Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Thrilling (Score 1) 15

by hey! (#49160063) Attached to: Spacewalking Astronauts Finish Extensive, Tricky Cable Job

Yeah, cause Mars Exploration Rover, GRAIL, Dawn, New Frontiers, Solar Dynamics Observatory, the Spitzer and Kepler telescopes, all those things are boring science. Only nerds find things like discovering Earthlike exoplanets or determining the origin of the Moon thrilling. They should get their own news site so the rest of us don't have listen to stuff that only matters to them.

Comment: Re:Hashes not useful (Score 1) 253

by hey! (#49159733) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

Again not necessarily. For example the web page and the download server might not be the same, in which case it is not true that being able to modify the download necessarily means you can also modify the webpage checksum.

Another example is when people download and stage a large file on their local network, which is very common practice. If the server on their local network, in a sense the file is modified "in transit", but the malware needn't be anything special or exotic. I'd go so far as to say if you stage anything on your own servers you ought to check its hash religiously before using it.

Yet another example of "not necessarily" is monitoring. It wouldn't be hard to automatically monitor the download page for unauthorized modifications. Of course you should monitor the downloads themselves for modifications, but that takes more time. You can monitor the hashes on the download page continuously from another computer, automatically shutting the page down if anything changes. That wouldn't prevent your download page from unauthorized modifications but it would contain the consequences and it's very easy to do.

This is what I mean by it's the stuff that goes *around* a security measure that makes it work. A hash doesn't do anything unless people check the hash. That includes people who are hosting the file. I often think of this as a kind of diminishing returns exercise; since people often have spent *no* effort on preparing to respond to being hacked, often the best marginal expenditure is in that direction.

Comment: Re:The law makes no allowances for irony. (Score 2) 81

by hey! (#49159617) Attached to: Craig Brittain (Revenge Porn King) Sues For Use of Image

It's well established that a person may become an "involuntary public figure" -- someone who does not intentionally thrust himself into the public sphere, but whose actions (or inactions) a reasonable person would expect to draw public scrutiny.

So the question is whether becoming a "revenge-porn" impressario is something a reasonable person would expect to draw public scrutiny. You be the judge.

Comment: Re:The law makes no allowances for irony. (Score 2) 81

by hey! (#49159313) Attached to: Craig Brittain (Revenge Porn King) Sues For Use of Image

Copyright is not necessarily the only law which applies here. It is possible, for example, to have copyright on works you have no right to distribute. If I write a libelous story about you, I *own* that story, but I can't publish it because it is libelous -- unless I alter the story so you aren't obviously recognizable.

IANAL, but I suspect that what matters here is the subject's "expectation of privacy". Even if you got her permission to take her photo with the understanding it's for your *personal* use, she probably has a reasonable expectation that you won't post it on a public website. In that case after a breakup you would retain copyright and the right to use the image for your personal use (although really how pathetic is that?), but you don't suddenly gain the right to share it with the world if that's not the terms under which she agreed to let you take her picture.

Comment: The law makes no allowances for irony. (Score 2) 81

by hey! (#49158485) Attached to: Craig Brittain (Revenge Porn King) Sues For Use of Image

Nor should it.

So this guy has *exactly* the same privacy rights as any other public figure has, neither more nor less. These rights are fewer than those enjoyed by non-public figures, but they are not zero. He can't stop people from using his image and name, any more than Kim Kardashian can. While in a sense she owns her public persona, she doesn't own every image of her that is taken in public. In other words people can't use her image to sell things as if she endorsed them, but they can use and even sell the image itself.

If this guy owns the copyright to an image, he can reasonably file a DMCA takedown. If the image is taken in a situation in which a public figure would have a reasonable expectation of privacy (e.g. inside his house), then he can take other legal steps, even though allowing that to happen would be poetic justice. The law doesn't deal in poetic justice, and judges aren't allowed to stop enforcing the law just because it would be cool.

Comment: Re:We need hardware write-protect for firmware (Score 2) 253

by hey! (#49158449) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

That's a bit like saying that having a portcullis in the castle gate doesn't help you if the enemy is already inside the walls, which is unquestionably true, but misses the point that having the portcullis makes it harder (although not impossible) for the enemy to do that.

I agree that a more secure way to update firmware, but we have to be realistic in that this would also tend to create new targets for malware writers (e.g. stealing signing keys).

I suspect what we really need is stuff that will occur *outside the box*, such as better vendor of firmware downloads and some kind of police agency tasked with discovering and investigating dodgy firmware. But of course the objection remains -- such an agency itself would be a potential source of problems.

Comment: Re:Hashes not useful (Score 1) 253

by hey! (#49158411) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

Seagate is correct. Putting a hash on the website doesn't improve security at all because anyone who can change the download can also change the web page containing the hash.

While I agree just slapping a hashtag on a webpage doesn't necessarily improve security, it doesn't follow that it can't.

Security is a holistic property; it's a property of a system as a whole. An important part of that is detecting when you've been hacked and knowing in advance what you're going to do. There are many scenarios under which publishing the hash codes of downloads improves security, but that *always* depends on people doing certain things, many of which can be automated on the vendor end.

Comment: Re:Can someone explain this? (Score 4, Informative) 76

by hey! (#49156569) Attached to: Oracle Sues 5 Oregon Officials For 'Improper Influence'

What they're alleging is that political staffers interfered with the project to help the governor's election chances.

As much as I believe Oracle is the spawn of Satan, if the governor's aides and staffers did that Oracle would have a reasonable complaint. When you sign a system development contract you agree to deliver a system and the client agrees to pay you. If you someone induces your client not to accept a system that meets the criteria, that's what lawyers call a "tort". It's something you can justifiably sue over.

