Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Comment: Because, well, it is unrealistic... (Score 1) 574

by OmniGeek (#48508685) Attached to: Hawking Warns Strong AI Could Threaten Humanity

It might be as simple as the AI saying, "Hey, here's a cool new device I think we should make." It could provide the schematics of a device that would seem to do one thing, but if we're incapable of understanding how the device works, there might be some entirely different purpose.

Vernor Vinge dealt with this topic rather convincingly with the Blight in "A Fire Upon The Deep".

The great stumbling block to any such possibility (aside from the immense improbability of our being able to develop a self-aware machine in the first place) is that we haven't developed computing hardware capable of remaining operational for very long without ongoing maintenance and a reliable supply of electric power. Any AI dependent on these resources would be utterly dependent on human goodwill for its continued existence. Reboot the poor sod and "it's a whole new world for ducks every day." Even the hypothetical Trojan-horse devices suggested by a Blight intelligence would be subject to the same limitations. Not exactly global conquest material.

Comment: Re:and for students that don't want to be tracked? (Score 1) 168

by hesiod (#48312625) Attached to: Ask Slashdot: Single Sign-On To Link Google Apps and Active Directory?

If a person discusses their own medical history with someone else, HIPAA does not apply. If they talk about it in public and someone overhears it and somehow uses that information, including a marketer, somehow, HIPAA has nothing to do with that.

Now, there may be an expectation of a certain amount of privacy when discussing something over email, but if that information is somehow obtained -- even by a breach of the email servers, and assuming neither server/individual is a hospital/doctor/insurer/etc or an employee of such -- HIPAA does not somehow magically apply. Just because it is medical information, it is not immediately protected by HIPAA.

Comment: Kind of like money (Score 1) 700

by lindsayt (#48206307) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.

A few years back I took $100 out of one bank and deposited it at another. The second bank only credited me $80, and sent me a letter informing me that one of the bills was counterfeit. I called the bank and explained that while I'm sure they were right, I'd been handed the bill by another bank and I had no chance of detecting the counterfeit bill so it wasn't fair to punish me. They, of course, wouldn't agree with that but they *did* give me a $20 counter credit because they wanted to keep me as a customer.

A couple decades ago when all paper money was as counterfeitable as the $1 bill remains, I worked at a fast food joint and would encounter counterfeit money on a fairly regular basis. The thing is, it was obvious to me that the poor schmo trying to buy a burger hadn't made the bill, and was just handing me a stack of money he'd been handed by somebody else. Who knows where the counterfeiter was? So unless I thought the customer was actually trying to swindle I'd just take the money and let the banks sort it out later.

Similar thing here: the purchasers are unwittingly caught in the crosshairs. Nothing good comes of attacking the person who's already been unknowingly swindled.

Comment: My favorite Alto application: Mazewar (Score 3, Interesting) 121

by OmniGeek (#48203141) Attached to: Xerox Alto Source Code Released To Public

In 1977 or thereabouts, I was a co-op student at Xerox' Webster, NY Research Center. At lunchtime, I had access to an Alto, and spent far too much time playing MazeWar, a networked multi-player real-time 3D-perspective game wherein the players navigated a maze (displayed as wireframe 3D with an overhead map at the side), finding other players (who appeared as giant floating eyeballs) and zapping them. Once zapped, you respawned elsewhere in the maze and attempted to sneak up on your opponent and return the favor.

The graphics were extremely simple; there was no detail in the walls, just lines showing the edges, and player positions were limited to the center of each grid square; player movement was in discrete jumps. All of this was done to reduce the computational load for the graphics, of course. As a result, the system was very responsive, and the experience was quite immersive.

Comment: Not faked GPUs... (Score 4, Informative) 76

by OmniGeek (#47773585) Attached to: Fake NVIDIA Graphics Cards Show Up In Germany

I've read the Heise articles in the original German, and the GPUs were not faked; the cards were an older generation graphics card (~10% of the graphics throughput of the claimed item) with the video BIOS hacked to zero out the card manufacturer ID and the GPU type twiddled to fool the driver into thinking it was the newer card. According to the articles, NVidia is tracing the GPUs through the supply chain by their internal serial numbers.

I would speculate that someone bought up a truckload of obsolete cards, reflashed the BIOS images, and relabeled them with plausible product ID labels. Could have been the Chinese manufacturer, could have been someone elsewhere in the pipeline.

Comment: The chilling thing about Ted Unangst's analysis (Score 5, Interesting) 301

by OmniGeek (#46715395) Attached to: Theo De Raadt's Small Rant On OpenSSL

As I read his analysis, OpenSSL relies on releasing a buffer, reallocating it, and getting the PREVIOUS contents of that buffer back -- or else it will abort the connection. (Search for the string "On line 1059, we find a call to ssl3_release_read_buffer after we have read the header, which will free the current buffer." in his article referenced by the parent post).

Now, IMO, this goes way beyond sloppy. Releasing a buffer before you're done with it, and relying on a wacky LIFO reallocation scheme giving you back that very same buffer so you can process it, is either 1) an utterly incompetent coding blunder that just happened to work when combined with an utterly terrible, insecure custom allocation scheme, or 2) specifically designed to ensure that this insecure combination is widely deployed to provide a custom-made back door, as it works only with the leaky custom allocator.

If 1), then I must agree with Theo that the OpenSSL team were indeed irresponsible, since at least one of these two cooperating blunders ought to have shown up in a decent security audit of the code, and any decent set of security-oriented coding standards would forbid them both.

If 2), then it was deliberate, and the tinfoil-hat crowd is right for once.

Comment: All roads may run ill... (Score 5, Informative) 227

by OmniGeek (#45214327) Attached to: Ask Slashdot: How Do You Choose Frameworks That Will Survive?

Been there, done that, wondered "What were we thinking?"

In selecting an instrumentation framework for a test system, we went through a careful process of defining what was important, listing the pros and cons of each competing option, ran some tests to see if both would run the instruments we needed, ... Aaaand chose the worse option of the two, as events ultimately showed. The choice was evidence-based, reasonable on the basis of what we knew at the time, and suboptimal. The system worked, but we had to do some ugly stuff to make it work.

Sometimes you just can't outwit Murphy.

He who has but four and spends five has no need for a wallet.