Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: Re:$30 (Score 4, Informative) 515

by Thagg (#49659523) Attached to: Examining Costs and Prices For California's High-Speed Rail Project

DreadPirate, you are really not calculating correctly. I know it sounds cheap, but it isn't. If you can get there for $30 in gas, that's 40 miles per gallon -- not bad. Still, that's 7.5 cents/mile.

Say you bought a used car for $10,000, and can drive it for 100,000 miles. That's 10 cents a mile. More than gas.

Oil changes every 5,000 miles at $40? That's another penny a mile.

Tires at $300 every 30,000 miles? Another penny a mile.

Let's not talk about what your time is worth (you might really enjoy the drive), or insurance (not too dependent on miles driven) -- but still, that's about 20 cents a mile, or $80.

Most people don't really like to think how expensive driving is, but it isn't cheap. We have been taught that it's all about the gas, but it just isn't.

Comment: Re:why so long (Score 3, Interesting) 136

by Thagg (#49624589) Attached to: Opportunity Rover Reaches Martian Day 4,000 of Its 90-Day Mission

It's kind of interesting.

One of the big reasons that they thought it would be limited to 90 days is that the solar panels get covered in dust, and as that happens the amount of energy collected diminishes. They figured in about 90 days, based on previous missions to Mars, they'd be out of juice.

And...for the first 50 days or so, it was going that way. And then, a whirlwind came by, and scrubbed the rover clean. This has happened many many times since. An unexpected good fortune.

Comment: Re:flashy, but risky too. (Score 1) 83

by spitzak (#49579997) Attached to: Uber Testing Massive Merchant Delivery Service

Although I see problems with this I kind of doubt counterfeiting is going to be one. To successfully do this the driver/Uber would have to have access to a huge warehouse of counterfeit goods so they could exchange the real item (chosen by the customer, not the Uber driver) for a matching fake one. I just don't see that as a practical scheme for stealing goods.

Comment: Re:Animator needs three (Score 1) 301

if you and Wacom would embrace Bluetooth

So either the tablet is plugged into the wall or it is thick enough to contain a battery, or it has some thick part near the edge containing the battery? And I have to recharge it or replace the battery? Sorry I don't think so.

Comment: Re:Valve needs to use their clout (Score 2) 309

by spitzak (#49480757) Attached to: NVIDIA's New GPUs Are Very Open-Source Unfriendly

Actually you can change the monitor layout without restarting X now.

And the Gnome control for moving the monitors around somewhat works, though it is unclear if they are special casing Nvidia or that NVidia is implementing the necessary parts of xrnr. The Nvidia control works somewhat better.

Comment: Re:cryptobracelet (Score 2) 116

by Thagg (#49449879) Attached to: 'Let's Encrypt' Project Strives To Make Encryption Simple

We'll see.

It's absolutely wrong that I am proposing a 'stealable' ID. No, it's not that at all. Like NFC (ApplePay and others) you don't send out your ID, your bracelet will engage in a two-way conversation that uses generates unique identifiers every time that prove that it's you without giving the system communicating with you the ability to impersonate you. It's not hard at all; we should have been doing this years ago. This is described in Bruce Schneier's Applied Cryptography twenty-fucking-years ago. Chapter 21(Identification Schemes) describes "zero-knowledge proof of identity". Curiously, researchers Feige, Fiat, and Shamir submitted a patent application in 1986 for this, but the Patent Office responded "the disclosure or publication of the subject matter ... would be detrimental to the national security..." The authors were ordered to notify all Americans to whom the research had been disclosed that unauthorized disclosure could lead to two years' imprisonment, a $10,000 fine, or both. Somewhat hilarious, as the work was all done at Weizmann Institute in Israel.

That said, I do think that groups like the NSA and FBI have been quite successful in keeping people (like Jeff4747) remarkably uneducated. Banks, credit card companies, and groups like Google that make gigabucks tracking people have held back from doing things right as well -- and they're paying for it today.

