Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Missed the Boat? (Score 1) 263

The "once someone is paid, they stay paid" is a feature of BTC. It would be nice if there were an escrow mechanism with a time limit so if Alice sells a vend a goat machine to Bob, Bob puts the BTC in escrow, until Charlie vets that the vend a goat machine made it to Bob's place and is usable, then allows the transaction to proceed, or before a time limit, interrupts the transaction and has the money sent back to Bob if instead of a vend a goat machine, it were just a box of cinderblocks. This will help against one of the more common auction frauds, and it protects the seller (the currency goes into escrow before the product is shipped), and the buyer (the escrow agent validates that they actually got what was in the package.)

Of course, this isn't perfect... the Bob the Buyer can pull the vending machine out, place some stones, then allege fraud to Charlie so Charlie nixes the transaction... but that goes from common auction fraud which is an everday happening, to actual felony larceny. Escrow does raise the bar though, and given a high enough value transaction, it might be Charlie has his people waiting with Bob for the package to actively validate that all shipped as it should have.

There is another downside... Charlie's reputation. This was discussed back in the 90s on the cypherpunks list, that if the value of Charlie's reputation was less than what the transaction was, he could collude with either Alice or Bob to fuck over the other party. It might sully Charlie's doings in the future, but if the transaction was valuable enough, hosing one party might just be worth it to the escrow agent, as they could go find another biz after that.

Comment Re:Good idea, but not ready for primetime (Score 1) 263

Right now, we are seeing version 1.0 and version 1.1 of cryptocurrencies.

I can see a version 2.0 of a cryptocurrency coming out, with some features to help:

1: Escrow. It would be nice if a third party, Charlie, could be part of the transaction, and Alice and Bob's transaction it wouldn't be completed until Charlie gives the OK. If Charlie doesn't give the OK, Bob doesn't get the currency... eventually after a selected timeout, the coins wind up back with Alice. Or, it could be configured the other way, where Bob gets his coins if Charlie doesn't step in and say "no" after a period of time. Of course, there can be collusion between Charlie and either Alice or Bob to fuck over the other party, but having the -option- for an escrow service so both parties are happy would go far in making a currency usable for trades.

2: Auditing. The ability for a party to tag their own expenses with their own ID for something, so they can in the future run through the blockchain, and find all occurances of that ID. It would be equal to the "For:" line on a checkbook.

3: Refunds. The ability for both parties to reverse a transaction, on the premise of the item in question being returned. This will go a long way in proving ownership of something if it gets questioned.

4: Disabling spending of currency for a period of time. This adds a "timelock" value, so if the currency owner is going to be gone for six months, even if someone has access to the wallet, the coins can't be spent. Of course, once the time expires, it becomes a race between the legit owner and anyone else who has access to the wallet's private key, but it is a way to ensure coins are not going to be gone while someone is on a trip. Of course, this value should be limited to a fairly period of time (6-12 months), so coins are not tossed out of the economy permanently.

5: Similar to #4, but disabling spending of coins for a period of time... but allow them to be re-enabled if another wallet or private key gives the go-ahead. This way, one can have one wallet that coins go in, set a time lock, but still have an offline wallet that can re-enable use of the coins should the need arise.

6: A way to mark part of the transaction as sales tax (with the receiver agreeing on that), so the sender is showing that the 110 units they are paying, 100 are for the product, the rest are going for taxes like a VAT or the like. Similar to #2, but covering the tax angle. In case of audit, it would be easy to just show the blockchain and that the receiver acknowledged that the tax was properly paid.

7: A way to preen the blockchain after a period of time, say seven years of older transactions, but still keep the crystallographic integrity of the entire thing. This way, eventually, the blockchain size will tend to stabilize as soon as old transactions get expired.

I'm sure there are other ways, but adding some cryptographic tricks (like escrow and moving coins out of play for a period of time) will definitely add to currency security.

Comment Re:So Let Me Get This Straight (Score 2) 242

The Telnet server required an Expect script to use... and yes, you -can- do stuff that way... but it is a relative PITA compared to ssh, Python libraries, and Ansible. As the parent said, sending unencrypted passwords through a link (yes, one -could- do tunnels, but that is another bunch of hoops) was possible... but with SSH (especially with RSA authentication), it is far, far easier.

