Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Using SHA-1 in this day and age is just lazy (Score 0) 195

A hash of 128 bits or more is a more reliable unique ID than anything custom you could code up.

No.... A hash of 128 bits can be either Reliable or Unreliable, depending on the hashing algorithm.
In the case of SHA1; It is now known to be Unreliable.

and as others have pointed out, sign your commits.

Signing your commits does not actually solve the problem. The colliding commit will just not appear to have a signature on it.... the SHA hash will still be the same, and at best you may notice later if you review your history tree to find an unsigned commit, long after the damage has been done.

Comment Re:Using SHA-1 in this day and age is just lazy (Score 1) 195

Statistically the chance of running into a SHA1 collision under ....

Just because a choice of technology seemed a "reasonable" choice does not mean exposure of a failure case is not a bug.
The "HASHing" algorithms and Database formats used inside the program are internal technical design choices of the software and does not Affect what Correct behavior of the software is.

If a program has only a statistical chance of working correctly when you expect it to [less than 100%] in the worst-case real-world scenarios (Intentional attacks), then by definition the software is buggy.

For example, if a Caching HTTP proxy server used hashes internally to identify documents, then Serving the colliding document with the same hash when requested a URL pointing to a different document is Still definitely a bug.....
Similarly, using a Database format which cannot correctly and uniquely identify certain things, And then serving the wrong data when later queried is a Bug, and just the same sort of bug.

Comment Re:Using SHA-1 in this day and age is just lazy (Score 1) 195

Well, it is not the software's use non-cryptographic code for cryptographic applications.

I'm referring to use cases specifically like SparkleShare, By the way. Git-based Dropbox-like file synchronization tool.

It's arguably a major Bug in Git if the Git software keeps track of an object Solely by Hash, and lazily assumes that the Hash
uniquely identifies a specific version of the file, And that assumption turns out to be false, and data corruption or tampering can be caused as a result.

HOWEVER....... Arguably Git does not carry a promise that the software is Durable and Safe outside of its intended use cases. Sometimes it is valid for software to carry disclaimers, such as: Please check that your object is not malicious before checking it in.

That actually begins to become unreasonable, when Git is being used by a larger and larger development teams, however..... the chance that someone wants to try something funny greatly increases at some point, and the chance of a mistake occurring increases with larger volumes of source code being managed and updated and committed in on a daily basis.

Comment Re:Using SHA-1 in this day and age is just lazy (Score 2) 195

As far as I can tell, this is a non-cryptographic use of hashing.

It's Non-Cryptographic until you start using GIT for alternative use cases which it was not designed for.

Code your developers write and store in Git should be trusted data, in the sense you are not trying to attack the system.
And code you accept from third parties should be reviewed by humans first to check that it is non-malicious.

Since the SHA-1 collision attack can be detected; It seems like it would be also a simple patch to Git to check before Adding or Updating a file in its repository if the file contains a SHA1 attack, And if so, spit out an error instead of saving the commit.

Comment Re:Effective solution (Score 1) 142

You won't get into if conditional and loops and mathematical processing until hour 3 or so.

That's fine for college, but if they only have 1 hour, they should go Directly to Loops in Hour 1.

I would suggest they use a Toy language with a program counter and assembly primitives.
By sticking with Assembly as the language to introduce with, It will be much simpler, since there are fewer concepts, no sophisticated mathematical structures such as nesting or advanced syntax to teach directly --- just a vocabulary of instructions, And there is Very little/No syntax to learn,
even though it would be more work to write practical programs. That way students can be tought Loops and IF statements as the same subject, Since, really, they Are the same thing.... Just conditional branches; The only thing special about a loop is the Destination PC address includes code already run.

Also, no need to teach Higher-level abstractions such as Variables at an introductory level...... Registers are plenty sufficient.

