Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment: Re:Jurors (Score 5, Interesting) 303

It's very hard to explain "this shit" to people when there's someone else equally knowledgeable as you determined to explain why your explanation is wrong.

Asymmetric encryption. Do you explain P vs NP, why NP-Complete is almost certainly not in P but the problems that asymmetric encryption are built on aren't known to be either NP-Complete or P.

NP is a decision problem - but encryption isn't a yes/no problem. How can problems that only have yes/no answers be used to encrypt?

Muddy the water some more - PRIMES is in P. Do you really want to have to explain the difference between constructive and existential proofs while someone is interrupting every time you say anything that isn't 100% accurate.

You've only got to look at the climate change "debate" to see this effect in force. Climate scientists are playing a game of whack-a-mole and the general public cannot tell which side to believe. There are always questions and doubts that can be raised - the mark of a good scientist is asking the questions for which the answer is interesting. The mark of a good defense attorney is raising questions for which cast doubt on the reliability of the witness. The role of the judge is to make sure that the questions that the lawyer asks is relevant to the case - and that's where it gets hard when you've got two experts in their field debating something and one (or both) has an agenda.

Comment: Re:It's just wrong (Score 1) 335

When you already have a defined program (and machine in this case) in front of you for review, then you can determine whether or not it will halt

except when you cant

For any computer program with a finite number of states (finite memory) you can determine whether it halts by running it long enough that it must be looping.

For a computer with 16384 states (An 8 state turing machine with an 8 position binary tape. 8 states * 8 positions * 2^8 values that can be on the tape) you can tell if any arbitrary program terminates by running it for 16385 steps. Any program that doesn't terminate in 16385 steps will run forever.

Comment: Re:quick question (Score 1) 212

by locofungus (#48415905) Attached to: Launching 2015: a New Certificate Authority To Encrypt the Entire Web

Web Browsers DID used to accept self-signed certificates (and certificates signed without a known CA - or cert-chain.) People just clicked through and accepted them willy-nilly. That was a poor security model.

The poor security model was browsers asking for confirmation for self signed certificates.

What browsers should have done is:

self signed certificates or unknown CA - how the "unencrypted web" works today.
No encryption at all - popup "are you sure you want to connect"
Signed certificate - tick (check) mark (instead of padlock) to show that the site is verified.

Now that browers are hiding the "http/https" bit from most people anyway it makes even less sense to treat self signed certificates as less safe/require more warning than a normal http connection.

Comment: Re:symbols, caps, numbers (Score 1) 549

by locofungus (#48138859) Attached to: Password Security: Why the Horse Battery Staple Is Not Correct

They ask for e.g. first, third and fifth characters of a password that must be between eight and twelve alphanumeric characters, and the dropdowns to make the selection are lower case only.

This means they're storing the password unhashed, at best locally encrypted but decrypted to check the user login.

While I suspect that this is true, I don't think it has to be true.

Step 1 - user choses password.

Step 2 - generate hash in normal way and store it.

Step 3 - generate error correcting check digits such that the password can be recovered from any three characters in known positions. (any three characters in known positions must be both necessary and sufficient - designing such an ECC is left as an exercise)

Step 4 - store the check digits but throw away the password.

Step 1 - user enters three characters

Step 2 - error correct the password
e.g. __p_pp__+CCCCC -> PPpPppPP

Step 3 - hash the corrected password and test against stored hash.

Obviously this isn't very secure - it's susceptible to a brute force attack that only requires guessing (any) three digits correctly once an attacker has gained access to the hash and the check digits.

Comment: Re:Not going to be as rosy as the YES! campaign sa (Score 1) 494

by locofungus (#47926997) Attached to: Scotland's Independence Vote Could Shake Up Industry

The UK general election will be 7th May 2015. The government that agreed to this vote almost certainly won't be the government that is negotiating.

No party is going to stand on a policy of "We're going to give your taxpayer money to this new independent Scotland because the last government agreed to the vote." They're going to stand on the "we're going to save as much money as possible for you and stop these handouts to Scotland."

Comment: Re:It's getting hotter still! (Score 1) 635

by locofungus (#47910113) Attached to: Extent of Antarctic Sea Ice Reaches Record Levels

This might a good "negative" feedback mechanism that reduces overall infrared absorption

Unfortunately not. it's night in the Antarctic so the Antarctic sea ice has negligible effect on the albedo of the planet, melting out each year (almost) completely.

