Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Do pilots still need licenses? (Score 1) 343

by nine-times (#49188199) Attached to: Would You Need a License To Drive a Self-Driving Car?

Do pilots still need licenses in the age of autopilot?

I think there's a big difference in that, if the autopilot encounters a problem it can't deal with, it can't really just stop. I don't know, but I suspect that a lot of a pilot's training isn't just "how to fly a plane" but things like, "how to file a flight plan," or "what FAA regulations do I have to follow?" or "What do I do if something goes wrong." Cars don't need flight plans, the autonomous cars will probably do a better job of following the rules of the roads, and if something goes wrong, the car can just stop itself, with no more negative effect than if a car stalled or someone slammed on the breaks.

Comment: Re:scientific computing (Score 1) 124

by nine-times (#49181217) Attached to: Linux 4.0 Getting No-Reboot Patching

Yeah, it's also like, "In order for the update to full take effect and work correctly, we need to restart a bunch of services and applications. You should save all your work, since various things might close or stop working for a little bit." You can explain that to users, have them not pay attention, and then get pissed off because the update closed their document that they didn't save. Or you can just tell them that you're going to reboot.

Users understand rebooting better.

Comment: Re:Politics aside for a moment. (Score 4, Interesting) 535

I've heard it said that we get the type of candidates for political office that we do because the system is not attractive to good and noble candidates.

It's not just us. Plato raised this as a general problem in ancient Greece. Good people-- the kind of people we should want to be in a position of power-- are quite possibly never the people who are lusting to put themselves into a position of power. That's the one-sentence summary of "The Republic".

Comment: Re:Another bad omen for privacy and security (Score 1) 308

by nine-times (#49164401) Attached to: Moxie Marlinspike: GPG Has Run Its Course

See, I was right. Stubborn, stupid, and there's no point in arguing with you.

If I email you from my Google account, where do those bits go? Who can read it once it leaves Google's servers? I don't know, because aside from SSL in transport, it's not encrypted.

Maybe you should think for 30 seconds before posting.

Comment: Sounds about right... (Score 3, Insightful) 145

by nine-times (#49164065) Attached to: Google+ Divided Into Photos and Streams, With New Boss

I, for one, don't really use Google+, but it's not because of any particular problem other than, "No one else is using it," with just a smidge of "I don't know what I'm supposed to be using it for," thrown in.

It does seem to me like "Hangouts" should be its own thing, along with chat and VoIP. If anything, those things should should sooner be integrated into Gmail somehow. I'm not sure I want that, but it would make more sense, at least, since it's all, roughly speaking, private communications.

I also think that there should be a separate web application that is, "Where my phone automatically uploads my photos, where I can organize them and track them myself, but they're private." Personally, it just makes me a little uncomfortable for that to be bolted straight on to the "photo sharing social networking site," but maybe that's just me. I'm old. I feel ok if the social networking site can connect in and pull photos from the private site. Hell, even if I know it's all ultimately stored in the database, that's not what bothers me. It's just to have my private stuff be in the same interface as the publicly shared stuff, without a clear apparent distinction... it worries my poor little monkey brain.

Ultimately, between Facebook, Twitter, and Google+, I tend to use Facebook for sharing posts/photos/updates. Not because I like it or think it's good, and only somewhat because my friends seem to use it more. As much as anything, I think it's because it's the site that confuses me the least.

Comment: Re:Another bad omen for privacy and security (Score 1) 308

by nine-times (#49163841) Attached to: Moxie Marlinspike: GPG Has Run Its Course

There's not much point in arguing with you because you've shown that you're both too stupid to understand the point and too stubborn to actually think for 30 seconds before pushing your own tired nonsensical point.

But here's the thing in a very basic, simple, easy to understand explanation: End-to-end encryption doesn't suddenly become useless because you've trusted a 3rd party with the encryption keys. When you trust a 3rd party, then the encryption remains as strong as that 3rd party is trustworthy.

This is especially important to know, since we're already trusting other 3rd parties as part of the security chain. If I don't trust GPG or anyone auditing their code, then I can't trust the security of things encrypted with GPG, regardless of who has the keys.

Regardless, encrypting individual messages rather than relying solely on SSL during transmission does add security against various kinds of attacks and breaches. I could give examples, but do you want them? Would examples help, or are you, as I suspect, simply being difficult because you're an asshole who can't admit to being wrong?

Comment: Re:Another bad omen for privacy and security (Score 1) 308

by nine-times (#49146559) Attached to: Moxie Marlinspike: GPG Has Run Its Course

I don't see any usability problem for a token usage of encryption already for a few years. Only problem is with real usage of encryption, and that necessitates third parties / intermediaries to be unable to decrypt.

I'm not sure whether this is what you mean, but I think you may be missing the point with your talk about "real encryption". It is not necessary that no third parties can decrypt your data or messages in order to have encryption be useful. Security is not about absolutes. In almost all real-life security scenarios, there are requirements that you allow certain vulnerabilities, and that you trust some people.