To say again. It is easy to build a system that would securely verify that you have authority to do something, without giving the ability for somebody else to impersonate you. It's somewhat more challenging than printing number in plastic on a credit card, but only a tiny bit more challenging.

This will happen. Once it does people will wonder why it took so long.

Comment: Re:cryptobracelet (Score 1) 116

by Thagg (#49447629) Attached to: 'Let's Encrypt' Project Strives To Make Encryption Simple

The problem with phones is that you can lose them or break them or have them stolen. I agree that it's a good place to start, though.

I believe that the RFID tag that Coren22 suggests don't have, and can't have, the processing power required to do this right. You don't want to say "Yes, I'm 132132123123", that would be *way* too easy to fake. You want to have a back-and-forth communication that shows that you are who you are, without giving away your ID.

I think the bracelet would become a status symbol -- the status being "yeah, I care about security." I'm actually not kidding.

Comment: cryptobracelet (Score 1) 116

by Thagg (#49446951) Attached to: 'Let's Encrypt' Project Strives To Make Encryption Simple

At some point, and my guess is pretty darn soon, reasonable people are going to have a very secure cryptobracelet that they never take off, or if you take it off it will never work again.

The bracelet would work like the NFC chip in current phones, it would create unique identifiers for each transaction, so you can be verified that you are who you are without ever broadcasting your identity.

Then, all email and every other communication can easily be encrypted, securely, and without adding complication. You won't have to worry about remembering a hundred passwords, or about what happens when the store you bought things from is hacked, or that a library of 100 millions passwords will find yours.

I grant that some will protest that this is not natural (I don't want to wear something on my wrist!) but people do a hundred other unnatural things every day (brush their teeth, use deodorant, wear glasses, live longer than fifty years...) The benefits will be enormous, the changes minimal, and this will be led, I believe, by thought leaders.

Comment: Next step -- VMT (Score 3, Insightful) 114

by Thagg (#49397831) Attached to: DHS Wants Access To License-plate Tracking System, Again

The problem with license plate readers is that there are only so many cameras out there. How can they know where everybody was all the time?

The answer is the Vehicles Miles Traveled tax. Many states and the federal gov't have proposed over and over that all cars have GPS trackers in them that tax them on how many miles they drive. They say "the problem is cars are more efficient, so we don't make as much money." (Can't you just raise the rate then? wtf?) or that this is "more fair", everybody is charged the same amount for how far they drive; as opposed to how much gas they use and how much carbon they emit.

But, come on, the real reason is almost certainly to track where everybody went, all the time. If there is anything the Snowden revelations have demonstrated, it's that if there is any possible way to capture data on people, the government is going to do it. Anything you can imagine, and many things that you could never have imagined, are being done. If you want to believe that a GPS tracker that hooks up to a gas pump only sends one bit of information, well, I suppose you deserve what you get.

Comment: Re:Schneier got it right a decade and a half ago (Score 1) 119

by spitzak (#49316223) Attached to: OS X Users: 13 Characters of Assyrian Can Crash Your Chrome Tab

Yes, Java and Python (3) and Qt all are causing enormous difficulties as they followed Microsoft down the fantasy road and thought you had to convert strings on input to "unicode" or somehow it was impossible to use them. Since not all 8-byte strings can convert there must either be a lossy conversion or there must be an error, neither of which are expected, especially if the software is intended to copy data from one point to another without change.

The original poster is correct in saying "stay away from Unicode". This does not mean that Unicode is impossible. It means "treat it as a stream of bytes". Do not try to figure out what Unicode code points are there unless you really really have a reason to. And you will be surprised how little you need to figure this out. In particular you can search for arbitrary regexps (including sets of Unicode code points) with a byte-based regexp interpreter. And you can search for ASCII characters with trivial code.

"Take that, you hostile sons-of-bitches!" -- James Coburn, in the finale of _The_President's_Analyst_

Working...