Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:This synopsis (Score 1) 120

by TapeCutter (#48624559) Attached to: Research Highlights How AI Sees and How It Knows What It's Looking At
There are exceptions - Calculus is a good example, That's why everyone knows the name Newton more than three centuries after his death, calculus and his laws of motion enabled the leap called the industrial revolution and inspired the social leap known as the enlightenment.

Comment: Re:This synopsis (Score 1) 120

by TapeCutter (#48624527) Attached to: Research Highlights How AI Sees and How It Knows What It's Looking At

It's like expecting Google search to suddenly gain sentience

Meet Watson, it beat the best humans in the open ended problem domain of "game show trivia" using natural language processing. When it won the Jeopardy championship it had 20 tons of air-conditioning and a room full of servers. Today it runs on a "pizza box" server and you can try it out yourself. After Jeopardy it went back to working with various medical institutes where it was trained and fed on a steady diet of medical journals, it's now well past the point where it became knowledgeable enough to pass the test for a US GP's license.

True Watson is blind, but I suspect the problems with visual input is more about the human teacher's failure to provide the right context and experience than it is about the artificial students ability to learn.

Comment: Re:Ugh, WordPress (Score 1) 29

I recently moved from hand-written HTML for my personal site to Jekyll, which is the engine that powers GitHub pages. It does exactly what I want from a CMS:
  • Cleanly separate content and presentation.
  • Provide easy-to-edit templates.
  • Allows all of the content to be stored in a VCS.
  • Generates entirely static content, so none of its code is in the TCB for the site.

The one thing that it doesn't provide is a comment system, but I'd be quite happy for that to be provided by a separate package if I need one. In particular, it means that even if the comment system is hacked, it won't have access to the source for the site so it's easy to restore.

Comment: Re:Validating a self-signed cert (Score 1) 327

by TheRaven64 (#48623991) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
That's the best way of securing a connection, but it doesn't scale. You need some out-of-band mechanism for distributing the certificate hash. It's trivial for your own site if you're the only user (but even then, the right thing for the browser to do is warn the first time it sees the cert), but it's much harder if you have even a dozen or so clients.

Comment: Re:The web is shrinking (Score 1) 327

by TheRaven64 (#48623981) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

The 'brought to you by' box on that site lists Mozilla, Akamai, Cisco, EFF, and IdenTrust. I don't see Google pushing it. They're not listed as a sponsor.

That said, it is pushing Certificate Transparency, which is something that is largely led by Ben Laurie at Google and is a very good idea (it aims to use a distributed Merkel Tree to let you track what certificates other people are seeing for a site and what certs are offered for a site, so that servers can tell if someone is issuing bad certs and clients can see if they're the only one getting a different cert).

Comment: Re:This again? (Score 1) 327

by TheRaven64 (#48623971) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

It depends on your adversary model. Encryption without authentication is good protection against passive adversaries, no protection against active adversaries. If someone can get traffic logs, or sits on the same network as you and gets your packets broadcast, then encryption protects you. If they're in control of one of your routers and are willing to modify traffic, then it doesn't.

The thing that's changed recently is that the global passive adversary has been shown to really exist. Various intelligence agencies really are scooping up all traffic and scanning it. Even a self-signed cert makes this hard, because the overhead of sitting in the middle of every SSL negotiation and doing a separate negotiation with the client and server is huge, especially as you can't tell which clients are using certificate pinning and so will spot it.

Comment: Re:Boycott (Score 1) 532

by Opportunist (#48623951) Attached to: Top Five Theaters Won't Show "The Interview" Sony Cancels Release

Terrorists are to you today what communists were to your father and fascists to your grandfather. Just one intangible group of people that we kinda-sorta know where to find on this globe (along with "there might be some in our country" that we can't find without some new laws that cut down your freedoms) to project your 2 minute hate o

Comment: Re:So perhaps /. will finally fix its shit (Score 2) 327

by TheRaven64 (#48623949) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
Every HTTP request I send to Slashdot contains my cookie, which contains my login credentials. When I do this over a public WiFi network, it's trivial for any passive member of the network to sniff it, as it is for any intermediary. Worse, because it uses AJAX stuff in the background, if I briefly connect to a malicious access point by accident, there's a good chance that it will immediately send that AP's proxy my credentials. I've been using this account for a decade or so. I don't want some random person to be able to hijack it so trivially.

Comment: Re:Sandbox before browsing (Score 2) 78

by mjwx (#48623523) Attached to: Over 9,000 PCs In Australia Infected By TorrentLocker Ransomware

We install Sandboxie on all computers that are in for service. The benefits of using it are explained to the customer. A rogue website only takes over the sandboxed session. If infected, close the box, delete the contents and you're up and running again.

That's completely useless in this case as the malware fools the user into installing it. The user downloads a zip file containing an executable, so its well outside the sandbox by that point.

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984

Working...