For example, you can say, "With GPG, I don't have to trust anyone. I encrypt a message, and then the only person who can read it is the recipient."

But that's not strictly true. First, you're still trusting the recipient. That recipient could decrypt your message and make it public. Technology doesn't help you there. Additionally, you're trusting the recipient's security. If that recipient has malware that snoops on communications or grabs their private keys, the message can be decrypted. If that recipient has an untrustworthy spouse with access to the recipient's computers and passwords, then your information isn't completely safe.

Beyond that, you're trusting the makers of GPG. You're trusting that they know what they're doing-- that when they say their encryption can't be broken, they're right about that. You're also trusting that those people are not malicious themselves, and haven't left any backdoors available. You might argue that people can audit the code, but then you're just trusting the auditors. Even if you audit the code yourself, you're trusting your own understanding, which relies on the accuracy of your education on the topic.

So I'm getting kind of picky here, but the point is, if you understand security, then you understand that there is no situation without trust and vulnerability. The trick is to understand your vulnerabilities, and to be careful in choosing who to trust.

So if, in order to protect yourself from the data loss that would result in losing your keys, you choose to trust some other third party, that is not necessarily bad security. The trick would be in making sure you understood the vulnerabilities it exposed, and to choose the right people to trust. I'd rather trust Google to secure my email then I would trust the internet in general not to read my unsecured email.

Comment: Re:Ah, Damnit... (Score 1) 514

by nine-times (#49136663) Attached to: Users Decry New Icon Look In Windows 10

I guess they're still trying to prove that they can ignore overwhelming customer feedback in a way that's uniquely suited to mega corporations.

Except that a lot of people really like the flat look. That's why Google, Apple, and Microsoft have all adopted it. They're not ignoring customer feedback, they're chasing after it.

Don't assume that just because you think something is ugly, everyone else agrees.

Comment: Re:If you hate Change so much...... (Score 4, Insightful) 514

by nine-times (#49136589) Attached to: Users Decry New Icon Look In Windows 10

I just want to interject an opposing point of view here. It's very easy to think that icons don't matter, and that the only thing that matters is some kind of 'objective functionality'. Like, "Windows boots up, it runs the things I want, it has the features I want, therefore icons are irrelevant." I can think of few reasons, off the top of my head, why we shouldn't be so dismissive of design.

First, design matters for the sake of clarity. In the example of icons, you want to make sure that it's clear which image is an icon, and which is some other design element. Which images are clickable? What does that image represent? Those questions are important for UI design. Further, it's important that icons are distinguishable from each other.

As much as possible, you want icons to provide a cue to the user as to what will happen when you click on that icon. If you're going to have one icon for a folder that contains music, and another for a folder that contains images, you don't want them to look close enough that they can be confused. Going further down the line of thinking, if you're going to use the "folder" metaphor, then you probably want to make all 'folders' have folder icons, and have no applications have icons that look like folders. Consistency is also very important in making a UI intuitive and usable.

But all of that is still a bit in the realm of 'practical' and 'functional', and I'd want to make an additional argument that it matters whether a UI is 'pretty'. In short, you have people sitting in a chair looking at these images for 8-12 hours per day, and design aspects of the interface have to have a psychological impact on a person. It would be subtle, in that I would bet small changes have essentially no effect, but still important, in that I would bet that a drastic change in UI 'prettiness' could have a major impact on a person's mood and even productivity over time.

Comment: Re:Another bad omen for privacy and security (Score 1) 308

by nine-times (#49130389) Attached to: Moxie Marlinspike: GPG Has Run Its Course

It's just a mess before you even get to key management, and there's not really a good, iron-clad key management system.

I'm not sure what you mean by that? But yes, it's not optimal on Windows. For us Linux users it's much easier because gpg is usually installed by default and every thing we need is a "yum install" or "apt-get install" away

What I meant by that last point is something that I imagine will be pretty controversial: I think that if you'd like to see encryption be more widespread, we not only need very easy software that supports it by default, but some key-management services that guarantees that you access to your keys across platforms, at all times, and that your keys are safe and backed up. Even if it means trusting your private keys to a 3rd party like Lastpass or Google or Microsoft, and they could theoretically decrypt all of your files and communication, most people simply cannot be trusted to secure their own keys. And most people will need support in making sure their keys are set up right, backed up, and revoked in case of a problem.

There are a lot of different ways that this could be handled, but a lot of people who favor GPG seem to like the fact that they can encrypt everything end-to-end, keep hold on their own keys, etc. The idea of trusting a 3rd party to safeguard your key might seem antithetical to the whole idea. However, most people are not so thorough or patient. Most people don't even want to think about keys. They would like encryption, but they want it to be complete transparent, so that everything is encrypted without them noticing, and without danger of data loss. Systems that are not set up that way will not succeed with the general public.

"Kill the Wabbit, Kill the Wabbit, Kill the Wabbit!" -- Looney Tunes, "What's Opera Doc?" (1957, Chuck Jones)