Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:3COM robots are 3-laws safe! (Score 2) 68

AC asks:

How would those laws be applied to military robots designed to kill? Replace "human being" with with "American"?

When a robot is designed to kill in violation of Asimov's 3 Laws of Robotics, then Newton's Third Law comes into play:

-- Every action has an equal and opposite reaction.

This law operates even in the absence of robots.

Comment Choose none of those languages (Score 5, Insightful) 241

"Would you be inclined to embrace Wolfram's approach, Apple's Swift Playgrounds, Microsoft TEALS' Java-centric AP CS curriculum, or something else (e.g., R, Tableau, Excel+VBA)?"

Choose none of those named above, nor any other proprietary language or platform. It is quite incredible and irresponsible that someone would recommend bringing up children into a form of corporate mental slavery and proprietary dependency.

Give your children freedom. There is no shortage of unencumbered free and open source programming languages that will serve their educational needs very well indeed. Once they are young adults armed with some knowledge and experience, they can choose their own proprietary chains if they so wish.

Comment Auth secrets should always be LOCAL (Score 2) 23

When authentication secrets are stored centrally on a website then they are always at risk, regardless of the methods used to protect them. Good sites make the stored information hard to crack, and poor sites make it easy, but they are all at risk --- from internal employee corruption if nothing else. Those secrets will leak because when stored at a single point then they are all accessible to the attacker at a single point. Mass leakage is just a matter of time.

A vastly more secure approach that has been well known for decades is based on PKI, in which the user stores their auth secret locally in a private key, one half of a {private,public} PKI key pair. The server only gets to know the user's public key, and it's pointless for an attacker to crack that because the public key is public information that can be distributed freely through keyservers. (The PGP/GnuPG keyserver network has been doing this for decades.)

When a user creates an account on some website, she provides the identifier of her chosen public key (she may have lots of them). When logging in to the account subsequently, the server looks up her public key identifier in the info held for this account, fetches her public key from the keyservers, then it sends her a random string encrypted with her public key. She decrypts it with her private key (which is only held locally by the user, nowhere else) and sends the decrypted string back. The server accepts the login if the returned string matches the random string that it picked, which is not stored anywhere and varies on every login, and it rejects the fraudulent login attempt if the match fails. All this can be completely automatic.

That's strong distributed security, and it's resistant to MITM attacks and does not store any authentication secrets on the central service so those secrets cannot leak when the service is compromised.

This kind of PKI-based approach is not rocket science. Why this old but secure scheme isn't used by websites is a big mystery. The reason isn't user inconvenience, since PKI can be packaged up to look trivial to end users if developers take the trouble. And so, websites get hacked and their users' auth secrets get revealed by the millions, surprise surprise.

Comment Branding and image are not the problem (Score 4, Insightful) 226

Rebranding and image polishing are undertaken only when a company knows that things aren't going too well for them. Many Firefox users would probably agree with that, at least the technical users know it all too clearly.

However, the problems are not caused by the brand being unsavoury or the image tarnished. The brand and image are fine. Where problems have appeared it is because Mozilla developers have been forcing unwanted change on their users, forcing them continually to find remedial fixes to preserve friendly and productive old functionality. Browsers are not kettles, people don't want a completely different look each year.

The fact that Mozilla is now undertaking brand and image refurbishment clearly indicates the nature of the problem. The immense and unbridled ego of Firefox developers has put them in complete denial that Mozilla's problems are caused by them and them alone, and that has left their management with only one alternative, to play with branding and image.

It will achieve nothing of substance.

Comment IPv6 deployment is not a switchover (Score 2) 150

We've done little to nothing to move people to IPv6. .... The majority of home connections are still IPv4 and the majority of ISPs still only offer this.

What you say is not wrong, but many people will interpret it incorrectly as suggesting that there is a "switchover" from IPv4 involved. That's not how IPv6 was designed and planned at all. IPv6 was designed right from the start to run alongside IPv4, and "migration" or "transition" are poor words for what will mainly be an expansion of IPv6 use, and it may have very little early effect on IPv4.

Nothing will stop IPv4 from continuing to run other than the failure of old IPv4-only equipment and its replacement by IPv6-only gear, which will be uncommon (most replacements will be dual stack). IPv4 is quite likely to remain with us for many decades ahead, even if consumer ISPs cut it off earlier to save costs. IPv6 adoption may not even decrease IPv4 usage much at all, with the full 32 bits of IPv4 address space continuing to be used right up until the bitter end until it's stopped wholesale simply out of embarrassment. But that would be a long way off.

Short version: IPv6 merely expands IP use. It will be seen as a (very drawn-out) "switchover" only by individual users as their communication involves more and more IPv6, because single users don't scale. But on the Internet as a whole the rising adoption of IPv6 doesn't require a decrease in IPv4 use at all.

It is NOT a zero-sum game, but a growth of IP because the IPv4 bucket is too small.

Comment They already are "superheros" (Score 1) 451

Don't make these cars into superheroes or some retarded wish like that.

When's the last time you saw a manually operated air bag?

