Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Automation Coming To Restaurants, But Not Because of Minimum Wage Hikes

swillden Re:Automation and jobs (646 comments)

Sadly, the likely outcome is drop in the quality of life for everyone involved.

That makes no sense.

Look at it from a macro-economic perspective: The reason we're moving to automation is because it increases efficiency, allowing us to produce more goods with fewer resources. That will increase average standard of living.

There are a couple of ways it could go wrong, of course. One is that the increased efficiency and therefore increased wealth could end up concentrated in the hands a small percentage of super-wealthy people. We've actually seen a lot of this over the last few decades, but we've seen it previously during other technology-driven economic restructurings as well, and what always happens is that competition eventually drives the margins of the super successful down and in the end the wealth ends up getting spread more broadly.

That points to the other way it could go wrong: The common man only gets his share of the increased wealth by doing something to earn it. Even though increased efficiency means there's more to go around, barring some sort of large scale government-driven redistribution, you still have to work for your share of it... which means you have to be able to do something that others who have wealth consider of sufficient value to pay you. So the other way it could go wrong is that there may simply be nothing available for such people to do.

That last is also a risk we've seen bandied about in past economic shifts, especially the shift from agricultural to industrial labor. What has happened in the past is that we've created new kinds of jobs doing previously unheard-of or even previously-frivolous things. I don't see any reason that this time should be different. I expect the transition to be painful -- and the faster it happens the more painful it will be -- but I don't think there's any end to what people want. People with resources will always want things that people without resources can supply. I don't claim to have any idea what those things will be.

It's also possible that I'm wrong, and that we'll have to take a socialistic approach to distributing the fruits of automation-driven productivity increases. I don't think so, and I think we should be careful not to move that direction too quickly, because it has huge negative impacts on productivity and we're going to need all of the productivity increases we can get, but it is possible.

yesterday
top

Automation Coming To Restaurants, But Not Because of Minimum Wage Hikes

swillden Re:Remember when WSJ had a modicrum of decency? (646 comments)

Now, I'm not so thick-headed as to imagine that they wouldn't come up with something like this to help franchises with wage costs, but I'm also aware that this tech is coming to all sorts of places other than Seattle where the minimum wage actually went up.

The fact is that it's going to happen regardless of where minimum wages are set, or even if there are legally-mandated minimum wages (as opposed to the market-determined real minimum wages). Anyone who thinks most unskilled jobs aren't going away is crazy. The question is at what rate this change will occur, and it seems quite clear that high minimum wages will make more automation economical sooner, pushing the rate of change.

We're edging towards a major economic restructuring driven by widespread automation. We've had automation-driven restructurings in the past, and dealt with them, and this too will be handled. But when you're talking about widespread elimination of old jobs and creation of new jobs, speed kills. Retraining, and even just adjusting to the new reality, take time, and in the meantime millions upon millions of displaced workers are a huge drain on the economy, not to mention miserable.

I think it's pretty clear that high minimum wages are a forcing function for this transition, and I don't think it's something we really want to force. Ideally, it would be better to slow it down, at least in terms of the human cost, though the most obvious mechanisms for slowing it (labor subsidies) may also dangerously distort the economy.

yesterday
top

NY Doctor Recently Back From West Africa Tests Positive For Ebola

swillden Re:OK, not annoyed about the Liberian guy any more (340 comments)

just to be careful I'm not spreading a highly communicable deadly disease

Ebola is not highly communicable. It's more communicable than, say, HIV, but it's still pretty low on the communicability scale, and even lower if you're asymptomatic.

yesterday
top

Google Leads $542m Funding Round For Augmented Reality Wearables Company

swillden Re:hasn't stopped him yet (38 comments)

so where was his "strong anti-authoritarian and anti-military streak" when he was rolling over for the NSA **for years**...

That never happened. The NSA tapped Google's fiber without Google's knowledge, but there's no evidence that Google ever willingly participated. As soon as Google found out about the taps, it accelerated a program to get the data on all those fibers encrypted, to lock the NSA out.

