk of your profits. "Yeah, sorry that that little 100ms latency spike is affecting 1 million customers of yours, Blizzard, but we'll be happy to form a collaborative network-tuning relationship with you for $250,000/mo."

Cumulatively, it means that ISP's can rent-seek off of internet businesses, cutting down on the quantity and competitiveness of such businesses while simultaneously forcing them to raise prices.

about 6 months ago
top

Could Google's Test of Hiding Complete URLs In Chrome Become a Standard?

firewrought Re:And the question of the day is... (327 comments)

The benefit is ease of use for people who have no idea what a URL is. They just look up there and see, "yes, this is definitely my bank's website," instead of "holy shit what does long string of symbols that mean."

Maybe a basic part of web literacy is learning what a URL is and what it's useful for. "Whoa!" you say, "we need to do anything we can to make computers easier and more self-explanatory." Well, yes, I agree with that, but we're reaching a point where designers start to "overtrain" their design. Take this "origin chip", for example. You make it slightly easier to identify the site you're on and perhaps slightly less intimidating for a newbie [which is sort of ridiculous in this context because the web is do damn ubiquitous now], but you've also made a host of other tasks slightly harder (viz., copying/emailing a link, fixing a link, manually entering a link, inspecting a link, etc.). In addition, you're no longer subtly informing the intuitions of future authors, librarians, technicians, webmasters, programmers, and judges/juries as to the URL~=page association. That's ultimately making it harder for people to understand how their technology works.

Usability design is a noble endeavor, and I'm all on board with Norman, Tufte, etc. What I'm NOT on board is the current fad of software that drops functionality, removes technical visibility, and overhauls the interface with each release. That's just user-hostile.

[ranting because Google Camera dropped exposure control recently]

about 6 months ago
top

An MIT Dean's Defense of the Humanities

firewrought QOTD (264 comments)

"Culture's worth huge, huge risks. Without culture we're all totalitarian beasts." -- Norman Mailer

about 6 months ago
top

NASA Proposes "Water World" Theory For Origin of Life

firewrought Re:NASA Proposes "Water World" Theory For Origin o (115 comments)

mind-boggling complexity of life that could never be duplicated but by a mind-boggling intelligence

Complexity can arise spontaneously out of simple interactions. We see this over and over and over again. Pretending it requires intelligence just reveals our collective cognitive bias towards personifying the world and ascribing agency to inanimate objects and processes.

This is our tax dollars being spent on a national religion.

No, it's merely a line of scientific questioning that threatens your worldview. A lot of things can threaten a worldview (science, humanities, foreign travel, self-reflection, getting older, etc.), but we should only call them a "religion" if they substantially function like a religion (e.g., providing things like community, life ceremonies, spirituality, moral codes, holy texts, etc.).

Duplicating all pagan religions. They start with water because Genesis starts with the Holy Spirit hovering over the water.

Civilization begins with agriculture, and agriculture begins with water. It was true in lower Mesopotamia (the world's first civilization) and on the banks of the Nile (Egypt, the second civilization). It seems appropriate, then, that many creation myths--including those much older than the Genesis 1:1 account--feature water as prominent (and often chaotic) element.

about 6 months ago
top

How the Internet Is Taking Away America's Religion

firewrought Re:Knowledge (1037 comments)

I know too many smart highly-educated Christians to think that religion is merely some lack of applied thought. It's a choice they made, knowingly and subjectively, to have religious faith.

Skeptics seem to have this assumption that humans are inherently rational, and it's only those who are intellectually weak that let bad/illogical ideas into the mind. I'd argue that this is a bad model because we are forced throughout life to rely on incomplete/inaccurate information from a wide variety of sources... our senses, our emotions, our peers and society at large, etc. Our brains are a very muddy place that was never tidy and logically "clean" to begin with, but we make do (more or less). A purely skeptical species would go extinct questioning the need to plant crops, etc.,

The way I see it, rationality (and the engineered pursuit of it, science) is a skill that must be developed and subsequently imposed on various facets of our worldview. How we select those facets (and how vigorously we investigate them) is a strategic question ("what is my biggest blindspot?") that we're not well equipped to answer (they're called "blindspots" for a reason). And we ALL have blindspots of various topic and magnitude.

In the case of religion, it's particularly hard to investigate these blindspots because adherents have been strongly conditioned to self-identify with the cause. Their parents, friends, community, and everyone they trusted as a child told them "this is what we believe, it is the only way to live a good life, and everything outside of it is corrupt and destructive". Like Tevye says in Fiddler on the Roof, "tradition tells us who we are and what G-d expects of us".

Analytically re-evaluating one's faith as an adult requires a tremendous amount of courage and vigour. To do so, they must overcome:

  1. Religious instructions to defer to authority.
  2. Implied instructions to not question faith.
  3. Perceptions that questioning is risky and/or evil.
  4. The nastiness of some skeptics (e.g., living examples of the "evil" of questioning)
  5. Accusations that the questioner's "real problem" is something spiritual and not intellectual.
  6. Desperate feelings that the faith "has to be true", precluding need for further analysis.
  7. Anecdotal proofs and feel-good stories ("testimonies") that offer emotional evidence for faith.
  8. Single-shot ad hoc arguments (emotional or intellectual) that preclude comprehensive analysis
  9. Apologetics literature or speakers that sound convincing initially, esp. when presented without opposing views.