Comment Re:So Let Me Get This Straight (Score 2) 242

SQL server is a database server, and some applications require it... but at least there are others, and one doesn't have to run their business on it. There are alternatives, from MySQL/MariaDB to Oracle, and the nice thing about Oracle is that there are no license keys to manage, so if there is a disaster, getting your RAC cluster back operable isn't dependent on licensing/activation.

This isn't to say SQL server is bad, but if one wants to move from Windows, there are RDBMS products which are just as good available. If you like NoSQL, but still want ACID... there is always MarkLogic.

Comment Re: Turd (Score 2) 242

This. I'd love the ability to provision a Windows box, toss a SSH key on it and have it ready to be managed via Ansible.

On the development side, being able to Vagrant up a Windows box as easily as I do other boxes would be nice, and make life a -lot- easier when it comes to testing. If I need to create a Windows box to make sure a certain set of Registry settings works, it would be nice to create a base box, boot it, have Vagrant provision it, and have it ready to go. Then, when I want to prove my stuff works to another developer, I point them to the repository with my Vagrantfile and provisioning scripts.

Vagrant is a wonderful tool for testing in the UNIX environment. It (pretty much) guarantees that I will have the exact same environment for testing as the developer, and if their code works in a Vagrant box, it will work in mine. I'd love to have the same ease of use on the Windows side. The closest I can come to this is a WIM image and a directory full of MSI files.

Comment Re:So Let Me Get This Straight (Score 4, Insightful) 242

The same as it's always been... full integration with the entire line of business-oriented Microsoft products (including Exchange) and support for the vital third-party software that requires Windows.

For many years, Microsoft's business model has been to promote a Microsoft-centric universe. If you use Office, you'll get the best service with an Exchange server, which must run on Windows Server, and really needs Active Directory, which supports your Windows workstations, which integrate with Office. It's not just that Windows is a GUI-based OS. Microsoft products are a part of a whole tangled mess of dependencies, and for years we've been stuck dealing with the downside of that glorious integration.

Every IT admin has a story about the vital business process that involved a human robot. Every day a human logs in, and runs an Excel macro to generate a spreadsheet, that he saves as a CSV file and loads into a third-party program, which generates a RTF document, that needs to be renamed to .txt and moved to a different folder for another program to find and render into a PDF, which the human has to open and read the third line on the fifth page to determine which managers need the report emailed to them. This is a GUI-based process, because the software runs on a GUI-based OS. It can't be automated, because the software doesn't support it. For decades, automation has been a "nice to have" feature, because it never fit into the Microsoft business model, so there was never a good framework to support it built into Windows.

Sure, we had some old tricks... Batch files, DDE, COM, OLE, WSH, VBA... but they never really enjoyed full support from Microsoft. They were supported features, but not supported enough that third-party vendors would feel pressure to support any automation.

Now, with PowerShell and the Core offering of Windows Server, there's the notion that everything should be able to be automated. Sure, we've had that idea from the very first days of Unix, and *nix has embraced the concept to maturity, but *nix still doesn't run every piece of business-critical third-party software. For those of us who are already firmly entrenched in that Microsoft-centric world, this is a much-needed good omen.

Comment Re:Sad in a philosophical sense (Score 4, Insightful) 110

The utility of humans in space is the long list of minor things that didn't make it onto your list of headlines. Crystallography, metallurgy, chemistry, biology, physiology, and materials science, to name a few, are all fields that have benefited from research on the ISS.

For having so many small experiments and projects to maintain, a human presence is really not that much more effort compared to building robotic versions of each experiment. The human is also far more adaptable, able to repair and rebuild systems as needed.

Comment Re:The making of a Terrorist (Score 1) 40

Canada, or any other country that thinks email addresses aren't bait worth biting.

At that time, from that country's perspective, Eccleston may have been a US agent trying to get that country to engage in easily-traced espionage. If they made a deal and were provided a list of email addresses, they might also get a number of fake accounts that serve as honeypots. Any attack on those fake accounts is a clear connection to the country in question, and they can't effectively deny it.

