Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:503 (Score 1) 349

by chihowa (#48628475) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

Absolutely. Verification out-of-band on first connect was implied, but I should have stated that more clearly. Ultimately I just use my own CA and DANE, which is simpler and easier to roll out.

If we're going to stick with the root CA system, we really should start fixing it. Allowing multiple CA signatures, pinning certificates, limiting the scope of CA signatures, etc... Any of those options improve the situation. Even culling the root CA list and setting up region specific CA packs would help tremendously. There's no reason my systems should implicitly trust all of the corporations and governments in that list. If I want to shop on Chinese sites, I can download the Chinese CA list, but there's no reason for everybody in the world to have every root CA. This is a weakest-link system by design. Continually adding more links isn't helping!

Comment: Re:503 (Score 1) 349

by chihowa (#48625865) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

If you verify the self-signed certificate the first time you use it, it can't be substituted for another self-signed certificate at any later point in time without triggering an alert. However, even if you personally verify a CA signed certificate, it can be continually be replaced with other CA signed certificates without ever alerting you (DANE and such not withstanding).

Because of the currently implemented browser behavior, which is to implicitly trust any certificate signed by any root CA, personally verified self-signed certificates are more resistant to MITM attacks.

Comment: Industry support (Score 2) 137

by chihowa (#48610283) Attached to: Microsoft Gets Industry Support Against US Search Of Data In Ireland

This case is about personal privacy and national sovereignty somewhat, but it's primarily about the setting precedent for the privilege of multinational corporations.

I know this is going to be an unpopular viewpoint, but the industry is behind Microsoft here because it lessens their accountability to any governments anywhere. The Snow Crash future, where big corporations make their own rules and don't answer to anyone, depends on them not having any accountability to anyone else. Just like shuffling their money around the globe gets them out of having to pay taxes anywhere, shuffling their data around will prevent them from even being investigated for any crimes they may commit. Expect future incriminating emails and documents to be stored safely in subpoena-proof countries.

Comment: Re:Misleading article - you must use ACH (Score 1) 153

by chihowa (#48602315) Attached to: Small Bank In Kansas Creates the Bank Account of the Future

You don't AI to implement an automated system. As you said, it all works fine with the debit card system. The problems are not so much with ACH itself as they are with the implementation (manual processing and infrequent polling).

The advantage of sticking with ACH is that it's already widely implemented. Rolling out truly automated backend handling and increased polling rate can be done gradually, bank by bank, while not interrupting the operation of banks that haven't upgraded yet.

This whole thing reads like, "We need a new system of transportation! The automobile sucks because we've all agreed to only use it once a day."

Comment: Re:Misleading article - you must use ACH (Score 1) 153

by chihowa (#48601459) Attached to: Small Bank In Kansas Creates the Bank Account of the Future

Perhaps I'm missing something, but why isn't ACH ("Automated", by the way, even though I like "Atomated" better!) up for this task? Even if the upgraded ACH isn't instantaneous, it could at least be faster. Increase the polling rate and the transaction handling and the whole system is faster.

We already have a system in place to handle money transfers. It could use some tweaking, sure, but kludging a replacement based on debit cards isn't the right way to get to a better system.

Comment: Re:You are not in control (Score 1) 113

by chihowa (#48584423) Attached to: Study Explains Why Women Miscarry More Males During Tough Times

The fact that we're not perfect is not a reason to avoid striving for perfection. Understanding the mechanism of human nature, with all of its irrational twists, is part of the path to bettering ourselves.

The fact that most people don't even accept that an emotional attachment to a position that lacks evidence is an issue indicates that we don't even understand our own motivations and thought processes very well. It's alright that we're not perfectly logical and our irrational behavior probably benefits us in significant ways, but it's important that we be able to recognize where the motivation for our (lack of) reasoning originates.

Comment: Re:I prefer this memo. (Score 3, Insightful) 769

by chihowa (#48559779) Attached to: CIA Lied Over Brutal Interrogations

Traffic deaths aren't random, even if they aren't intentional. Nearly every traffic death can be traced to a specific and often avoidable cause. Addressing a minute fraction of those causes will have a dramatic effect on the number of people who die in the US every year.

On the other hand, if your opponent's most successful attack ever can't be distinguished from year to year variations in the death rate of Americans, spending any significant energy fighting him is a waste. We could have a 9/11 attack every single day for hundreds of years and still not deplete the American population. This is an ant-bite of a threat and deserves an ant-bite appropriate response.

