Forgot your password?

Comment: Re:More trusted third party foolishness (Score 1) 69

by jhantin (#47270303) Attached to: Transforming the Web Into a Transparent 'HTTPA' Database

This is oddly close to what I think DRM ought to be: advisory, not enforcing. Remove the accountability aspect, not least because it's a farce that leaves the most recent honest party holding the bag, and you have my concept of an ideal DRM engine: provenance meta-tags that let you know what color your bits are, which you can use if it affects you or ignore if it doesn't, leaving no rights-holder the wiser no matter what course you take.

Accountability-oriented DRM, which prevents no action but forces your use of certain combinations of certain colors of bits into public record, would be prone to false positives. Pulled in some GPL code to a local build of 7-Zip? Chances are the other code doesn't have a GPL exception to allow linking against the non-Open unrar, so the resulting software likely may not be conveyed (in the GPLv3 sense) at all, but creating or using the resulting combined work won't infringe anyone's rights and shouldn't require you posting public notice that you have created such a combined work if you have no intent to convey it.

Comment: More trusted third party foolishness (Score 4, Informative) 69

by jhantin (#47238427) Attached to: Transforming the Web Into a Transparent 'HTTPA' Database

All I see here is a bunch of stuff that all depends on trusted third parties... and in security circles, "trusted" means "can screw you over if they act against your interests". In this case it relies on trusted identity providers, labeled 'Verification Agent' in the paper.

It all breaks down if a verification agent is compromised, and the breach of even a single identity can have severe consequences that the accountability system cannot trace once information is in the hands of bad actors.

The authors effectively admit that this entire mechanism relies on the honor system; it explicitly cannot strictly enforce any access control, because in the context of medical data access control may stand between life and death.

Finally, the deliberate gathering of all this information-flow metadata would add another layer to the panopticon the net is turning into.

Comment: Re:software doesn't have bugs (Score 1) 235

by jhantin (#46793137) Attached to: Bug Bounties Don't Help If Bugs Never Run Out

My point is that there is probably some dollar value at which the cost to find the next vuln would never increase beyond that... That's what I'm calling the infinite bug threshold.

In other words, some point at which the marginal cost of finding a zero-day roughly levels off, and thus the price elasticity of supply becomes extremely high; your "infinite bug threshold" is a hypothetical limiting case where marginal cost flattens and price elasticity of supply approaches infinity.

On the other hand, there is clearly a segmented market of consumers: software vendors themselves, white hat groups, script kiddies, organized crime rings, information warfare organizations, and covert intelligence-gathering organizations, to name a few. The same vulnerability will have a significantly different price elasticity of demand for each type of consumer, and I expect covert intelligence-gathering organizations backed by world-power governments to have awesomely inelastic demand curves.

Whether or not the marginal cost of finding a new vulnerability levels off, there will almost invariably be some actor willing and able to pay the price to obtain it.

Comment: Re:Three machines (Score 1) 371

by jhantin (#46117949) Attached to: How loud is your primary computer?

Bad cooling? As long as you don't end up with Din's Fire, I guess. Though if it's that loud, don't they complain about that awful din? I guess you wouldn't have to worry about a Power failure, though.

(Sorry, that last one's a gold... er... rupee mine of jokes.)

One laptop of mine with amazing internal wireless capabilities got named khaydarin for its preternatural ability to communicate across space. The thing could get a signal just about anywhere, and was even able to call for help with VoIP over WWAN when my vehicle broke down somewhere my mobile phone got no service at all.

Comment: Re:Bitcoin is another FAIT currency, fake (Score 1) 330

by jhantin (#46089247) Attached to: Bitcoin Exchange CEO Charlie Shrem Arrested On Money Laundering Charge

What is to prevent CLONING (copying) bitcoins?

Because there's nothing to clone? Bitcoin basically acts like a secure multi-party accounting system. Bitcoin balances are held in the form of collections of unspent transaction outputs. Once a transaction spending a previous transaction output is committed to the blockchain (in other words, posted to the global general journal), any other transaction that attempts to spend that transaction output is invalid.

What can be cloned are the private keys that confer the right to spend a transaction output. Two parties having possession of the same private key simply allows either party to authorize the spending of funds signed over to the corresponding public key; it does not provide a way to clone the coins themselves. There's a fair amount of malware floating about that tries to obtain your private keys so it can sign over all your unspent outputs to its master.

As for what's backing it: nothing but agreement among the people involved with it that it has some value, rather like a number of physical commodities that have been used as money in the past. As for the computation cycles expended "mining" it? That's just a measure of resources you are willing to commit to the network's integrity, and (on average) you should expect to be rewarded proportionately to that for providing the service..