Likewise there are many ways political operatives could potentially sabotage a project, and that'd be actionable too. Any non-trivial development project is dependent upon the client acting in good faith. They have to act as if they want the system. It's extremely easy for a client to cause a project to fail, by raising an endless stream of trivial complaints or by dragging its feet in its responsibilities like acceptance testing or giving feedback. It'd be all to easy for well-placed political operatives to undermine the bureaucracy's willingness to cooperate.

That said, in *this* particular instance the suit sounds like business as usual for Oracle, in other words acting like bastards.

Comment: Re:Where the economic system breaks down (Score 1) 254

by hey! (#49155959) Attached to: 5 White Collar Jobs Robots Already Have Taken

Here's the thing about technology prognostication. Timing is everything. Take predicting tablets being a big market success. People were making tablets back in the early 90s and people were predicting that it would take off. But the timing was wrong. It's clear to anyone who saw 2001 that tablets would someday be a big deal, but it took more knowledge than most people have to understand the prerequisites that could make that vision come true (display technology, battery weight and volume, processor performance and consumption, memory density).

This caution applies to dystopian predictions as well. People have been predicting that automation would destroy the economy for hundreds of years by now. Instead automation has increased productivity and raised wages. So it seems sensible to dismiss future predictions of an automation apocalypse. Except we can't.

Reasoning from historical experience is for most people reasoning by vague analogy. But each moment in history has to be looked at on its own terms, because sometimes things have to be just right for a certain scenario to unfold. The devil is in the details. So the idea that automation is going to produce mass unemployment is not certain either way. We have to look at conditions in *this* moment of history and reason specifically. That's hard to do.

Comment: Re:just FYI (Score 1) 77

by hey! (#49155893) Attached to: Banned Weight-loss Drug Could Combat Liver Disease, Diabetes

Well, like Paracelsus said, the dose makes the poison. Or in this case the release mechanism.

Blood concentrations of drugs usually peak an hour or two after ingestion and then taper off depending on the mechanisms the body uses to either break the drug down or excrete it directly (when you're an old Geek, you begin to pick up a lot of this stuff). So it's entirely plausible that the same amount of drug which would be dangerous in an ordinary pill would be acceptably safe in a timed release formulation, particularly if it is quickly eliminated from the body. The concentration in the patients' tissues would never reach dangerous levels. You can think of it as a lower "instantaneous" dose.

Comment: Re:Corporation != People (Score 1) 379

by hey! (#49155827) Attached to: Verizon Posts Message In Morse Code To Mock FCC's Net Neutrality Ruling

Corporations are a peaceable assembly of board members and/or shareholders.

This is an interesting, but not quite valid argument. The reason is that corporations are *not* an assemblage of individuals. Associations are. The laws and privileges entailed in being a corporation are different. If associations, partnerships and corporations were the same thing, the rules would be the same. But thery're not. Stockholders aren't financially responsible for the debts of a corporation, nor are they legally responsible for the deeds of the corporation.

I hold stock in a number of companies. Were I a *partner* in the corporations I could walk onto any of the company's properties, because it's *my* property. If I own stock in Target I can't just have a shufti around the back room of the store; it's not my store. It belongs to the corporation.

Also as a stockholder in a number of corporations, when those corporations engage in political activity they are not exercising *my* rights. They don't represent me in any way, nor do I have veto power when I disagree with them. When the Sierra Club speaks out on environmental issues, you can presume they speak for me as a member, because they exist for that purpose, and I joined on that basis. When JP Morgan Chase buys a congressman, they are not speaking for me, even though I hold stock. I'd rather they don't. I bought JP Morgan stock many years ago as an investment. Insofar as they participate in politics they're usually working against my interests.

Comment: Re:White balance and contrast in camera. (Score 1) 360

by hey! (#49155729) Attached to: Is That Dress White and Gold Or Blue and Black?

I've sat right next to people who see the dress differently than me. It's *the same image* on *the same monitor* at *the same time*. So it's not a case of the monitor calibration or the camera white balance that creates the discrepancy, although obviously manipulating those things will change our individual perceptions of the dress. What's interesting here is the differences between people presented with an identical image.

Color doesn't exist in the external world. "Purple" isn't a wavelength of light, it's a kind of "additional data" tag which our brains add to parts of an image that allows us to extract more information from it. Consider the famous "Rubik's Cube" optical illusion where the same square looks either orange or brown based on whether contextual cues make us think it is in shadow or not. There's an illustration here.

The only difference between the Rubik's Cube illusion and The Dress That Broke The Internet is that practically *everyone* experiences the paradoxical sensations of the Rubik's Cube Illusion; in the case of the dress the paradox is in how sensations *differ between people*. The dress image is a kind of borderline case where our brains can "tag" the "pixels" of the image in one of two possible ways depending on what it thinks the context is. Different brains are trained by different experiences to expect different contexts. If we saw the dress being worn and in person, chances are with all that context there'd be less disagreement.

Comment: Genius. (Score 3, Funny) 205

by hey! (#49149869) Attached to: Lenovo Saying Goodbye To Bloatware

CEO: This Superfish incident has put our credibility in the toilet. Even corporate customers are looking askance at us now, and we didn't put it on their computers. Suggestions?

Executive 1: Lay low until it blows over.

Executive 2: Hire a new PR firm.

Executive 3: Start a social media campaign.

Genius executive: Maybe we should promise not to do stuff like that anymore.

Neutrinos have bad breadth.

Working...