When that accusation is presented as a particularly inopportune time, such as elections, political unrest, or during diplomatic negotiations, it may cost that country far more than the $19,000 Eccleston was seeking.

Comment Re:Expect a lot of people to be approached (Score 1) 40

So in other words, it's exactly the same as what happens when a foreign intelligence agency wants to get information from an American.

Changing jobs might mean you're unhappy with your previous employer, and want to embarrass them. A stranger, press, authors, peace activist, historians, random charming foreigner, fake diplomat with heavy accent or just a "new" "friend" in the area might just be able to convince you that your government is the embodiment of Absolute Evil.

Holidays or travel really make for great opportunities to meet new people and pass on information with less chance of being watched by American agents.

When in another nation, that good-looking lady at the bar might be easily impressed by your high rank in the American government, and the power you hold. A few different teams will have that on record, and use it to convince you that you're so far down the hole already, the only way out is to keep giving them more information.

The main thrust of such efforts is to get your information, and ensure that you've cooperated willingly enough to not report it. Claiming to be merely "academics, authors or press looking for comment, background or context," and raising such noble banners as "freedom of the press and freedom of association," the foreign agents can convince you that the American people are gravely threatened by every action of their government, and that you, the grand gatekeeper of the next revolution, hold the keys to the freedom.

All you have to do is give a little bit of information...

Comment Re:The making of a Terrorist (Score 1) 40

As has been discussed every other time it comes up, yes, the FBI can do exactly that.

Law enforcement officers can lie to you, bribe you, and they can even break certain laws (with appropriate approvals) to get you do do something illegal. There is a single defense against this kind of tactic, and it doesn't require a lawyer or court fees: just don't do it.

That's it. If someone asks you to do something illegal, decline. If they offer to assist, or even provide support, decline anyway. The FBI or police cannot arrest you for following the law. They can arrest you for breaking the law, or even for thinking you're breaking the law and going ahead with it.

In this case, the accused showed he might be interested in breaking the law. The FBI then gave him the materials and incentive to do so, but he'd still be walking free if he had followed the law and reported the apparent criminal activity to the FBI or other law enforcement. Of course, he instead followed through with the plan, completing his actions that would have "damaged protected government computers".

Comment Re:Open to Questions (Score 1) 1305

Where's the suggestion box?

I have a few items:

  • Have a feedback option that doesn't involve email. Have somebody actually read what's submitted.
  • Fix the justoposition between "brevity is the soul of wit" and accepting Bennett Haselton's long-form rants. Either pick one approach, or devise a way to keep the concepts separate, like having a separate topic for essays.
  • Resist the temptation to add to a story. The story is not the place to discuss where the editor was when he heard about the Challenger desaster or what specs are appropriate for a $50 computer. Those belong in the discussion. Perhaps give editors the ability to reserve the frosty piss, but keep stories objective.
  • Keep the stories objective. If you're running a piece about one company, discuss the company's industry. If the story is about one product, discuss that product's contributions to the state of the art. If the story is about a person, describe the person's actions, but do not judge them.
  • Understand what you have. This is Slashdot. We want Natalie Portman naked and petrified, covered in hot grits. We don't want attachments to Facebook, Twitter, LinkedIn, Google+, or Reddit, unless we've specifically opted in to those. We want things that are well-designed, not things from a designer. Announce your changes with a poll (perhaps restricted to positive-karma users?) and see if they're accepted by the community.
  • Stay involved. You're posting pretty often now, but what about next month? What about next year? You might browse stories now and then, but will a post calling your name be noticed? Are you Kibo?
  • Perennially, fix HTML and Unicode in posts. Lists that look like quotes and Unicode that looks like a simian's attempt at Shakespeare have been long-standing problems, and fixing them would go a long way toward establishing some trust with the users. Good luck with learning Perl for that.

In short, take care of us, and we're happy to have you here. Our corporate overlords are dead. I, for one, welcome our new corporate overlords.

Slashdot Top Deals

Money cannot buy love, nor even friendship.