This is not the only way people leave their faith, but it's relevant to skeptics because it's the "rational" route. I suspect that those who use "emotional evidence" as their primary waypoints for evaluating complex situation have it easier... they see the history of Christanity's/Islam's treatment towards women or they consider how wholly abhorrent the concept of hell is, and then they proceed to reject the system that generated those ideas.

Instead of offering mockery (a tempting practice), skeptics would do better to (1) humbly remember that we all have blindspots, (2) that every population has smart and dumb individuals, (3) that believers make many valuable contributions to rationality/science, (4) and that social and emotional arguments against a faith can compliment their existing intellectual arguments.

about 7 months ago
top

Microsoft To Allow Code Contributions To F#

firewrought Re:What happened to C#? (100 comments)

Let me elevate the question: why do we need yet another programming language?

Because we're nowhere near figuring out how to best express ourselves to computers for the wide variety of problems we wish to solve and the large diversity of skill-sets and backgrounds we wish to solve them with.

In this example, F# solves the problem of "how do we do statically-typed functional programming (a la OCaml and Haskell) in a way that integrates with the .NET ecosystem?". C# doesn't solve that problem because you can't do nearly enough type theory. OCaml doesn't solve that problem because it's not vendor-supported and it's not designed from the ground up with the .NET platform (and the existing base of C# programmers) in mind.

While I share your unstated assumption... that it seems like there are too many half-baked programming languages instead of a few really good ones, I also think Microsoft deserves credit (much as I hate to say it) for recognizing the need to focus on platforms (like .NET) instead of languages. Of course, then they go and do the whole WinRT thing... :-\

about 7 months ago
top

How Many People Does It Take To Colonize Another Star System?

firewrought Re:People need to start with the scale (392 comments)

Instead of turning around at the halfway point and using the same thrust to decelerate, would it be possible to, theoretically, initiate an explosion in front of the craft, equal in yield to the amount of thrust used to achieve whatever speed your craft is at when you need to start accelerating?

Yes, because the explosion you propose is simply a shorter duration, higher intensity version of retro-thrusting. (Incidentally, some sci-fi authors have proposed using explosions [such as nukes] for the initial thrust as well [Anathem comes to mind].)

However, the problem with your approach is that it's less efficient: first, it requires extra machinery because you're building a second propulsion system instead of reusing the one you already have; second, it requires extra structural support because you're going to subject the vehicle to higher delta-V's. Obviously, this adds a lot of weight, a lot of extra engineering, and several more points of failure.

The implicit engineering assumption you're running into here is that the most viable approach for interstellar voyages (if anything is viable, which is doubtful) will be a regime of nearly symmetrical acceleration/deceleration provided by a single propulsion system.

about 7 months ago
top

P vs. NP Problem Linked To the Quantum Nature of the Universe

firewrought Why would efficency matter? (199 comments)

The distinction that P algorithms are "efficient" and NP algorithms are "inefficient" is merely a convention of complexity theorists. You could easily draw the dividing line further in or out depending on your purposes. That makes me wonder what constitutes their assumption that this particular P/NP type "efficency" is necessary for a macroscopic Schrodinger algorithm.

about 7 months ago
top

Department of Transportation Makes Rear View Cameras Mandatory

firewrought Re:13 deaths? (518 comments)

If you think this makes a car too expensive, what price do you put on accidentally running over a human being?

This article says it will save (max) 15 deaths/year at a (min) cost of $132/vehicle. With 15.6 million vehicles sold in the US last year, that implies a >$137 million dollars per death avoided. That's way above the $6million you referenced.

At any rate, it certainly seems that if we're going to spend >$2 billion dollars, we should able to save more than 15 lives with it. But no... some mum went to Washington and proclaimed it should "never happen again", so we get this crap. (Granted, my analysis isn't including injuries... that could swing the balance.)

about 7 months ago
top

Security Evaluation of the Tesla Model S

firewrought Re:How to *actually* steal car: (93 comments)

Reality. At the end of the day, what will the insurance company accept as sufficient security...

No, the security only has to be sufficient enough to blame you for the theft.

the balance of easy usability vs number of features vs security implementation, with a modern electric computerised vehicle that might best be left to a consultation between the sales consultant and the end user

The salesman and customer are the least informed for making security tradeoffs, and the complications of having multiple security arrangements across a fleet of supported vehicle isn't worth the extra headache for the manufacturer.

The "balance" of this situation should not lie in the boneheaded territory of elementary security mistakes... if you're going to have a remotely accessible API, hire programmers who understand security and have them design the damn thing to be secure from the ground up. It's not impossible or mystical or some big unknown.

about 7 months ago

Submissions

firewrought hasn't submitted any stories.

Journals

firewrought has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?