In these high-speed, blink of the eye situations, cars already perform as if they were superheros, and that is exactly what we want. We are greatly outclassed by machinery in most high-speed tasks, and this will become ever more so because it is to our advantage.

From the perspective of an automaton, choosing between alternative outcomes in the event of an imminent crash is no harder than choosing to deploy an airbag. Calling such functionality "superheroic" doesn't really add anything useful to the topic, but if you insist, they'll certainly behave that way.

Comment Easy to explain, it's a rational plan (Score 5, Informative) 149

Can anyone explain any way this would be worthwhile?

Sure. It's obvious to most people but it might as well be explained in case some folks haven't thought about it.

  • 1) Energy will be cheap during the day because the sun is overhead and that power source is effectively free and limitless.
  • 2) The sun isn't available at night, but solar power could be captured during the day and used at night, if storage were available.
  • 3) The battery storage of the article provides that storage.

There you go, it's pretty simple and very sensible. It's also a good idea to add the following prediction to the above as well, as it's really a foregone conclusion and hence very safe to forecast:

  • 4) All normal land vehicles will be electric in just a few decades. Burning fossil fuels may even become illegal, if not because of global warming and pollution then because it's far more valuable to use hydrocarbons as a raw material for industry. Burning money is silly.

Adding item (4) means that everyone will want the energy storage of (3) for recharging their cars when they get home. Paying the grid for that power when the sun can provide it for free during the day would be poor domestic economics. This pushes towards needing even more battery capacity.

Elon Musk is quite a visionary, but he's also a clever cookie when it comes to business. He knows where all this is going and is sewing up the future in EVs, mobile power storage, recharging stations, solar panels, and fixed power storage. He's got it all covered.

Comment War against mass surveillance continues (Score 2, Insightful) 71

Snowden's social tweets aren't of any great consequence, but media stories about him still play a vital role because the war against mass surveillance of western populations continues.

Without pushback by media and citizenry, our so-called democratic states were on an unhindered evolution from relative freedom to strong and very opaque police states. Snowden's efforts brought some much-needed illumination and public input to the whole area. After all, our governments are supposed to be working on our behalf against the bad guys, and not treating the entire populations of our countries as the enemy.

Some people are expressing boredom about Snowden's social activities. Well that's easily handled, just ignore the stories if you have no interest in them. They still play an important role in the media, because the pressure brought about by his revelations still needs to be maintained. And he's probably trying to have a social life too, which can't be easy in his circumstances.

Comment War on Darknets == covert War on Privacy (Score 2) 222

This reminds me of the Penn and Teller BS episode where people sign petitions to "End Womens' Suffrage".

Your observation is accurate beyond mere criticism of the survey. The governments are deliberately raising the profile of this new "War on Darknets" because they don't dare call it what it really is, namely their War on Privacy . The deception created by tech-sounding wordplay which the majority don't understand is central to making their plan work, because otherwise they encounter pushback from the masses who value their privacy.

"Darknet" has no specific meaning in CompSci, and so it can be used to denote any communication which NSA, FBI and DOJ do not control. This is very much a "thin end of the wedge" issue, because their desire to see and control everything will end only when there is no privacy left at all. These people don't believe in limits on their power.

Comment Risky, delayed liability, and unnecessary (Score 3, Insightful) 485

Nuclear energy (from fission) has a very large number of disadvantages. Here are just a few:

- It's inherently and obviously risky --- even its greatest proponents know that, but they just choose to minimize the importance of that risk and its deadly consequences. There have been more than enough nuclear reactor disasters already, yet some people just don't learn. Even with better designs, accidents will happen from geophysical causes and through human failure, as well as by deliberate action. You can't prevent this from happening, so don't create such deadly installations (and juicy targets) in the first place.

- Radioactive waste from fission accumulates a massive liability for future generations. It forces our own chosen risk onto our descendents without giving them any choice in the matter. This is unethical even in the best of cases, but in the worst case it's downright criminal because some of those radioactive stores will unavoidably release their contents (even explosively with human help) and result in human casualties and suffering --- maybe your own descendents. Don't gamble with the lives of others.

- Nuclear energy is out of step with a world that is rapidly converting to clean, inexhaustible energy harnessed from the environment. Nuclear is not just unclean but deadly unclean, and it's very demanding on the planet's resources as well. It adds to our debt on the planet instead of reducing it.

- According to a growing number of climatologists who are witnessing first-hand the unfolding climate disaster in the Arctic and Antarctic, our existing several hundred nuclear reactors could quite possibly be the direct cause of our extinction in the decades ahead, after the indirect cause (CO2 and methane) lead to death by starvation of billions and make the world's economies collapse. Nuclear reactors can't be rapidly turned off and made non-radioactive --- the full process of decommissioning takes some 50 to 60 years as an industry average, and it takes a LOT of money. There will be no money available under conditions of economic collapse, cooling will be interrupted, and many will go into meltdown. Even if you choose to disbelieve the warnings of specialists, the risk remains. Knowing what we already know about rising sea levels and epic storms, we should not be adding to the risk.