Comment Re:$1500 to $250,000 (Score 1) 103

It's probably a PAY PER USE Software license..... Clarified Analyzer was a commercial alternative
to Wireshark that used to be used that. Each license Allows one-time or one-shot use of the software, and
each time you want to go back and launch the program, and re-use it, then you need to buy another ticket.

E.g. You buy 1 Cookie for $1500 which allows you to use the Smartphone unlocker software program One time on one device,
and each smartphone you unlock decreases your licenses remaining counter, and your licenses cannot be reused.

Or you buy a 200 Cookie license for $250,000, and that lets you do the unlock 200 times.

Comment Re:Breaking the law? (Score 1) 102

It's not conversion because the original owner is using the right they retained despite the sale.

No..... The original owner's App linked to the device is a Technical means of access, not a legal right to the property.

It's not like having an undisclosed Easement or Lease against the property, Because easements are actual contracts that Legally encumber
property owner's rights.

I mentioned the example: It's more like handing over the keys to a house after the closing papers are signed, But forgetting or failing to mention that there may be 7 other copies of the keys you handed over, some in your possession, some in your friends' or neighbors possession.

You don't commit a crime by failing to disclose this, BUT If anybody abuses their copy of the key to gain entrance into the house, then
they probably commit the crime of trespassing.

If you complete the sale of your car, the new owner is legally entitled to do Anything with the car after the transfer of ownership, Including have the computer memory reset to factory, or clip off all the antennas to block the remote control features.

Comment Re:Breaking the law? (Score 1) 102

Are the previous owners not breaking the law by retaining such control?

Probably not merely by still having the control. The new owner has a certain level of responsibility to ensure that possession and
control are fully transferred to themself, or raise the dispute within a reasonable time period.
 
For example: If you sell your house,
and happen to still have a copy of the key..... that's not illegal in itself, The generally expected thing to do is for the new homeowner to rekey their locks,
though, Because the previous owner is not really responsible for All the other people, neighbors, etc, they might have shared the key with ---- An oblivious Friend/neighbor unaware of the sale could come into the house with an unknown key 6 months later and not have committed any crime.

It will be illegal if After you sell your house, you come back later knowing that it is no longer your property, and use a copy of the key you kept stashed in order to
enter the building without Permission from the new owner.

Similarly it will be illegal if the previous owner of the car uses their App still linked to locate your car and gain access to it,
or send other commands to the car without the permission of the new Property owner to do those things.

Merely having the app as a file somewhere on their phone is not conversion though.
It's not conversion or break-in/theft until they intentionally take an action unauthorized by the new owner regarding the asset.

Comment Re:another case of fundamental bad design (Score 1) 102

No... it doesn't mean the sales have to go through the dealership.
It does mean that the Dealership gets to charge Tax/Service fee to correct the Links apps thing.

But there are other Reasons you might need to change authorized phones other than change of ownership for the car...

For example: Your Cell phone was stolen and you can't wipe the app off, Or you got a divorce, etc, etc.

Comment Re:dealership only sales and service coming soon? (Score 1) 102

Job One will be to identify and short to Ground all the GPS and wireless antennas -- except the one for the radio

Except this might interfere with servicing, when the Dealer requires wireless access to the vehicle for routine activities such as resetting warning lights, upgrading firmware to correct issues, or reading diagnostic codes.

Concern is that at some point, the dealers might make cars that literally stop working if they fail to check in to the dealership's systems for a long enough period of time to verify Software licenses, or something

Comment Re:How is that supposed to happen? (Score 1) 388

Dude, you can't even reasonably calculate the number of man-hours that have been lost to air-powered hammers when used to frame a stick-and-nail framed house.

Which is why I suggest finding a "Percentage of gross revenue which must be cost of Wages that withholding taxes will be due upon" for the purposes of deciding what the Automation tax will be. Instead of trying to directly count Man hours gained or lost.

Also, if Automation lowers prices, then revenues will go down. If more total work gets done by the business as a result of automation, then the tax will also become negligible, because the increase in revenue will be Offset by more work being required.