Google invades privacy for profit and for decades gave the NSA (and god knows who else) an unaccountable back door to all our data

Google trades the right to target ads to you in exchange for services, and enables you to opt out of the trade if you want, even providing the necessary tools for you to do it. Google has never given the NSA an "unaccountable back door". See David Drummond's numerous public statements on this issue. From my personal perspective as a Google security engineer, I think it would be virtually impossible for such a back door to exist in Google's systems without my having noticed some trace of it. Take that as you will.

You're coming to this question with a whole bunch of inaccurate assumptions, which are seriously skewing your perspective. You should take a breath, look into what really happened (as much as is public information anyway) vis a vis the NSA, PRISM, etc., and then re-evaluate.

Or not, that's your choice. I'll merely point out that time will prove me right with respect to any purported military-focused work by Google X and leave it there.

2 days ago
top

Google Leads $542m Funding Round For Augmented Reality Wearables Company

swillden Re:and so? (38 comments)

why dont you explain? if it is lol funny then you should be able to say why

Sergey Brin, director of X projects at Google and co-founder of the company, has a strong anti-authoritarian and anti-military streak. The idea that he'd invest himself so deeply into a project focused on military applications is laugh-out-loud funny.

3 days ago
top

Internet Broadband Through High-altitude Drones

swillden Re:I'm betting on balloons (99 comments)

Have you ever seen a hurricane or a tropical storm? It means the Internet will be down during these critical events when it is often most needed. That is the reason they are talking about 13 miles altitude drones and not just zeppelins. The altitude record for a zeppelin is 7.6 km or 4.7 miles. Large hurricanes can reach an altitude of 50 000 feet or 9.5 miles or 15.25 km. Zeppelins couldn't clear a large hurricane.

The balloons Google is experimenting with do reach the stratosphere. 20 km altitude.

3 days ago
top

Google Leads $542m Funding Round For Augmented Reality Wearables Company

swillden Re:Google = defense contractor (38 comments)

Google's after the defense contractor market now...developing/marketing Glass as a consumer product was an afterthought and mostly for PR, imho

LOL. You don't know much about Sergey Brin, do you?

3 days ago
top

Google Adds USB Security Keys To 2-Factor Authentication Options

swillden Re:Where is the NFC 2-factor? (119 comments)

The ownership thing can be mildly obnoxious. It's fairly standard practice at Google to click the checkbox to allow all attendees to edit a meeting. Even without that, though, it's always possible to make the change on your own copy; no one else will see the change if they look, but you can add someone (or a room), and the meeting will be added to the appropriate person/room calendar. Maybe Google Calendar works a little differently externally... I wouldn't think that part would be different.

Doesn't the Chromebox offer you the ability to type in a meeting name? That's another option on the internal system. We just go to the other room and manually enter the meeting name. Actually this was a problem a couple of years ago, but refreshes have gotten fast enough I haven't had to do that for a while, except when no one added a Hangout to begin with and we just have to make one up on the fly. Then we pick a name send it to everyone via chat or whatever, and type it into the room controller.

As for getting the other room booked, that's easy. Just make a calendar appointment and put the room on it. Fast.

3 days ago
top

Cell Transplant Allows Paralyzed Man To Walk

swillden Re:I'm still waiting... (161 comments)

We keep statistics, yes, but only in the context of criminal law.

To study, say, gun ownership as a matter of public health, as a risk factor for overall mortality, is illegal(with public funds).

Cite?

It seems to me that the main obstacle to such studies is detailed information on gun ownership, because mortality information is readily available, and not just from law enforcement. The CDC tracks it closely.

In any case, I'd love to see this research done... though I suspect that I anticipate a different result than you expect.

3 days ago
top

NPR: '80s Ads Are Responsible For the Lack of Women Coders

swillden Re:Wait, wait, trying to keep up (766 comments)

They're both. Just like men.

Ah, the old "If I can say it in a grammatically correct sentence, it must be true!!" fallacy.

No. They can't be both, because the groups OP defined are mutually exclusive. Men can't be both either.

Nonsense. Even individuals aren't only one thing. They're different things at different times and in different contexts. Further, you're talking about two large groups of people; there's clearly a lot of variation among them.

Why would you think that women should fit neatly into one bucket or another?

To state the obvious, because some buckets are neatly defined. For instance, a woman can only fit into at most one of these buckets: "Likes math" or "Hates math." (They could be in neither of those buckets.)