Arctic sea ice is significant for planetary albedo because millions of square km (still) survive though the peak sunlight summer months.

Comment: Re:You Fail at Quotations (Score 4, Insightful) 635

by locofungus (#47910065) Attached to: Extent of Antarctic Sea Ice Reaches Record Levels

Since 9/15 is also the day of lowest ice cover in the Arctic, how does this year's minimum compare with history?

It's one of the lowest in history but not the lowest. It's very close to tieing with last year.

Sea-ice volume appears (it's harder to measure reliably although it's more significant that area or extent) to be up on last year which in turn was up on the previous year. That might be a good sign for Arctic ice feedbacks or it might not - 2-3 years is far too short a time to separate signal from noise. Volume is still exceptionally low compared to the historical record.

Comment: Re:Question... -- ? (Score 5, Interesting) 215

by locofungus (#47332621) Attached to: Exploiting Wildcards On Linux/Unix

Back in the (iirc) bsd 4.2 days, su was a suid shell script - at least on the machines I was using at the time.

Setup a symlink to su called -i

$ -i
# rm -- -i

There was a security bug handling suid shell scripts where the user was changed and then the #! interpreter was run, i.e. /bin/sh -i

and you got an interactive root shell :-)

Was very informative when the 'script kiddies' (although I don't recall that term existing in those days) had symlinks called -i in their home directory that they didn't know how to delete ;-)

Comment: Re:So when will the taxi drivers start protesting? (Score 4, Interesting) 583

by locofungus (#47109053) Attached to: Google Unveils Self-Driving Car With No Steering Wheel

and we wouldn't have to worry about being late so much because of traffic jams

I'd expect there to be far more traffic jams because no longer is there an incentive not to let your car drive into the city.

Can't find a parking space - just leave your car driving around. Intelligent cars would actually seek out traffic jams so as to minimize fuel use.

Almost at your destination and crawling along. Get out and walk the last bit and let your car get there in its own time.

Stuck in traffic jam, get out, pop to the newsagent catch up with the car and get back in again.

For the more proactive, stick your Brompton in the back and let the car drive most of the way to the city. Once it starts getting snarled up in traffic, hop out, cycle the rest of the way and let the car do the rest of the journey on its own ready for when you want to leave.

Time it right, and the car will arrive just as you're ready to load your shopping (and bike) back into the car. Hopefully, these automatic cars won't block the roads for the drivers trying to leave the city so the route out will be fast, unlike human drivers who block junctions all the time.

Comment: Re:Motion from the outside not counted. (Score 1) 122

by locofungus (#47057083) Attached to: Even In the Wild Mice Run In Wheels

There was a pet shop - I think this was in the North East of England but I cannot remember why I would have been in a pet shop so maybe not - that had a cage of chipmunks.

Two of them (always the same two) would get onto a wheel side by side and then run like mad.

One was slightly faster/had more stamina than the other one and eventually the other one couldn't keep up at which point it just held on and got a ride "over the top". The wheel would then come to a standstill and then they'd start all over again.

Was hysterically funny and I remember watching them for ages.

Comment: Re:CO2 and climate: my take (Score 1) 323

by locofungus (#47048897) Attached to: Rising Sea Level Could Put East Coast Nuclear Plants At Risk

Yes, of course. Which says that we need to use a longer interval to get a significant trend.

I'm not sure what the point you're trying to make is. If the signal is sufficiently noisy it's easy to find intervals with almost any desired trend, they just won't be significant.

The last 17 years are consistent with the long term trend which is, itself, statistically significant (and positive). Over the last 17 years the trend is (probably - I haven't actually done the calculation) not significant but it's still positive.

Comment: Re:CO2 and climate: my take (Score 1) 323

by locofungus (#47044865) Attached to: Rising Sea Level Could Put East Coast Nuclear Plants At Risk

I don't know why I bother but:

I took the GISS monthly data from May 1997 to April 2014. Spreadsheet gives me a slope of 0.001828 - or approximately 0.02C per year or 0.2C per decade.

This might not be significant, I can't be bothered to do any more, but to say there has been no rise in temperature is disingenuous at best and an outright lie at worst.

The strongest (negative) statement that can honestly be made would be that "there might not have been a statistically significant increase in warming over the last 17 years."

Lend money to a bad debtor and he will hate you.