Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Comment: Re:Perler Bead Sorting? (Score 1) 75

by Kjella (#48678385) Attached to: High Speed DIY M&M Sorting Machine Uses iPhone Brain

The major problem is that the cheapest way to get beads is by the tub. This is - as you might expect - a tub of various colors of beads... all mixed together. Want a black bead? You need to hunt through the tub to find one. Or you can do what we do and manually sort through thousands of beads and group similar colors together in another container.

The only thing you really need to know is - do you think they actually make them in mixed colors? Nah... they make a batch of a gazillion red beads, then blue beads, then green beads, then yellow beads... the tub is just their mix to maximize sales, they know that you'll end up with leftovers and will buy more expensive pure color packs to round it out. It's like how there's a silent conspiracy between hot dog sausages and hot dog bun makers, they avoid matching numbers so you'll always go out shopping more to make use of the leftovers. It's not exactly a coincidence when you end up with a tub full of colors you don't want.

Comment: Re:LOL fascists (Score 4, Insightful) 47

by Kjella (#48678291) Attached to: Romanian Cybersecurity Law Will Allow Warrantless Access To Data

It might be news to you, but capitalism - at least in the Russian variety and I wouldn't hold my breath on the US variety as of late - means a lot of the wealth has been accumulated on a few hands. I'm not sure that people are worse off on an absolute scale, but there's actually quite many feeling that they're worse off compared to everybody else. In Greece for example SYRIZA - the "Coalition of the Radical Left" - has been up to 27% in the polls lately. That's the birthplace of democracy, not some shithole that's never known anything different. Which I suppose is nicer than the way Germans reacted in the 1930s to the economic buttfucking of the Allies, I guess. In a dysfunctional economy most everything will seem like it's worth trying and they can be very productive in unconventional ways. Like the German war machine that nearly broke Europe's back in WWII was build by a country allegedely on the brink of bankruptcy. But money is money and guns in guns and what the lacked in the former they got plenty in the latter. Don't underestimate Russia and China just because they're not western.

Comment: Re:How fast is just too fast? (Score 1) 110

by Kjella (#48670509) Attached to: US Internet Offers 10Gbps Fiber In Minneapolis

The question is if your diminishing return is less than their diminishing return. My impression is that with fiber connections you have a fairly high cost just because they need to maintain a fiber line, end point equipment, maintenance, service, support, billing and so on. From there they usually offer huge leaps in speed for relatively modest price gains, often like double the speed for 15-20% price gains and that shit multiplies. I could pay about 75% of my current rate to have 20 Mbit instead of 100 Mbit, even though I don't absolutely need 100 Mbit very often it's not worth it. That goes up to a point, then you need some kind of special equipment and the cost skyrockets when you pass out of the "normal" class of equipment and into special gear. Today gigabit isn't actually available to me and if it were it'd cost 200% extra, it's not worth it but if it was 50% I'd probably take it. And my motherboard wouldn't need upgrading.

I'd say 10G is a different story and only about bragging rights at this point, but who knows what the future will bring. If "everybody else" had symmetric gigabit lines, 10G might have a few uses. Sure it costs a bazillion now, but so would a 100 Mbit line not that long ago. It would be a lot more useful to get people on gigabit lines though, it's no good having a huge pipe if nobody can keep up. Already with my 100 Mbit symmetric my upstream is often faster than their downstream, having gigabit would not help at all but if they get upgraded it'd make more sense for me to upgrade. Like for example there's a rural roll-out that'll probably cover my cabin next year, if that's true I could do 100 Mbit offsite, online backup between machines I control. That would be rather neat.

Comment: Re:Second hand view from a teacher (Score 2, Insightful) 346

by Kjella (#48664213) Attached to: Ars: Final Hobbit Movie Is 'Soulless End' To 'Flawed' Trilogy

So from his point of view, the movies have been a bit of a disaster. He'd been hoping for something he could take classes along to. Instead, the movies, are dark, brooding, serious, dark and extremely violent in places. They're absolutely not suitable for the age range the book is pitched at and, in any case, they miss the fundamental quality of what makes the book so great. It's not a disaster for him - the book is still there and always will be there. But his view was that it was a missed opportunity to give the "best children's book ever written" a proper adaptation.