You're a little bit closer in recognizing that women aren't all the same. Congratulations! But you're still wrong. A given woman can like some kinds of math but not others, can like math during some parts of her life but not others, can even like math in some moods but not others.

3 days ago
top

Google Adds USB Security Keys To 2-Factor Authentication Options

swillden Re:Where is the NFC 2-factor? (119 comments)

I don't see how fumbling around with USB sticks is much better.

I use a YubKey NEO-n. It's a tiny device, only extends from the USB port by a millimeter or so... just enough that you can touch it to activate it. I just leave it plugged into my laptop all the time, so there's no "fumbling with USB sticks", I just run my finger along the side of the laptop until it hits the key. It's extremely convenient.

Doesn't leaving the device plugged into your laptop all the time defeat the purpose of two-factor authentication? If someone steals your laptop they have your key now, same is if you left your one-time pad as a text document on the desktop.

I addressed this in the paragraph below the one you quoted, and a bit more in the paragraph after that.

3 days ago
top

Google Adds USB Security Keys To 2-Factor Authentication Options

swillden Re:How does it secure against spoofing? (119 comments)

The second channel will not secure a compromised channel, but it will make it easier to detect it.

Oh, you're talking about a completely separate channel, with no joining to the primary channel? That creates its own set of problems... when the user authorizes a login, how do we bind that authorization to the login the user is attempting, rather than a login from some other location? Without a join (e.g. entering OTP from second channel into primary channel, or vice versa), the attacker just has to figure out when the user is logging in, and beat them.

There is very little you can do to combat malware infections unless you are willing to use a second channel.

I maintain that a second channel doesn't really help, either as defense or for detection, and you haven't suggested any way that it might.

At some point in the communication the data is vulnerable to modifiction, no matter how well you try to shield it. It resides in memory, unencrypted, at some point in time.

In the case of a security key no, it does not. Not in the memory of the PC. The PC and browser are merely a conduit for an authentication process that occurs between security key and server. It's actually pretty reasonable to characterize this as a second, virtual channel. It's MITM-resistant; an attacker can block the messages but can't fake, modify or replay them without failing the auth. It is also bound to the primary channel, though that binding is admittedly dependent on the PC being uncompromised. But if the PC is compromised to the level that the attacker can cause the auth plugin to lie to the security key then there is no hope of achieving any security. A separate channel definitely wouldn't help.

And it's heaps easier to do if the interface used is a browser.

Sure. But the goal is to create as much security as possible within the context of what people actually use. Theorizing about some completely different approach that no one would use is entertaining but pointless.

3 days ago
top

NPR: '80s Ads Are Responsible For the Lack of Women Coders

swillden Re:Wait, wait, trying to keep up (766 comments)

...so today are women ndividuals who can do anything men can do and are perfectly capable of functioning in modern society to wit, choosing the career path that they want to follow out of interest, talent, and education?

Or are they intimidatable, wilting violets incapable of exercising free will, intimidated by the faintest approbation, and unable to choose a career because some shitty 1980s movies didn't ACTUALLY show "girls doing data entry"?

I'm just trying to keep track here. I need to know if I should treat them like plain old people, or tread delicately around their fragile sensibilities?

They're both. Just like men.

Why would you think that women should fit neatly into one bucket or another?

3 days ago
top

NPR: '80s Ads Are Responsible For the Lack of Women Coders

swillden Re:Toys vs tools (766 comments)

When computers were viewed as toys, it was acceptable for girls to have them. Once they became tools, however, they were only for boys.

Then explain why a high percentage of programmers were women back when the only computers that existed filled rooms, cost millions of dollars and were clearly anything but toys, but once microcomputers were widely available in homes and used for playing games as much as anything, the percentage of women began to decline.

I think you may have the right concept, but with the genders reversed.

3 days ago
top

Google Adds USB Security Keys To 2-Factor Authentication Options

swillden Re:Where is the NFC 2-factor? (119 comments)

Oh, and BTW, thanks for the mention of Chromebox. I had to go look it up. I didn't realize Google was selling it.

I wonder if I could get one for my home office...

