Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Re:This ruling won't fix anything (Score 2) 202

Simply keeping the data in the EU won't fix anything so long as that data is still being held by US controlled entities, as those entities will still be forced to hand over the data regardless of where it is>

NO! This isn't the case.

What each entity will have to do is separately agree contracts with the relevant data protection registrar (default contracts exists) as to how they will protect that data.

Those contracts will have "get outs" for providing data to law enforcement under warrant. What will be prevented is the wholesale transfer of data to other parties the US. This was supposed to have been prevented anyway - the companies self certified that they were abiding by the relevant EU data protection laws - that data would only be used for the purpose it was gathered for and, if it was passed on to any other parties, those parties would be contractually obligated to follow the same terms.

What this ruling has said is that the "safe harbour" self-certifying regime is not sufficient for data being sent to the US and companies will have to agree individual contracts (with legal and financial consequences if they then violate them)

For the big operators this isn't going to be such a big deal anyway (unless they're secretly handing everything over to the NSA when it will hurt if/when that is uncovered) but it's going to be a right royal pain for smaller companies that may, for example, export payroll data to the US head office for processing.

Furthermore, there's no problem with EU citizens exporting their data to the US - so buying things on a US website, giving name address etc, won't be a problem UNLESS that company operates its servers in the EU. The EU data protection directive basically restricts what OTHERS can do with an individuals personal information to that which is strictly required to complete whatever process it was gathered for.

Comment Re:I wonder... (Score 1) 82

(of which there must be an infinite number)

I didn't put this very well. What I mean is that there must be larger and larger cases.

For the question "what is the edit distance between two n character strings taken from alphabet L" n can grow without bound. If there is a limit to n then, mathematically at least, the problem can be solved in O(1) via lookup.

We often need the general case algorithm even when our inputs are finite. For example, there may be a fundamental limit to how many "characters" there are in DNA (I don't know if there is or isn't) but even assuming there is, the real size of DNA precludes the practicality of building lookup tables to calculate edit distance in O(1)

Comment Re:I wonder... (Score 1) 82

For a given algorithm, what is it's worst case running time across all possible inputs for that algorithm (of which there must be an infinite number)

The answer the algorithm gives doesn't matter. It's how long you might have to wait for that answer that is important.

Comment Re:Here is an idea to play with: Gödel notati (Score 1) 82

Maybe I'm missing something.

ABRE -> A^1 * B^2 * R^3 * E^4
ABER -> A^1 * B^2 * E^3 * R^4 = A^1 * B * B * E^3 * R^2 * R^2 = A^1 * B * E^3 * R^2 * (B^1 * R^2)

So your calculation says that ABER contains BR

And assuming I've done the calculation correctly using your numbers for A B R E, I get ABER = 3320400962775, BR=22445.

3320400962775/22445 = 147934995 = BRE*A

Comment Re:Flipped Classrooms (Score 1) 307

A well-organized group project with proper evaluation and assessment can do more than that.

The problem is "well-organized". Some people learn some things just by seeing an example. Other things they don't "get" and need to be taught.

In the classroom, a group where different people have different skills and the members will learn by seeing how others do things will work well.

But when some of them are in the "I just don't get it" set (for whatever skill is needed) they wont gain anything from the group.

My hypothesis is that social skills are like this too. I used to despair of being asked "small talk" questions. "Which did you prefer" "What was the best bit of the movie" etc because answering those sorts of questions was so hard - they appeared to be the sort of questions that would be set for essay writing homework that require detailed analysis, logical thought and well structured arguments and justifications. Not something that you can just come up with on the spur of the moment.

So I didn't ask those sorts of questions either. Why would I inflict pain and torture on others?

It took decades before I really understood "small talk" The answers don't have to be rational, well thought out or require the ability to withstand a dissertation defense. You're allowed "touchy feely" answers. You can just make something up and it's all just a springboard to having a chat.

I still find it hard work and hard going. I need time alone. But more than anything else I wish I'd been "taught" small talk in school. I needed a cookbook. These are smalltalk questions, these are the sorts of answers. The rationalization and understanding can come later. But I wasn't going to learn it just by seeing others doing it because I wasn't hearing the right questions.

Comment Re:Re-what? (Score 1) 139

To really be secure, the card should be usable with a small terminal to sign web transactions.

They added this functionality - it works on all my cards. But only Barclays online banking seems to use it (at least of my cards).

I believe the sticking point is that people don't want to walk around with the card reader device. I can understand it but I do think it's a shame that you cannot voluntarily use it for online purchases instead of all the error ridden javscript XSS that you have to work through instead which has the "enhanced security" of requiring you to know your DoB.

Comment Re:Re-what? (Score 1) 139

Safekey, 3DSecure, etc have some potential to make peoples systems less secure


If they make the system so much more secure, why do I have to allow cross site scripting for them to work?

Why do I have to enable javascript for them to work?

I changed my credit card provider because I could NEVER get it to work properly. It still sends me to the "XSS attack page" so I have to click "unsafe reload" but I don't have to provide a password or DoB.

With my old provider I would get a message saying that the transaction hadn't worked. Try again. Try again. Discover that I've been charged multiple times.

Last week I was buying theatre tickets. This time it told me that it had failed however the merchant site was showing the tickets as bought. So I called them up. "Yes, it's all gone through fine". A few days later I get an email saying "Your payment hasn't gone through". Fortunately they held my tickets to let me pay again (over the phone which always works)

Comment Re:Comments Summarised (Score 1) 435

Currently the computer is already making external routing decisions in the form of "I don't know this address I'll send it to the default gateway

But the default gateway can then choose which ISP to use and will NAT the source address to that ISP. (With a bit of jiggery pokery to ensure that subsequent packets on that connection go via the same route)

But if the original source machine has already picked which IPv6 source address to use then the firewall has to use the correct ISP (as, hopefully, packets with a spoofed source address will be blocked and return packets will come via a different route so the firewall will probably not like them either.)