It wouldn't work. And I'm not saying that to be cruel, but a major part of the viewing audience would have seen LotR first and quite frankly hate the Hobbit done according to the book. And all that negativity would surely rub off on the movie, even if it was perfectly suited for boys age 12. Most people wanted LotR: The prequel and that's what they got. I'll go out on a limb here and say they actually made it a decent character drama with Thorin Oakenshield losing himself and finding himself again. Bilbo torn between loyalty to his party and doing what he thought was right. And it did a fair job to explain why everybody hates each other so much, dwarves and elvens and men.

I didn't care much for the romantic angle, but I guess it kept the girlfriend factor up. It was a bit long-winded, it was one movie stretched into three. The big action scenes are good, the small fight scenes about as painful as LotR. Remember Legolas' skateboarding and the counting contest with Gimli? Yeah, about the same. And don't forget the armies actually do clash in the book as well, Bilbo just isn't a big part of it. I guess they could have made it his story, but again that's not what most people wanted. They know how that story ends, with him returning to the Shire with the Ring so there's no excitement there they want the story of Middle Earth. Maybe it could have been done different if the Hobbit had been first, but not now.

Open Source

Docker Image Insecurity 73

Posted by Soulskill
from the totally-secure-for-undefined-values-of-secure dept.
An anonymous reader writes Developer Jonathan Rudenberg has discovered and pointed out a glaring security hole in Docker's system. He says, "Recently while downloading an 'official' container image with Docker I saw this line: ubuntu:14.04: The image you are pulling has been verified

I assumed this referenced Docker's heavily promoted image signing system and didn't investigate further at the time. Later, while researching the cryptographic digest system that Docker tries to secure images with, I had the opportunity to explore further. What I found was a total systemic failure of all logic related to image security.

Docker's report that a downloaded image is 'verified' is based solely on the presence of a signed manifest, and Docker never verifies the image checksum from the manifest. An attacker could provide any image alongside a signed manifest. This opens the door to a number of serious vulnerabilities."
Docker's lead security engineer has responded here.

Comment: Re:Never heard of it (Score 1) 163

by Kjella (#48658949) Attached to: NetworkManager 1.0 Released After Ten Years Development

The best software does its job quietly and doesn't need a bunch of attention from the user, allowing you to do your actual work. Something that seems to be lost on the makers of many other software projects, OSS and commercial.

Really? Seems to me Microsoft does a wonderful job, considering how many of their users don't know a thing about their computer.

Comment: Re:the rules changed, that's why the manual contro (Score 1) 90

by Kjella (#48658873) Attached to: Google Unveils New Self-Driving Car Prototype

The situation they require manual controls for is when you drive into a blizzard/flood, and the car drives until it's unsafe to stop and unsafe to continue.

I can imagine that going over so well with consumers "Hi! It's me, your autonomous car here. You know how I drove you up in the mountains and to this mountain pass? Well now there's a blizzard coming so I quit. Now I know you haven't touched the wheel in a month because I've been doing your commute and I wouldn't drive under these conditions, but you'll probably freeze to death if you don't get down so... best of luck? Toodeloo."


Does Journal Peer Review Miss Best and Brightest? 136

Posted by Soulskill
from the selecting-for-mediocrity dept.
sciencehabit writes: A study published today indicates that the scientific peer review system does a reasonable job of predicting the eventual interest in most papers, but it may fail when it comes to identifying really game-changing research. Papers that were accepted outright by one of the three elite journals tended to garner more citations than papers that were rejected and then published elsewhere (abstract). And papers that were rejected went on to receive fewer citations than papers that were approved by an editor. But there is a serious chink in the armor: All 14 of the most highly cited papers in the study were rejected by the three elite journals, and 12 of those were bounced before they could reach peer review. The finding suggests that unconventional research that falls outside the established lines of thought may be more prone to rejection from top journals.