3 days ago
top

Google Adds USB Security Keys To 2-Factor Authentication Options

swillden Re:Where is the NFC 2-factor? (119 comments)

Can you elaborate on what the problems are? You described having a PC in each room... so I don't see what's difficult about uninviting one and inviting another when moving. As for the other things you mentioned... do you think there's no need at Google to find a free room at short notice, or move hurriedly from one room to another? Actually, of late at Google in Mountain View there is no finding a room at short notice or moving hurriedly... because if you didn't grab that room days in advance it's just not available. But the buildings haven't always been so overcrowded and soon won't be again.

3 days ago
top

Google Adds USB Security Keys To 2-Factor Authentication Options

swillden Re:How does it secure against spoofing? (119 comments)

What keeps me (or my malware, respectively) from opening a google page in the background (i.e. not visible to the user by not rendering it but making Chrome consider it "open") and fool the dongle into recognizing it and the user into pressing the a-ok button?

For one thing, if the tab with the malware-loaded page isn't on top, Chrome won't allow it to talk to the dongle. If there is some way to render a page that is not visible to the user but which Chrome considers sufficiently "open", that's a Chrome bug which should be fixed.

A machine that is compromised is no longer your machine. If you want two factor, use two channels. There is no way to secure a single channel with two factors sensibly.

You should have stopped after the first sentence, because two channels doesn't help. If the machine you're using is compromised, it's no longer your machine, period. This is true regardless of the authentication method being used. That said, some authentication methods are susceptible to replay attacks... if I can compromise your machine and grab your credentials then I can log in as you from my machine. Security keys make that sort of attack very difficult, much harder than, for example, an out-of-band one-time-password. In that case, I just have to make sure I use the one-time password before you do, grabbing and submitting it before you click "Go". With a cryptographic challenge response protocol performed by a security key that's more difficult, because a secure channel is established between the authentication server (at Google) and the security key. It's still not impossible, but it's much harder.

3 days ago
top

Google Adds USB Security Keys To 2-Factor Authentication Options

swillden Re:Where is the NFC 2-factor? (119 comments)

$60 bucks? No fucking way.

These are devices that have really only been used for enterprise security. Low volume plus low price sensitivity equals high price. As use of security keys becomes more widespread, across more enterprises and businesses, and even to consumers, that will change.

There are other devices available now, including one that is $6. None of the others are as small as the NEO-n, so you'd have to "fumble for USB sticks" rather than leaving them plugged in all the time... but said "fumbling" really isn't that bad. Put it on your key ring, shove it in when needed.

3 days ago

Submissions

top

Details of iOS and Android Device Encryption

swillden swillden writes  |  about three weeks ago

swillden (191260) writes "There's been a lot of discussion of what, exactly, is meant by the Apple announcement about iOS8 device encryption, and the subsequent announcement by Google that Android L will enable encryption by default. Two security researchers tackled these questions in blog posts:

Matthew Green tackled iOS encryption, concluding that at bottom the change really boils down to applying the existing iOS encryption methods to more data. He also reviews the iOS approach, which uses Apple's "Secure Enclave" chip as the basis for the encryption and guesses at how it is that Apple can say it's unable to decrypt the devices. He concludes, with some clarification from a commenter, that Apple really can't (unless you use a weak password which can be brute-forced, and even then it's hard).

Nikolay Elenkov looks into the preview release of Android "L". He finds that not only has Google turned encryption on by default, but appears to have incorporated hardware-based security as well, to make it impossible (or at least much more difficult) to perform brute force password searches off-device."
top

Google Wallet now works with any card

swillden swillden writes  |  more than 2 years ago

swillden writes "Google posted on Wednesday: 'we’re releasing a new, cloud-based version of the Google Wallet app that supports all credit and debit cards from Visa, MasterCard, American Express, and Discover. Now, you can use any card when you shop in-store or online with Google Wallet. With the new version, you can also remotely disable your mobile wallet app from your Google Wallet account on the web.'"
Link to Original Source
top

Google+ for Google Apps Released

swillden swillden writes  |  more than 2 years ago

swillden (191260) writes "Finally addressing a problem with the new Google+ social network that has generated a great number of complaints from long-time Google users, Google has announced the availability of Google+ for users with Google Apps accounts. The feature isn't enabled automatically for all Google Apps domains, though, it's necessary for the domain administrator to turn it on."
Link to Original Source
top

Real-world RAID0 performance

swillden swillden writes  |  more than 5 years ago

swillden writes "I recently got the opportunity to play with some fairly high-end hardware and I was very surprised at the poor I/O performance. The machine was a 4-way Xeon with a high-end RAID controller and five 300GB SCSI Ultra-320 15,000 RPM drives, to be configured as a very high-performance database server. I didn't care so much about the real database workload, though, I just wanted to see what kind of data rate I could get, for fun.

