Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:geeks never learn (Score 1) 136

by dgatwood (#49476465) Attached to: Cracking Passwords With Statistics

On the other hand, even with that single password, it's still either memorable, therefore easy to hack, or it isn't, in which case you turn again to the sticker on the monitor.

In relative terms, it is still a lot safer. Right now, cracking an average person's online accounts merely requires you to buy access to a botnet and use it to brute-force the account from a distance. By contrast, you can't readily do a brute-force attack on the login password for someone's laptop unless you either have stolen that laptop or have otherwise compromised it somehow.

So even in the worst-case scenario, you're replacing one weak password that the user uses for a hundred different sites and can be cracked remotely with another weak password that the user uses for a hundred different sites that can't easily be cracked remotely. And in the best-case scenario, the user is using a biometric sensor in combination with that weak password to lock the device.

Comment: Re:ASCAP and BMI (Score 1) 217

by dgatwood (#49475879) Attached to: Legislation Would Force Radio Stations To Pay Royalties

Radio stations pay licensing fees to ASCAP and BMI,

Who first pay themselves, then

who in turn pay the composers and publishers proportionally

FTFY.

AC

ASCAP and BMI both pay about 85–86% of their intake to the composers and publishers. Yes, they're skimming a little bit off the top, but they're also handling the reporting and distribution, hiring lobbyists to advocate on behalf of composers and publishers, and so on, all of which at least in theory benefits their members. So in the grand scheme of things, at least from what I've seen, they seem to be doing a good job.

I have no idea about SESAC.

Comment: Re:Encryption + (cloud or offsite) (Score 1) 443

Unlimited storage, provided you don't mind manually clicking and dragging everything you want to back up, and waiting for it to transfer immediately. That's a backup in much the same way that the flash drive I carry around in my pocket is a backup. It's a quick way to temporarily store a handful of files just in case my laptop dies while I'm traveling, but I can't viably back up a server's hard drive to it.

BTW, has anyone ever tried to upload a few terabytes to see if it really is unlimited, or just "unlimited"? :-) I'd try it myself, but it would take years over my 640 kbps uplink.

Oh, yeah. That's the other problem with cloud storage: ISPs with pathetically slow upload speeds. *sigh*

Comment: Re:geeks never learn (Score 1) 136

by dgatwood (#49475797) Attached to: Cracking Passwords With Statistics

quote "Think like a hacker and ask yourself how fast your passwords might be able to be cracked based on their structure." unquote

yeah, right, my mom is gonna stop and thing about how a cracker looks at structure....

This. In fact, I would have probably said "there's your problem" after the second word in the summary, or at best, right after the first comma. The flaw is that users are creating passwords at all. Humans create passwords that are easy to remember, which almost invariably makes them terrible passwords. This is why pretty much every modern browser out there has the ability to create and store passwords for you.

The real solution is twofold: First, beat it into the heads of users that they should always let the browser choose a password for them. Second, beat it into the heads of website designers that it is crucial for their sites to work correctly when using that feature in modern browsers (e.g. never, ever ask the user for his or her password without asking for the associated username). In relative terms, both of those tasks are a whole lot easier than somehow training users to come up with good passwords on their own.

Comment: Re:ASCAP and BMI (Score 3, Interesting) 217

by dgatwood (#49468119) Attached to: Legislation Would Force Radio Stations To Pay Royalties

In theory, yes, sampling tends to result in large errors for small values, in both directions.

In practice, I think the sampling mostly covers large stations in major markets, so I'd expect it to skew away from low-play bands a lot more often than it skews towards them. But that's just a gut feeling; I could be wrong.

Comment: Re:Encryption + (cloud or offsite) (Score 1) 443

All you people who believe cloud storage is unreliable, how often have Google, Amazon or Microsoft lost data that customer have stored with them? Or how realistic do you think it is that any of these three will suddenly go bankrupt without any prior warning?

How likely is it that any of those three will provide cloud storage that is actually affordable? S3 costs a small fortune. My home backups span... I think fourteen terabytes of fireproof hard drives. Assuming I'm doing the math right, it would cost me a whopping $5,040 annually to store those backups using S3 standard storage. And if I ever needed to restore from the backup, it would cost me an additional $15,120. So backing up for a year and then recovering from one hard drive failure would cost me as much as a new car. Even if I used glacier storage, it would still cost $1,680 per year, plus $1,330 if I ever needed to fully restore that backup.

At those prices, Amazon's cloud storage only makes sense for your most critical data, or for data that absolutely has to be available quickly from around the world (replication for performance reasons). It is completely impractical as a backup medium. Ignoring the fireproof aspect, it would be cheaper to buy new backup drives every three months than to use S3 glacier storage for backups. It would be cheaper to throw away your backup drives every month than to use S3 standard storage. That's not cloud storage; it's sky-high storage.

Comment: Re:ASCAP and BMI (Score 5, Informative) 217

by dgatwood (#49467925) Attached to: Legislation Would Force Radio Stations To Pay Royalties

Those are licenses, not royalties.

You are technically correct—the best kind of correct.

