Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Comment: Re:Yet another clueless story on automation (Score 1) 552

by TheRaven64 (#48645719) Attached to: What Happens To Society When Robots Replace Workers?

Most of the developing world just doesn't have this problem.

Actually that's not true. India and China did very well out of being a cheap place to manufacture things because of the low labour cost. Now, factories that are almost entirely automated are replacing those staffed by unskilled workers. This means that no one is building them in developing countries and creating jobs there. The only reason that companies like Foxconn have for picking places in Africa for manufacturing now is the the lack of environmental regulation: a few politicians get paid off, but the local economy doesn't benefit and the local environment gets polluted. The path Japan took, of cheaply copying things, being a cheap place to build factories, developing local skills, and then competing internationally with original products, doesn't exist anymore.

Comment: Re:It's hard to take this article seriously (Score 1) 552

by TheRaven64 (#48645709) Attached to: What Happens To Society When Robots Replace Workers?
Exactly. Few workers would complain about automation if they owned a share in the company proportionate to their contribution to the profits. If a robot means that the company can produce more without their going to work then their income would go up and so would their leisure time. Instead, they become redundant in a shrinking job market and the owners get richer.

Comment: Re:Why bother? (Score 1) 348

by TheRaven64 (#48645633) Attached to: Ask Slashdot: Is an Open Source<nobr> <wbr></nobr>.NET Up To the Job?
Java doesn't require you to catch every exception, it requires that, for every exception that cam be generated in a method, you must either catch it or advertise that your method can throw it. This makes static analysis and reasoning about exception much easier, because you know exactly what exceptions a particular method can throw. Handling exceptions at the wrong place is a problem with the programmers, not with the language or VM.

Comment: Re:Ugh, WordPress (Score 1) 31

I recently moved from hand-written HTML for my personal site to Jekyll, which is the engine that powers GitHub pages. It does exactly what I want from a CMS:
  • Cleanly separate content and presentation.
  • Provide easy-to-edit templates.
  • Allows all of the content to be stored in a VCS.
  • Generates entirely static content, so none of its code is in the TCB for the site.

The one thing that it doesn't provide is a comment system, but I'd be quite happy for that to be provided by a separate package if I need one. In particular, it means that even if the comment system is hacked, it won't have access to the source for the site so it's easy to restore.

Comment: Re:Validating a self-signed cert (Score 1) 391

by TheRaven64 (#48623991) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
That's the best way of securing a connection, but it doesn't scale. You need some out-of-band mechanism for distributing the certificate hash. It's trivial for your own site if you're the only user (but even then, the right thing for the browser to do is warn the first time it sees the cert), but it's much harder if you have even a dozen or so clients.

Comment: Re:The web is shrinking (Score 1) 391

by TheRaven64 (#48623981) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

The 'brought to you by' box on that site lists Mozilla, Akamai, Cisco, EFF, and IdenTrust. I don't see Google pushing it. They're not listed as a sponsor.

That said, it is pushing Certificate Transparency, which is something that is largely led by Ben Laurie at Google and is a very good idea (it aims to use a distributed Merkel Tree to let you track what certificates other people are seeing for a site and what certs are offered for a site, so that servers can tell if someone is issuing bad certs and clients can see if they're the only one getting a different cert).

Comment: Re:This again? (Score 1) 391

by TheRaven64 (#48623971) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

It depends on your adversary model. Encryption without authentication is good protection against passive adversaries, no protection against active adversaries. If someone can get traffic logs, or sits on the same network as you and gets your packets broadcast, then encryption protects you. If they're in control of one of your routers and are willing to modify traffic, then it doesn't.

The thing that's changed recently is that the global passive adversary has been shown to really exist. Various intelligence agencies really are scooping up all traffic and scanning it. Even a self-signed cert makes this hard, because the overhead of sitting in the middle of every SSL negotiation and doing a separate negotiation with the client and server is huge, especially as you can't tell which clients are using certificate pinning and so will spot it.

Comment: Re:So perhaps /. will finally fix its shit (Score 2) 391

by TheRaven64 (#48623949) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
Every HTTP request I send to Slashdot contains my cookie, which contains my login credentials. When I do this over a public WiFi network, it's trivial for any passive member of the network to sniff it, as it is for any intermediary. Worse, because it uses AJAX stuff in the background, if I briefly connect to a malicious access point by accident, there's a good chance that it will immediately send that AP's proxy my credentials. I've been using this account for a decade or so. I don't want some random person to be able to hijack it so trivially.

Comment: Re:This is not the problem (Score 1) 658

by TheRaven64 (#48619343) Attached to: Economists Say Newest AI Technology Destroys More Jobs Than It Creates
You're right, but it's not always the devices within the same product category. A lot of stuff that's in consumer devices begins life in very niche applications (e.g. military or medical devices) to get the first bit of R&D funding and then needs another big chunk to become cheap enough for consumer devices.

Comment: Re:This is not the problem (Score 5, Insightful) 658

by TheRaven64 (#48615881) Attached to: Economists Say Newest AI Technology Destroys More Jobs Than It Creates
It's not clear that Apple could survive in isolation. A lot of their components are only as cheap as they are because of other lower-margin companies paying a big chunk of the R&D costs. When Apple was using PowerPC processors and were the only customer for IBM or Motorola for a particular chip, they found it very difficult to compete. They're designing their own ARM cores now, but they're benefitting enormously from the thriving ARM software ecosystem.

Comment: Re:Offline archive? (Score 1) 156

by TheRaven64 (#48615337) Attached to: Dr. Dobb's 38-Year Run Comes To an End

Several years ago I ordered the CD collection of Small C articles, and found it pretty useful for grasping the essentials of compiler design. Even if the information is decades old, it was still relevant for the fundamentals of how C compiling and linking works. (at least on Unix/Linux, which is based on decades old designs)

The overall compile-link step is roughly the same (although LTO changes it a bit), but the compilation process has changed hugely in the last 20 years. Dealing with code 'hand optimised' by people who still have a mental model of how PCC compiles code is a constant source of pain.

"'Tis true, 'tis pity, and pity 'tis 'tis true." -- Poloniouius, in Willie the Shake's _Hamlet, Prince of Darkness_

Working...