Given that each of these drives individually can sustain over 100 MB/s, and given that I'd expect RAID0 to scale roughly linearly with the number of drives, I was expecting in the neighborhood of 500 MB/s. What I got (according to bonnie++) was about 200 MB/s, less than half the expected data rate. Disappointed, I decided to give Linux MD RAID a try, which got me up to about 240 MB/s, 20% faster than the hardware RAID, but still disappointing.

My question for the slashdot geeks that play with this kind of stuff all the time is: What kind of performance should I expect out of a system like this? Does RAID0 always scale so poorly? And, just for good nerdish fun, what's the fasted storage I/O you've ever seen?"
top

What examples of Security Theater have you seen?

swillden swillden writes  |  more than 6 years ago

swillden writes "Everyone who pays any attention at all to security, both computer security and "meatspace" security, has heard the phrase Security Theater. For years I've paid close attention to security setups that I come in contact with, and tried to evaluate their real effectiveness vs their theatrical aspects. In the process I've found many examples of pure theater, but even more cases where the security was really a cover for another motive.

Recently, a neighbor uncovered a good example. He and his wife attended a local semi-pro baseball game where security guards were checking all bags for weapons. Since his wife carries a small pistol in her purse, they were concerned that there would be a problem. They decided to try anyway, and see if her concealed weapon permit satisfied the policy. The guard looked at her gun, said nothing and passed them in, then stopped the man behind them because he had beer and snacks in his bag. Park rules prohibit outside food. It's clear what the "security" check was really about: improving park food vending revenues.

So, what examples of pure security theater have slashdotters noticed? Even more interesting, what examples of security-as-excuse have you seen?."
top

swillden swillden writes  |  more than 8 years ago

swillden writes "I've come across an increasing number of GPL programs lately that display an EULA-style click-wrap agreement during installation. While not exactly wrong, this seems like a bad idea to me, since it perpetuates the idea that you must agree to some arbitrary set of conditions in order to install and use a piece of software. In this case the conditions are very liberal (there are none, really), but still it reinforces the notion that you can't install a package unless you agree.

The FSF says that such click-wrapping is neither required nor forbidden but it seems like a bad idea to promote the click-wrap meme, even if the license is user-friendly. What do slashdotters think?"

Journals

top

10 seconds that can help boot Orrin Hatch out of office

swillden swillden writes  |  more than 8 years ago

I'm sure all of you have seen the many articles about various wacko things Senator Orrin Hatch has done to support the RIAA and MPAA. Among other things, he'd like to empower the media industry to remotely destroy the computers of people they suspect of illegally sharing files.

Wouldn't be great to give him the boot? You can help, by doing nothing more than voting on a web site.

See, for the first time in quite a few years Hatch has a serious contender for his seat. Pete Ashdown is a smart, tech-savvy businessman who's taken a year off to run his campaign. Ashdown is the sort of moderate Democrat who has a chance to win in Utah, and Utahns have expressed their opinion in polls that Hatch has been in office long enough and they'd like a change.

However good Ashdown's chances in theory, though, campaigning is about money, and he needs it.

That's where this vote comes in. Barbara Boxer has some campaign cash she's going to give to one of the Democrats running against a long-term incumbent senator. If Ashdown can win that vote, he'll have a great warchest to start the campaign with. It won't be enough, but it will give him a good start and will hopefully prime the pump for other large democratic contributions.

So go vote, and get all of your friends and neighbors to do the same! Even if they're Republicans, they still have to appreciate that an utterly one-sided race like Hatch has had in the past is not good for democracy. Get them to vote!

Slashdot Login

Need an Account?

Forgot your password?