Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Re:Missed the Boat? (Score 1) 267

The "once someone is paid, they stay paid" is a feature of BTC. It would be nice if there were an escrow mechanism with a time limit so if Alice sells a vend a goat machine to Bob, Bob puts the BTC in escrow, until Charlie vets that the vend a goat machine made it to Bob's place and is usable, then allows the transaction to proceed, or before a time limit, interrupts the transaction and has the money sent back to Bob if instead of a vend a goat machine, it were just a box of cinderblocks. This will help against one of the more common auction frauds, and it protects the seller (the currency goes into escrow before the product is shipped), and the buyer (the escrow agent validates that they actually got what was in the package.)

Of course, this isn't perfect... the Bob the Buyer can pull the vending machine out, place some stones, then allege fraud to Charlie so Charlie nixes the transaction... but that goes from common auction fraud which is an everday happening, to actual felony larceny. Escrow does raise the bar though, and given a high enough value transaction, it might be Charlie has his people waiting with Bob for the package to actively validate that all shipped as it should have.

There is another downside... Charlie's reputation. This was discussed back in the 90s on the cypherpunks list, that if the value of Charlie's reputation was less than what the transaction was, he could collude with either Alice or Bob to fuck over the other party. It might sully Charlie's doings in the future, but if the transaction was valuable enough, hosing one party might just be worth it to the escrow agent, as they could go find another biz after that.

Comment Re:Good idea, but not ready for primetime (Score 1) 267

Right now, we are seeing version 1.0 and version 1.1 of cryptocurrencies.

I can see a version 2.0 of a cryptocurrency coming out, with some features to help:

1: Escrow. It would be nice if a third party, Charlie, could be part of the transaction, and Alice and Bob's transaction it wouldn't be completed until Charlie gives the OK. If Charlie doesn't give the OK, Bob doesn't get the currency... eventually after a selected timeout, the coins wind up back with Alice. Or, it could be configured the other way, where Bob gets his coins if Charlie doesn't step in and say "no" after a period of time. Of course, there can be collusion between Charlie and either Alice or Bob to fuck over the other party, but having the -option- for an escrow service so both parties are happy would go far in making a currency usable for trades.

2: Auditing. The ability for a party to tag their own expenses with their own ID for something, so they can in the future run through the blockchain, and find all occurances of that ID. It would be equal to the "For:" line on a checkbook.

3: Refunds. The ability for both parties to reverse a transaction, on the premise of the item in question being returned. This will go a long way in proving ownership of something if it gets questioned.

4: Disabling spending of currency for a period of time. This adds a "timelock" value, so if the currency owner is going to be gone for six months, even if someone has access to the wallet, the coins can't be spent. Of course, once the time expires, it becomes a race between the legit owner and anyone else who has access to the wallet's private key, but it is a way to ensure coins are not going to be gone while someone is on a trip. Of course, this value should be limited to a fairly period of time (6-12 months), so coins are not tossed out of the economy permanently.

5: Similar to #4, but disabling spending of coins for a period of time... but allow them to be re-enabled if another wallet or private key gives the go-ahead. This way, one can have one wallet that coins go in, set a time lock, but still have an offline wallet that can re-enable use of the coins should the need arise.

6: A way to mark part of the transaction as sales tax (with the receiver agreeing on that), so the sender is showing that the 110 units they are paying, 100 are for the product, the rest are going for taxes like a VAT or the like. Similar to #2, but covering the tax angle. In case of audit, it would be easy to just show the blockchain and that the receiver acknowledged that the tax was properly paid.

7: A way to preen the blockchain after a period of time, say seven years of older transactions, but still keep the crystallographic integrity of the entire thing. This way, eventually, the blockchain size will tend to stabilize as soon as old transactions get expired.

I'm sure there are other ways, but adding some cryptographic tricks (like escrow and moving coins out of play for a period of time) will definitely add to currency security.

Comment Re:So Let Me Get This Straight (Score 2) 246

The Telnet server required an Expect script to use... and yes, you -can- do stuff that way... but it is a relative PITA compared to ssh, Python libraries, and Ansible. As the parent said, sending unencrypted passwords through a link (yes, one -could- do tunnels, but that is another bunch of hoops) was possible... but with SSH (especially with RSA authentication), it is far, far easier.

Comment Re:So Let Me Get This Straight (Score 2) 246

SQL server is a database server, and some applications require it... but at least there are others, and one doesn't have to run their business on it. There are alternatives, from MySQL/MariaDB to Oracle, and the nice thing about Oracle is that there are no license keys to manage, so if there is a disaster, getting your RAC cluster back operable isn't dependent on licensing/activation.

This isn't to say SQL server is bad, but if one wants to move from Windows, there are RDBMS products which are just as good available. If you like NoSQL, but still want ACID... there is always MarkLogic.

Comment Re: Turd (Score 2) 246

This. I'd love the ability to provision a Windows box, toss a SSH key on it and have it ready to be managed via Ansible.

