Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Bad usability, man (Score 1) 484

by Hognoxious (#49145325) Attached to: Users Decry New Icon Look In Windows 10

Take a look at these, a couple of links away from TFA. http://dtafalonso.deviantart.c...

They're all fapping off about them, but look how faint some of the differentiators for the folder contents are; several of them look pretty much he same.

Also, why is everything turned as if it's facing someone six feet to my left? Well, actually it's only nearly everything, which is even worse.

The ones they're griping about are better IMO.

Businesses

Teamsters Seek To Unionize More Tech Shuttle Bus Drivers In Silicon Valley 249

Posted by samzenpus
from the shuttle-together dept.
An anonymous reader writes with news about the effort to unionize shuttle drivers in Silicon Valley. "Shuttle bus drivers for five prominent tech companies will decide whether to unionize on Friday in a vote that has the potential to dramatically expand organized labor's territory in Silicon Valley and embolden others in the tech industry's burgeoning class of service workers to demand better working conditions. Drivers who ferry Yahoo, Apple, Genentech, eBay and Zynga workers -- all employed by contractor Compass Transportation -- will decide whether to join the Teamsters union in an election overseen by the National Labor Relations Board. Union leaders say they want to bring the drivers into the fold so they can negotiate better pay and benefits -- as well as relief from a split shift that has the drivers working morning and evening shifts with no pay in between. A contract the Teamsters struck over the weekend for Facebook's shuttle bus drivers, who work for Loop Transportation, offers a glimpse of what may be possible: paid sick and vacation time, full health care coverage and wages of up to $27.50 an hour."
Space

12-Billion-Solar-Mass Black Hole Discovered 135

Posted by Soulskill
from the go-big-or-go-home dept.
sciencehabit writes: A team of astronomers has discovered what is, in galactic terms, a monstrous baby: a gigantic black hole of 12 billion solar masses in a barely newborn galaxy, just 875 million years after the big bang. It's roughly 3000 times the size of our Milky Way's central black hole. To have grown to such a size in so short a time, it must have been munching matter at close to the maximum physically possible rate for most of its existence. Its large size and rate of consumption also makes it the brightest object in that distant era, and astronomers can use its bright light to study the composition of the early universe: how much of the original hydrogen and helium from the big bang had been forged into heavier elements in the furnaces of stars.

Comment: Yes and no (Score 1) 295

by jd (#49129871) Attached to: Moxie Marlinspike: GPG Has Run Its Course

First, the complexity of the engine shouldn't matter. You will never get the bulk of users out there to use, or care about, the real power of the engine. They don't want to mess with the engine. The engine should be under the hood, in a black box, whatever engineering metaphor you want. Users just want things that work.

I remember way back when I was at university. There were various absolute rules for good software engineering. The first was that the user should be presented with a must-read manual no longer than one paragraph. Tips and tricks could be more extensive, but that one paragraph was all you needed.

The second was that the user absolutely must not care about how something was implemented. In the case of encryption, I take that to mean, in the case of e-mail, that the engine should not be visible outside of configuration. A supplied key should trigger any behind-the-scenes compatibility mode or necessary configuration to talk to that user. If the keys the user has aren't suitable to correspond with that person, the system should ask if one is needed and tie it to that protocol.

There should be no extra controls in e-mail, except at an advanced user level. If a key exists to correspond with a user, it should be used. If a key exists for inbound e-mail, the key should be applied. The process should be transparent, beyond getting passwords.

Any indexes (particularly if full indexes) should be as secure as the message, good security practices on both will take care of any issues.

Ideally, you want to have the same grades of authentication as for the early certification system, adapted to embed the idea that different people in the web of trust will have done different levels of validation and will be trusted to different degrees. The user should see, but not have to deal with, the level of trust.

Last, GnuPG is probably not the system I'd use. Compatibility cruft needs to be as an optional layer and I'm not confident in implementation.

There should be eight main libraries - public key methods, secret key methods, encryption modes, hashes (which encryption modes will obviously pull from), high level protocols, key store, index store and lacing store. (Lacing is how these are threaded together.) The APIs and ABIs to those libraries should be standardized, so that patching is minimally intrusive and you can exploit the Bazaar approach to get the best mix-n-match.

There should also be a trusted source in the community who can evaluate the code against the various secure and robust programming standards, any utilized theorum provers and the accepted best practices in cryptography. Essentially replicate the sort of work NIST does, but keeping it open and keeping it free of conflict of NSA interest.

The more they over-think the plumbing the easier it is to stop up the drain.

Working...