Comment: Re:Currently searching - some Brother ref (Score 1) 381

by jhantin (#45214811) Attached to: Ask Slashdot: Best SOHO Printer Choices?

I have access to both a MFC-7840W and a MFC-9325CW.

Well, there's your problem.

In my experience, Brother HL-series black lasers get questionable after about 150,000 duplexed pages due to roller wear, but other than that that they're solid. I don't much care for their MFCs though; besides the build becoming awkward due to integrating a scanner, the fax capability is usually about as useful as a USB pet rock, and the driver software they come with is frankly crap -- doubly so if you use the network-based interfaces.

As for personal use, my venerable HP LaserJet 4L continues to serve, and its no-corona-discharge-wire design is a nice touch. Old enough that it could probably use some new rollers to reduce misfeeds, but it still works.

Comment: Re:The only winning move.... (Score 1) 435

by jhantin (#43585167) Attached to: New Console Always-Online Requirements and <em>You</em>

The only winning move is not to pay.

Precisely. The only way vendors of artificially limited products will get the message is when people stop buying their crap.

This doesn't necessarily mean you have to either infringe or do without, though: many PC games have licenses given away as promotional goodies. For example, the only reason I even hold a license to play Diablo III is because it was a promotional gift-with-purchase thrown in when I bought a new motherboard.

Comment: Re:Open Source License (Score 1) 630

by jhantin (#43499363) Attached to: Most Projects On GitHub Aren't Open Source Licensed

No they don't, this would require information on every ingredient and its amount, something that most definitely is not provided.

Sure it is. And for everything. Ever cared to read the side of your Soda Can?

I see an enumeration of ingredients listed in descending order of quantity but not specifically quantified, and including opaque composite ingredients such as "natural and artificial flavors"; then again, it isn't an open source soft drink either.

A great many things can be combined into the single item "natural and artificial flavors"; the actual composition of the flavor formula need not be disclosed. Quantities can be further obfuscated by providing inline breakdowns of some composite ingredients while leaving others opaque.

Comment: Re:Did hell just freeze over? (Score 4, Funny) 39

by jhantin (#43353357) Attached to: Mining Companies Borrow From Gamers' Physics Engines

This is rather notable in that it's the first article I've seen in a while that talks about both GPU-compute and mining without being about Bitcoin.

You just invoked jhantin's law....

I have my own law now? News to me. But I was talking about the articles linked from the story, not the comments.

Comment: Re:The End-Game (Score 1) 398

by jhantin (#43286533) Attached to: Re: Bitcoin, I most strongly agree with the following:

Currently, bitcoin transfers don't get validated until a new block is mined. Would mining the last coin mean that no new transactions are possible?

There are two parts to the block reward: a subsidy (which, as pointed out, dwindles over time approaching zero) and transaction fees gathered from transactions confirmed in the block. (Some transactions carry a minimum fee based on how many bytes the transaction occupies or to discourage pointlessly small "coin-dust" micropayments; some may include a larger fee in hopes of priority confirmation; small, low-priority transactions carry none.) Stats for the past 24 hours are available from the stats page; as of this post, transaction fees seem to be in the vicinity of 0.3 BTC per block mined.

The general idea, though, is that the more bitcoins are transacted, the more transaction fees are made available to miners, and these fees are expected to keep the network ticking once the subsidy dries up.

Comment: Bitcoin supports coalescing micro-transactions (Score 1) 490

by jhantin (#43275779) Attached to: Will Legitimacy Spoil Bitcoin?

There's already a documented way to coalesce arbitrarily many bitcoin micropayments to a single party into exactly two blockchain transactions without involving a trusted third party. It bears a striking similarity to the two-transaction authorize-capture flow used by VISA and friends, but with the added bonus that the payee isn't trusted to capture for the correct amount.

This (like all smart contracts) is a fairly advanced use-case that basic wallet software isn't capable of, but can readily be built as an add-on that operates as a client of bitcoind.


+ - Bitcoin blockchain forked by backward-compatibility issue->

Submitted by jhantin
jhantin (252660) writes "The Bitcoin blockchain has forked due to a lurking backward-compatibility issue: versions older than 0.8 do not properly handle blocks larger than about 500k, and Slush's pool mined a 974k block today. The problem is that not all mining operations are on 0.8; blocks are being generated by a mix of several different versions of the daemon, each making its own decision as to which of the two forks is preferable to extend, and older versions refuse to honor or extend from a block of this size.

The consensus on #bitcoin-dev is damage control: miners need to mine on pre-0.8 code so the backward-compatible fork will outgrow and thus dominate the compatibility-breaking one; merchants need to stop accepting transactions until the network re-converges on the backward-compatible fork of the chain; and average users can ignore the warning that they are out of sync and need to upgrade."

Link to Original Source

Polymer physicists are into chains.