Comment Re:that's it. the end game. (Score 1) 388

We will not see a 1-1 conversion of employee to robot. We never have.

What we see is the introduction of a software application, or of a machine, that requires humans to operate and maintain.

Right.... one bot can potentially replace hundreds of people.

There's nothing that says the task of operating and repairing machines cannot be automated, and the pace of technological development is very high lately.

machine allows the business to expand. But when the business expands, it does not need to hire more people, it can just make better use of the people it has.

That works for SMBs, But larger businesses conduct mass-layoffs which are catastrophic to the public, when their requirement for human workers decreases.
It is not because of Machines that business expands; business would expand as long as there is an increase in customers willing to pay the price the business can sell at. It's because of increased volume of demand from consumers, and business owners are incentivized to expand their businesses, because they will earn more money per quarter with a larger business.

The expansion of businesses is attributed to a number of things, But mostly Population growth.
If a Business does Not expand or increase number of employees, then Relative to the economy, and because of Inflation, that business is actually shrinking.

That isn't a trick to work around your proposal, that is how automation has been progressing for centuries.

It's not reasonable to expect automation of past centuries to show what automation in the future will look like.

Shall we apply your proposal to farmers who use tractors to let one worker do the work of 100? What about those same farmers using Excel to reduce a whole team of accountants down to just one? What about the huge trucks used to ship goods to shopping centers, eliminating whole teams of horse-and-carriage drivers?

A key difference is these developments were in isolation. The pace of further automations was very low, and only a small fraction of the economy was impacted at the time. That is not the case with new automations coming out in this decade, which will probably be able to cut most human jobs to near zero across all industries.

The public has already taken the negative Fallout that came with these automations, and we're now enjoying the benefits.
Around the time the tractor was being introduced, It maybe could have been a net public good To slow the pace at which farmers could be replaced, But the time to propose that Already arrived and passed a Long long time ago.

What about the huge trucks used to ship goods to shopping centers, eliminating whole teams of horse-and-carriage drivers?

Why don't you ask the Horses how they would feel about it. Because that is the role the Humans are going to be placed in now..... Not the role of the Drivers (Who could find other work), but the Role of the Horses.

The actual ramification coming is that Human work will be largely obsoleted, and Human hands will likely have their economic value reduced to 0, while 100% of the Cake gets re-assigned to people who own Real property and Raw materials which robots can do work on for basically free.

Instead, we should embrace the fact that we can automate our burdensome labor away, dive into that head first (as we are doing anyway), and figure out how to provide for the teeming masses of people who can't find work. This isn't a problem we can escape by slowing the adoption of labor automation

Why not slow it down, until our culture is ready to handle it, And people can figure out what to do with their lives, if they are no longer able to do Valuable work, and Not able to Improve the world, or Change the world, or make some small contribution to something of meaning, with their Mind or their Hands?

Essentially the future direction of automation appears to be that 99% of Humans will eventually get forced into retirement at a very young age, And they'll be destitute with the Robot managers and the Government owning all the money.

Comment Re:How is that supposed to happen? (Score 1) 388

Robot workers and automation make the cake bigger. You should not use taxes as a mechanism to keep the cake small.

My proposition is this cannot be true. The cake is made bigger when companies invest in human labor and put in economic output an amount comparable to what they take in.

When companies decide to stop investing in human labor as much as possible and hire robots instead, In other words, maximize dollars that come in and don't leave as economic output, in the extreme case take in massive $$$ and spend No money to produce products worth (In terms of cost) a tiny fraction of what is paid, this means they have found a way to horde more of the cake, and there's no increase in the size of the cake associated with these actions.

What I suggest is essentially an Efficiency limit. a Minimum amount of money companies have to invest in labor capital, A ratio of required labor per Dollar of revenue emitted, Requiring companies to be economically productive, both in terms of the value of goods produced, and the value of services consumed, and not be able to just horde cake Or produce something from nothing.

Slashdot Top Deals

The disks are getting full; purge a file today.

Working...