Dr. Brice Smith of the Institute for Energy and Environmental Research summarized this very well:

"Nuclear power is a very risky and unsustainable option for reducing greenhouse gas emissions. Trading one potentially catastrophic health, environmental and security threat for another is not a sensible energy policy." --- Source.

The whole idea of adding more nuclear power is hazardous and ill-considered, and it's also unnecessary.

Comment Elementary physics, latent heat of fusion (Score 1) 520

When water and ice are in equilibrium at 0C, adding heat melts some more ice, and there is no overall increase in temperature, it remains at 0C.

As expected, ice in the north and south of the planet is melting, the sea level is rising, but there is relatively little change in sea surface temperatures because the 0C meltwater circulates and slowly mixes with the rest of the water in the oceans, and so keeps the temperatures everywhere from rising too fast. That won't last forever though, since the ice will eventually run out.

If there were no ice on the planet, temperatures would rise roughly 80 times as fast. The latent heat of fusion (that means melting in this context) of water ice is 79.8 calories per gram (334 kJ/kg) , which means that you need about 80 calories to melt 1g of ice at 0C and turn it into 1g of water at 0C. If instead you were to apply those 80 calories to 1g of water at 0C, the water temperature would rise to 80C.

The latent heat of fusion of our planet's ice is (briefly) saving our bacon.

Comment In practice yes, though not in principle (Score 1) 131

Isn't the attack surface governed by the ports you open up on the Docker containers?

Although you describe a common case, it's not the general one. In principle the size of a software attack surface is given by the amount of code which is reachable through an attack conduit like a network, not by the "width" of the conduit.

For example, a given network service could be bound to just one IP address or to two, but its attack surface would remain the same despite double the size of the attack conduit. Likewise, a given service could be available on only one port or on N ports, yet its attack surface would not change despite any increases in the size of the conduit through which it can be reached.

(The attack surface is primarily a function of the amount of externally reachable code because the number of exploitable weaknesses is relatively constant per unit of code. Making the same code reachable through a wider conduit does not generally change its set of exploitable weaknesses.)

This assumes that the same code is being exposed regardless of the number of different IP address or port bindings of course. If this is not true because different functionality is offered on different ports then of course the size of the attack surface is no longer invariant.

Your observation is accurate in practice because the special case of "one port per service" is a very common one. It's worth recognizing that the general case is different though.

Comment Four technical interests (Score 4, Insightful) 1839

I'll add my +1 for putting Slashdot on IPv6 quickly, and then Sourceforge too when you have time. Virtually all ISPs, colos and hosting providers offer IPv6 already, and all the well known CDNs have done so for many years. With IPv6 uptake at 10% and growing ever faster, it's beginning to look bad for a tech site not to have IPv6 enabled. (It works perfectly, seamlessly and effortlessly, by the way.)

While many good ideas have been suggested in this thread, 4 of them stand out for me as very clear technical interests for many techies:

- Javascript optional and decreasing.
- Unicode.
- IPv6.

The huge interest in security and privacy among Slashdot readers make the first two items of special importance. It's no longer an innocent world of academics and enthusiasts like yesteryear, and readers need to protect themselves and the companies from which the site is often read with link encryption and effective script restrictions.

It's no surprise that use of NoScript is huge among the technical readership, nor that the JS orgy of was despised so much.

My best wishes for this new era of Slashdot. I'm looking forward to another (almost) two decades of interesting technical discussion. :-)

Comment Offering data to the public Internet (Score 5, Insightful) 127

An AC wrote:

People who don't secure their systems and devices are to blame for someone breaking into them?

There was no breaking in.

If you provide data to the public Internet without any form of restriction, you can't then validly complain when the Internet public sees that data. You offered it publicly, and the public took you up on your offer.

This isn't anything like breaking and entering, nor even like someone walking through a door which you left wide open. It's much more intentional on your part than that:-- you offered data to the public by creating an unrestricted access port on the Internet, your offer was accepted when someone opened that port, and then you deliberately sent your data out to that recipient. It was your choice, before and after you made the offer to the public. Nobody can force you to send your data if you don't want to. Your system wasn't hacked to change its code to something that you did not intend.

The closest analogy I can make is to imagine yourself standing on the sidewalk in the high street, an open sweet jar in one hand, and the other hand outstretched offering sweets to passers by. The highstreet is the public Internet, and your invitingly outstretched hand is the open port. If someone takes hold of the sweet, you can still prevent it from being taken by holding tightly onto the wrapper (an access restriction, perhaps you want to check that recipients are smiling first).

But if you first offer a sweet and then release it, you don't get to complain --- it was your visible intention to hand out sweets to passers by, and nobody can read your mind, only your actions. If you don't understand this then perhaps you don't grasp how Internet protocols work, and you would be best advised to stay well clear of the Internet.

You may wish that Internet protocols worked some other way, perhaps using ESP, but they don't. They work as they were defined.

Slashdot Top Deals

If it is a Miracle, any sort of evidence will answer, but if it is a Fact, proof is necessary. -- Samuel Clemens