It's certainly true that companies who have allocated globally routable IPv4 addresses already have this problem but the vast majority of small companies aren't in this boat. I doubt there are ANY companies who use two different sets of globally routed IPs assigned to their desktops from two different ISPs which they're using for redundancy.

Large companies - ipv6 transition is (relatively) straightforward. Firewalls/proxies etc mean that the company can probably change to IPv6 at the border without having to touch the internal network at all. (There will be some specialist uses that will need attention)

Home users and very small businesses - ipv6 transition is likely completely transparent. My old iPad uses IPv6 when it connects to the ARIN countdown page on my home connection and I have done nothing to it to enable that. It uses ipv4 when I connect from the public wifi at work.

Small businesses - ipv6 transition is going to be more difficult. Not impossible, just more difficult and every small business is likely to be just sufficiently different to every other one that there isn't going to be a cookbook solution.

Comment Re:I know where to find 4 full class C's right now (Score 1) 435

There's the equivalent of over 3000 full class Cs on the waiting list for supplying by ARIN right now. (OK, there are currently no requests for a class C as any request that could be satisfied by a class C was, until yesterday, being filled from the available pool)

Recently they got given (IIRC) a /15 and two /16 which were immediately filled from the waiting list.

The problem with giving you (and anybody else) a /28 is that unless it's aggregated at the ISP, the global routing tables are going to explode (they're already pretty bad unfortunately)

So if you want that /29 then you're going to have to find someone who can use the rest of the /24 who will route that subset to you.

Comment Re:Comments Summarised (Score 2) 435

You can even NAT IPv6


This is one place where AFAICT, ipv6 is going to be a problem.

If you're a small company with a couple of different ISPs over a couple of telephone lines for redundancy you've probably currently got your LAN configured with 192.168.x.x or equivalent.

Your firewall/router then NATs that traffic and forwards it out over one or other of the connections. Your users computers don't care.

IPv6 makes this more difficult. In theory every computer on the LAN could have two different prefixes but now the external routing decisions are being made at the users computer rather than at the firewall.

Comment Re:Move to the latest version? (Score 2) 435

as they will be able to argue that "IP address does not equal individual" no longer applies.

No they won't. It will make no difference. The ISP will (presumably) assign a /64 (or bigger). I hope ISPs assign at least a /60 otherwise we're likely to end up with a huge mess of hacks in the linux kernel to allow subnetting of a /64 and also some form of autoconfig.

If you use the privacy extensions then it will make zero difference. The RIAA will be able to tell that the traffic came via your router but not from which machine. And if you don't keep logs of which machine used which IP when then nobody will be able to tell which machine was involved.

It may well make things harder for the *AAs. At the moment, ARIN requires that all your existing IPv4 allocations are in use (and hence documented in whois) before they'll give you more (so the data tends to be accurate to within about a 6 months timescale). When ipv6 comes along it's likely that registries will NEVER go back for any more addresses so will have no incentive to update those records. At the moment the RIAA can always tell which ISP an IP belongs to. That may well change in the future and there will be an extra step for them even to locate the ISP so that they can identify the subscriber.

In fact, should more addresses be required from ARIN in the future, it may well be easier to setup a new company to request a new block rather than go back and update years, possibly decades, of records to show that you need that second block.

Comment Re:They knew what they were doing from day one (Score 1) 618

Someone in management made the decision to not install a urea injection system which is necessary to keep emissions to legal levels

Obviously not as these cars did manage to pass the emissions tests albeit in a "cheat" mode that reduced the available power.

It's quite possible that an engineer somewhere said "You don't NEED a urea injection system to meet the requirements" and built in a proof of concept test system to prove that it could be done.

Then someone in management, not even aware that this was a cheat mode said "Hey, look, our cars already pass. Ship it"

And the engineer who wrote the original proof of concept wasn't at the company any more to raise a red flag.

Comment Re:Single line of code? (Score 1) 618

Some thought must have gone into this fraud.

The only bit (based on the news reports I've seen) that appears to have required much thought was the code that actually detects a test is in progress.

One complete management chain programmer->CEO could have innocently created a config to optimize emissions.

Another (or the same on a different day) could have done the same to optimize performance.

A third could have had both sets included - even if not user selectable, it's perfectly understandable that the car can potentially be dealer configured to meet whatever legal requirements there are (and at least in the UK there are talks about different cities having different rules for diesels)

I cannot think of an innocent reason for the car detecting that it's an emissions test except that, at least in the past, emissions tests in the UK at least have involved putting diesels into "non-normal" states - and, in fact, when emissions tests first became compulsory on the MoT test there were stories of diesels blowing up on the test rig due to overreving the engine with no load so I suppose it's possible that it was necessary to detect an emissions test was in progress even to allow the test to proceed.

Comment Re:Pretty reasonable (Score 1) 235

The court indicated it was about $12M in actual provable loss

This is NI so possibly not the same as the rest of the UK but in most cases losses have to be quantifiable in UK law to be claimed in damages.

This can lead to some (imo) unfair situations where if a 'labour of love' is destroyed then damages are likely to be merely the raw material costs.

There are exceptions, and the law is beginning to recognise 'emotional distress' as a loss but, in general, when you see quantified losses or damages in UK cases they're probably numbers backed up by receipts, actual costs or realistic lost sales.

Crazee Edeee, his prices are INSANE!!!