Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Comment Re:I'd be wary of Musk, too (Score 5, Insightful) 71

He seems really good at using government subsidies to make money for himself.

Well, that's the point isn't it? To jumpstart private industry? You can't do that without the profit motive.

Tesla paid it's 450 million 2009 loan back with interest in four years and went from the brink of bankruptcy to a market cap of 29 billion dollars. Sounds like a success story to me.

Comment Re:Wait, they shipped the private key? (Score 1) 62

But what possible use is publishing your private key?

Perhaps, it is to be able to deny responsibility for bad software later, but that's a little too far-fetched...

Well, we're not talking about publishing THE private key to anything Dell cares about. We're talking about publishing A private key that Dell can use to do things on the client's machine that undermine the security model. Why? Well there's lots of potential ways to create revenue or cut costs that way. For example Lenovo did it so they could inject ads into web pages that were supposedly cryptographically protected from tampering.

Comment Re:Wait, they shipped the private key? (Score 1) 62

So, the happy owners of the affected laptops can now issue certificates and/or sign drivers, which will be accepted as genuine by other owners of Dell hardware?

Seriously? If so, that's just too dumb to be malicious...

It's not too dumb to be willful negligence -- defined in legal dictionaries as "Intentional performance of an unreasonable act in disregard of a known risk..."

Having the know-how to do such a thing necessarily entails knowledge of why its a bad idea. So either an engineer acted in breech of professional ethics, or managers rode roughshod over the engineers' objections.

Comment Re:High level? (Score 4, Insightful) 81

Speaking as someone who learned C in 1980, C was originally thought of as a low-level language -- a suitable replacement in most cases for assembly language that, while abstracting underlying details like the CPU instruction set and registers, remained relatively small and "close to the hardware". Then later 80s I was asked to take over a course on C, and when I looked at the course description I was surprised to see it described as a "high level language". I asked the person who wrote the description what he meant by "high level language", and he really had no idea. He said he meant it was "powerful", which of course is just as vague when comparing any two Turing equivalent languages.

Of course "high level" vs. "low level" is relative. C is "high level" in comparison to assembly, or "B", in which the only datatype was a computer word. On the other hand C "low level" in comparison to most other languages that hide away the details of the hardware like instruction set and registers and such. So it depends on what you're comparing to; but in general I think people who describe C as "low level" know more about what they're talking about than those who call it a "high level" language.

The important thing isn't whether C is "high" or "low" level; it is what makes C work, which is largely about what was left out. It didn't have all the bells and whistles of something like PL/1, which made the language easy to implement, even on a tiny 8 bit microcomputer, and easy to learn, in the form of a slim, almost pamphlet-like book (The C Programming Language, 1st edition was 228 paperback-sized pages long).

Even so, C has become very slightly more "higher level" over the years. The original K&R C was more weakly typed than the later ANSI C. Particularly when you were dealing with pointers, the declared type of a pointer in K&R C was more of a mnemonic aid to the programmer than anything else.

Comment Re:C is high level? (Score 3, Interesting) 81

is there an obvious difference in the generated assembly?

There would be in most projects that were not outright trying to obscure they were using C++.

Its been a while since I looked at disassembled code, but you used to be able to easily tell what compiler and even version of that compiler was used just from the boilerplate setup code; the way things were 'arranged', exception handlers etc, and obviously library usage was frequently a dead giveaway. Your not going to see a either an iostream or an STL container in a C program.

Comment Re:PASSWORDS (Score 1) 482

Everything should be two factor password system with one being a token/phone/pc,

No thank you. I'd like to be able access things like webmail without a token. The reason I'm using webmail in the first place is usually that I don't have my phone or laptop with me. And the last thing I want is a token that can never leave my side, and that upon being lost or damaged locks me out of everything everywhere.

Additionally, I dont' want to give all these entities my cell phone number. (A common identifier that can be used to tie multiple otherwise disconnected accounts together; that ties me to a geolocation, a real identity and even payment information -- unless i go to steps like carrying around a dedicated burner phone.)

I simply don't care to hand them all that information; especially since their marketing deparments treat it as a gold mine.

And if I'm not using a phone as my token... I definitely don't want to carry around a bag of RSA dongles.

the second one should be a short, (no more than 6 symobls - including every key on a standard keyboard

a) Whose standard keyboard? Not everyone speaks US english or uses a US english keyboard.

b) Why limit it to 6 characters? None of my passwords are that short. And at 6 symbols your are into easy "over the shoulder" password theft territory.

"Aha! But they won't have the token!" you'll counter.

Aha nothing! many of the people who might steal my password over my shoulder would be able to get access to my phone too. Coworkers, roomates, the pickpocket at the restaurant, bar, or checkout line...)

Each authenticated resource has a different risk profile, and merits different levels of protection. The registrar account holding our domains and our investment accounts needs a lot more security than a logon at slashdot. The same rules for both don't even make sense.

I certainly don't want a dongle for /. and I don't care to give dice my phone number either; nor have to deal with 2 factor to login to /.

Passwords (and authentication in generall) is a complicated problem. And standardizing electronic authentication is as absurd as standardizing physical authentication. (Can you imagine how absurd you'd look declaring that everything from your luggage to the bank vault should use the same type of key to open the lock?)

Comment Re:Everyone has to learn about it. (Score 2) 191

What would be nice is if they learned about it before they develop habitual patterns for using a language/platform.

The problem is that people who teach n00bs want to give them the success experience of updating a database early on, before they've learned about prepared statements and (the much broader topic) of checking user input. If they'd just stop that then over the course of years the problem would become much smaller.

Comment Re:Greed rules in Corporate America (Score 5, Insightful) 116

Of course Corporate America is supposed to rule America. What do you think the word "capital" in "Capitalism" means? Rule of those with capital., i.e. rule of the rich.

Funny, I thought capitalism was an economic system in which capital goods are owned by private individuals or corporations and in which decisions about pricing, production and distribution of the output of those capital goods is determined by the owners in a free market. Note that this does not preclude myriad forms of government regulation.

The only surprise is how "capitalism" has been marketed to Americans such that generations of them defend the rule of the rich as some utopia or ideal.

Well it's hardly surprising that private interests have rebranded regulation in the public interest by the boogey-man term "socialism", but I expect we are seeing early signs that this is starting to backfire. Americans in my generation associate "socialism" with the Soviet Union -- as a kind of "Communism lite". Millennials are increasingly apt to associate the word with the kind of "Nordic model" social democracy practiced in hellholes like Denmark and Sweden [note irony].

Comment That's because the plan is ass-backwards. (Score 1) 118

It's pointless to try to get the politicians to care until after you've got the voters to care.

"Care" of course means more than agreeing in principle that having a space exploration plan would be a good thing; it means when progress doesn't happen you get upset. Most people think some kind of space exploration plan would be a good thing, but very few care when it doesn't happen.

I've got a bad feeling about this.