Comment: Re:Slashdot incompetence (Score 1) 346

Perhaps more salient, why are we, as ostensible tech geeks, not raising more of a fuss about a site that many think represents computer geek-ness, and yet that cannot implement sane (and relatively simple) CSS?

Fatigue has set in. You've been here long enough to know that we have made a fuss throughout the years. Nothing at all has ever come of it, so we gave up complaining. Relatively simple it is, too. Many of the gripes about SlashCode of old have been fixed over at SoylentNews.

Anyway, asking for improvements now is dangerous... we might end up with Beta!

Comment: Re:Who cares... (Score 1) 346

That's true, but that's a special case of the more general:

The only difference between almost any person involved in governing and a totalitarian is that the former says, "You are free to do whatever you want, as long as what you want is what I think you should want."

Despite the lofty goals claimed by almost any person of any party, whether running for office or just voting, the main reason that people get involved in government is to assert control over others. There are positive and negative outcomes of their actions, but every single one of these people think that things would be better if only they were king. The only tool that government has is coercion; political differences come down to how that tool is to be applied.

Most of the rest of those who actually want to reduce the power of government either still want the government involved where "what I think you should want" is concerned, or have other non-governmental means to effect coercion.

If you see any political party in the US as not fitting into that statement, it's just because "what [you] think [they] should want" and "what [they] think you should want" are aligned. Your liberal adversaries see themselves as just as rational and correct as you see yourself.

Comment: Re:Yeah and it does things your i5 cannot (Score 2) 197

by chihowa (#48538363) Attached to: Orion Capsule Safely Recovered, Complete With 12-Year-Old Computer Guts

I'd really like to see what happens when you take an x-ray pic of a CPU while it's running.

You can! Every passenger's running phone, and some computers that are awake, are sent through the baggage scanners at every airport. Even more impressive, the computers that run them are next to the poorly built and maintained scanners all day every day.

Comment: Re: Market forces don't work on essential utilitie (Score 1) 516

by chihowa (#48475087) Attached to: Ask Slashdot: Why Is the Power Grid So Crummy In So Many Places?

I installed solar panels on my house for exactly this reason. It's really just a whole house UPS, but once the batteries, chargers, and inverters are installed, adding panels is a minor extra cost. No more power outages. Saving money (and not giving as much to the power company) is a bonus.

Comment: Re:The United States is turning into Untied States (Score 1) 110

by chihowa (#48440523) Attached to: Top NSA Official Raised Alarm About Metadata Program In 2009

I'm not sure that intelligence, beyond a certain baseline, really enters into the formula for creating long lived social structures. For the individual, there is no tangible benefit to creating structures that will last more than a few generations. After a few generations, as you point out, they will require the efforts of other people to keep alive, so there is little that the originator can do to ensure that the structure survives.

The most rational course of action for all individuals involved in a society is to maximize their personal benefit and plan to pass that benefit on to their offspring. Tangling with those who are successful at maximizing their benefit has real negative consequences, so the most rational action for the downtrodden is to take as much of the scraps as possible or jealously guard what you have while staying out of the eye of others.

The ambition to create structures that will outlast you and your offspring comes from irrational motivations. Historical drivers for this are abstract concepts like duty, fairness, or religion. There is no tangible benefit to creating these structures and there is often great personal cost. As there is no assurance that the structures will even survive, no matter how well you craft them, it's hard to say that building them is an intelligent choice.

I think that improving the lot of humanity as a whole is a noble goal, but I don't think that it has anything to do with intelligence or rationality. History is littered with people who have tried, and sometimes succeeded, to do so at great personal cost. Often their success only lasted a few generations, if that, before being undone by others. What real benefit to we get from creating these structures and how does that benefit weigh against the costs required to build them?

Comment: Re:The United States is turning into Untied States (Score 1) 110

by chihowa (#48438751) Attached to: Top NSA Official Raised Alarm About Metadata Program In 2009

The reality is human beings just aren't intelligent enough to form long lasting social orders because too many people have negative evolutionary characteristics they've inherited from the past. Our primate psychology is at the root of everything regardless of what collection of words and labels one flies under. The biology is still there.

Those negative characteristics are only negative in the context of forming long lasting social orders (really only in the context of forming long lasting egalitarian social orders -- dynastic empires last longer than most of our social structures). They are extremely positive in the context of the affected individuals and in the case of avarice, they are beneficial to the affected's offspring (and their offspring, and so on). There is extreme benefit to be had from sabotaging the social order and norms.

We humans are intelligent enough to form effective and equitable social structures, we just don't have the collective stomach for removing the saboteurs from our society. So we/they continue to undermine every system we devise.

10.0 times 0.1 is hardly ever 1.0.