Comment: Hahahahahahahahaha LOL (Score 2) 439

by Kjella (#48654217) Attached to: How Venture Capitalist Peter Thiel Plans To Live 120 Years

Seriously, he's going to die like the rest of us. I've seen how far we've come in medicine and I see how far we haven't gotten yet. The body starts failing one way then another way and it just keeps piling up as you get 70-90 years old. Cancer is just one of many, many things that are likely to kill you before you're 120.

Comment: Re:Precious Snowflake (Score 1) 323

by kaiser423 (#48653377) Attached to: Putting Time Out In Time Out: The Science of Discipline
To be fair, she is using data. Most of the Psychologists at the time that the stupid Self-Esteem movement that was happening in education was incorrect and were pretty aghast. They *knew* from their studies, etc that that approach isn't particularly effective. It was more the stupidity of our educational system that was the fault of that one.

I'm all for data driven stuff; although Psychology is a tough one -- it's incredibly hard to effectively account for all the variables, and I think that she may be reading into the data bit much, as can happen in the field.

Comment: Re:Security at FRA (Score 2) 91

by Kjella (#48651241) Attached to: Major Security Vulnerabilities Uncovered At Frankfurt Airport

It's actually very common here in Europe, it's a public service but the government issues some form of tender to buy it from the private sector. And yes, they do often suck at writing the contract and following up that what's been ordered is delivered in correct quality and quantity. If you ask for "a security guard" you get a body with a pulse, if you ask them to have mandatory training, pass certifications and exams you'll get that, but if you don't ask you don't get it even if they're totally unfit for the job. The ones you're buying from is in the business of making money, they'll cut corners if the contract permits them to. And you got issues with continuity and such, but people complain about public departments full of public employees that have a more or less permanent monopoly on what they're doing too. It's easy to get complacent at all levels when you can just say "it takes what it takes" and get funded next year too.

Comment: Re:In other news: (Score 4, Insightful) 91

by Kjella (#48651187) Attached to: Major Security Vulnerabilities Uncovered At Frankfurt Airport

There are ~30 million commercial flights and around 2 hijackings per year, so that nobody's tried at Frankfurt might be just statistics. None of the confirmed hijackings since 2001 has casualties, though I suppose there's mysteries like MH370. Even if you assume the worst though, statistically you're far more likely to die from technical malfunction or pilot error. Or external causes like being shot down by a missile like MH17, but I guess that's location dependent. Unless you can bring a bomb on board to take down the plane yourself there's no way people will let you cease control of the craft anymore, so hijacking as we knew it is a past era. Most of it is just preventing a stabbing that could just as well have happened on the bus or tram or subway, it just happens to be up on a plane.

Comment: Re: I don't care about NASA (Score 2) 156

by Kjella (#48649251) Attached to: Can Rep. John Culberson Save NASA's Space Exploration Program?

At this point they are the best way to send cargo to the ISS and in a few year will be the best way to send astronauts in LEO, but if they want to go any further they're going to need a new rocket (stronger than the Falcon 9 heavy).

Uh, you do realize the Falcon Heavy has a payload of 13200 kg to Mars and will be more powerful than any current operational rocket?

NASA as the actual plan for their SLS while SpaceX only has ideas for now.

They have a great plan, but they don't have the money. The Falcon Heavy is funded and should be operational in the first half of next year while NASA is years away from a date that's probably slipping. And I'm not sure why you're saying SpaceX is the one on the drawing board, the boosters are essentially "headless" Falcon 9s while the SLS is a new design. Sure, when or if the SLS flies it'll be in a class of its own we haven't seen since the Saturn V. I wouldn't hold my breath though, while the Falcon Heavy seems very likely that will happen.

Comment: Re: What took them so long? (Score 1) 212

by Kjella (#48647723) Attached to: Cyberattack On German Steel Factory Causes 'Massive Damage'

For your simplified example, it is probably cheaper -- and just as secure -- to have an operator enter the dozen or so keystrokes to order "produce x amount of class y steel" than to design, build, install and support a more automated method. Human involvement has the added bonus of (nominally) intelligent oversight of the intended behavior for the day.

Do you have any idea what the error rate for manual data entry is? Typically about 0.5% of the entries will be wrong. Retyping information is a very error prone process.

The absent ones are always at fault.