Radio stations pay licensing fees to ASCAP and BMI, who in turn pay the composers and publishers proportionally based on the percentage of airplay (and concerts and other performances) that their songs received. They do not pay the artists or the record companies, so the article is correct in that regard. But yes, they most certainly do pay the composers and publishers, albeit indirectly. That's the whole reason those performance rights organizations exist.

There is a caveat, however. Not all radio stations are considered "reporting stations". I know our college radio station diligently logged our plays for reporting purposes, but when it comes to actual royalty payouts, those organizations use a random sampling of radio stations, rather than tallying every song on every station. If your music is played only on a small number of radio stations, there's a good chance you won't get paid because you won't show up in their sampling. Now over time, they're getting closer and closer to full reporting, so this is becoming less of a problem, but it is something to keep in mind.

In any case, I would say that the summary is just plain wrong. In effect, radio stations pay royalties (indirectly) to composers and publishers, but not to performers and record labels.

Comment: Re:Encryption + (cloud or offsite) (Score 3, Funny) 443

Better idea: Encrypt the data, stick it on SD cards, and then mail them to random people. Be sure to email yourself with their addresses just in case you ever need to get the data back. Imagine the thrill they'll get from receiving a brand new 64 GB SD card in the mail for free!

Then again, maybe that's not such a good idea. But it is still more reliable than cloud storage. :-D

Comment: Re:Require product purchase for a review (Score 1) 126

by dgatwood (#49451199) Attached to: Amazon Sues To Block Fake Reviews

I only review products I buy, "verified purchase" appears in the review. The problem is, every time I submit a 1 or 2 star review with a description of why, it gets rejected. The bad review has to be stripped down to something so simple that it's not accurate anymore. And no, I'm not using colorful language in the rejected reviews. The whole review system seems to be designed only for greater sales.

Really? I write positively blistering reviews on occasion, and I've never had a review rejected. There must be something about your reviews that causes problems—if not colorful language, then perhaps inaccurate facts, hyperbole, bad spelling/grammar, violation of rules about mentioning prices, call to action for a competing website....

Comment: Re:Double tassel ... (Score 1) 216

So, is there anything which has overcome the double tassel distribution which programming has always had?

For literally decades, it's been "these people get it, these people don't" with very little in the middle.

Have we fixed this? Have we found way to teach it which prevent this? Have we even explained it?

The thing is, the same people who have trouble with programming also have trouble with other varieties of logical thinking. We need to be teaching kids the necessary reasoning skills at a young age while their brains are still flexible enough to learn them.

At a high level, programming a computer is essentially the same thing as explaining how to perform a task, albeit teaching the task to an incredibly naïve and pedantic student with a very limited vocabulary. I wonder how we could possibly mimic such an environment in the real world in such a way that young kids can learn programming skills before they have the discipline to actually write code? After all, there aren't any incredibly naïve and pedantic people with a very limited vocabulary in primary schools, are there?

I think you see where I'm going with this. Want more programmers? Start by taking two preschool classes and teaching them different tasks that involve repeating certain actions. Then pair them up so that the kids in one class have to teach the kids in the other class how to do those tasks and vice versa. Maybe even have one kid teach several kids at a time and instruct the other kids to try to find ways to misinterpret what the teacher is saying.

Over the years, make the tasks more and more complex, and require that the students write down the instructions, then give the piece of paper to someone else to perform those instructions, and let the students watch in horror as the instructions are followed to the letter, resulting in completely unexpected results. Then have them adjust those instructions and try again.

The end result will be programmers, complete with appropriate levels of disdain for clueless people.

Comment: Re:Do they not grasp the concept here? (Score 1) 153

I'm firmly of the opinion that we need a change in the way we interpret laws, if not a change in the laws themselves. If you sell a physical product, you must support it for a minimum of 7 years with repairs, etc. How is software any different? Game companies should be required by law to maintain their servers for a minimum of 7 years from the time that the last copy was sold.

And honestly, given that the products actually stop working en masse instantly when the company pulls the plug, rather than merely failing naturally as components fail to function, I think we need a law change that requires any company that sells software that depends on a server to make that server available as open source a minimum of one year before they shut down their own servers, and requires them to make the data available to users so that they can migrate their data to someone else's server.

Comment: Re: Sen. Feinstein (Score 1) 538

Libertarians, maybe, but they bring a lot of other baggage in their politics, like a belief in a magical free market that solves everything. At least the Republicans don't pretend that their reasons for wanting less regulation of business is anything other than what it is—a belief that businesses do better when they are regulated less. In any form, such policies are, of course, roughly the opposite of fiscal conservatism; neoconservatives are neither new nor conservative.

And the Tea Party is anything but socially liberal, from what I've seen.

Comment: Re: Sen. Feinstein (Score 1) 538

Center isn't necessarily critical, but California is a socially very liberal state on the whole (well, progressive I guess is a better word), and running a social conservative there is about as effective as screaming at a brick wall. California's fiscal views, however, are much more varied. If the Republican Party wants to win elections, then, it naturally follows that they must adjust their tactics to better suit the region by running socially liberal, but fiscally conservative candidates. If they did that, they'd get a lot more votes, while still retaining at least some of their core values to some extent.

I've got all the money I'll ever need if I die by 4 o'clock. -- Henny Youngman

Working...