On the development side, being able to Vagrant up a Windows box as easily as I do other boxes would be nice, and make life a -lot- easier when it comes to testing. If I need to create a Windows box to make sure a certain set of Registry settings works, it would be nice to create a base box, boot it, have Vagrant provision it, and have it ready to go. Then, when I want to prove my stuff works to another developer, I point them to the repository with my Vagrantfile and provisioning scripts.

Vagrant is a wonderful tool for testing in the UNIX environment. It (pretty much) guarantees that I will have the exact same environment for testing as the developer, and if their code works in a Vagrant box, it will work in mine. I'd love to have the same ease of use on the Windows side. The closest I can come to this is a WIM image and a directory full of MSI files.

Comment Wonder when "open source" will hit vehicles (Score 5, Insightful) 279

I'm sort of reminded of the early 1990s, pre-Linux, where if one wanted an OS to run on their computer, be it a UNIX flavor, DOS, or OS/2, it cost, and wasn't cheap. It makes me wonder if there would be a niche for a company that produced farm equipment to charge a tad more, as they are not using the cheapest stuff from China, but circuits would be diagrammed, parts would be available, and the equipment would be designed from the ground up for serviceability. Unlike phones and tablets where shaving off a few fractions of a millimeter is critical, a 1950s-era tractor does the job just as well as a modern one.

Of course, there is reliability. A closed source, locked-down ECU might allow something to run for a longer time between servicings, at the cost of more expensive upkeep (since parts only come from the maker.) Would customers mind dealing with a more frequent maintenance cycle, in return for the fact that parts would be cheaper and easy to get ahold of 10-20 years from now, or is the mindset of "use it until it breaks, pitch it, replace it, repeat" too firmly ingrained in the mind of consumers?

It may take some time before this happens. I'm just waiting for "consolization" of cars, where vehicles come with the same engines across the board, but you have to pay license fees to enable the turbos, unlock all horsepower, use the BlueTooth functionality on the audio head... and none of those licenses will transfer with the vehicle, which guarentees that car makers make a significant, tidy sum when a vehicle is sold. Similar with farm equipment. Want to use the PTO? That is a licensed feature and even though the transmission supports it, the TCM won't enable it unless the manufacturer gets $2000 for a license key. Want to use a combine attachment? Another $2000, and it is only good for this harvest season, but you can pay $5000 to have it enabled for five seasons.

How hot will the water get before the frog jumps out?

Comment Re:Absolutely not advertising (Score 1) 92

Android also had this problem. A few years ago, there was AirPush, which eventually forced Google into putting in a mechanism to disable apps from making notifications due to the spam.

I just wonder how long it will be until the advertising bubble bursts, especially if the economy tanks and people are not spending money on gewgaws. Even with apps gathering "god mode" data, there is a limit on how much stuff that can be slurped down and sold. Especially with both malvertising becoming a constant issue , and the general pushback against ads that demand interaction for 30 seconds, demand someone take a survey, demand access to FB and E-mail, and if on a phone, demand an app be downloaded, or any/all of the above. Since stock prices are based on "growth" not actual earnings, when a market hits saturation, it hits the wall, hard. Just like companies did in the first dot.com era.

What will companies like Whatsapp do after that? Join the list of dead companies on the successor of fuckedcompany.com? Charge for their product to end users? Even Google is pushing their way to get territory that isn't ad related so they survive if that bubble pops. People will say that the Internet will grind to a halt without ads that require full screen access... but the Internet existed for decades without that. The economy may move from ads to clearinghouses, but the Internet won't disappear because AdChoices isn't getting their telemetry data from an ever expanding pool each quarter.

Comment Re:Telegram (Score 2) 92

The EFF is one party which gets my respect. Signal looks interesting. It reminds me of the old standby app on Android, called TextSecure, which not just was a decent app for texting, but stashed the messages somewhere encrypted, as a secondary layer of protection. I wish the iOS version had a PIN or the ability to use the fingerprint scanner, just for additional security for messages on the app.

Personally, my ideal app would be one that piggybacks of of existing protocols, but uses OpenPGP for its endpoint encryption. This way, it provides a standard for adding keys, it would be compatible with a ton of existing code, OpenPGP is a known, secure quantity with decades of debugging behind it, and it would make having to worry about transport encryption less of an issue. Messages could be stored with a NNTP-like protocol (where one server would store, forward, then expire when the server's disk space hit a high water mark), or a more direct protocol could be used. Since there are so many transport protocols to choose from, separating the endpoint encryption from the protocol would allow for a lot of flexibility.

Comment Re:Telegram (Score 1) 92

I would actually purport that isn't the case. Facebook, for example. It is used instead of E-mail, NNTP, news websites, discussion forums, chat sites, meeting scheduling, appointments, and many other items. People are too interconnected with it to leave it. In fact, not having a FB ID can be a negative in general, just because FB is used for so much.

People won't be leaving FB like they bailed MySpace. There is just too much tying them to that social network. Heck, there are a number of websites use FB for authentication now... no FB account, no access.

I'd love to be proven wrong on this, though.

Comment Re:after reading the details, this is significant (Score 1) 146

The sad thing is that a password manager isn't a tough thing. However, it requires some thought to do it right.

For example, stashing a syncable database on a cloud provider. Most PW managers either use the same password one uses for the local storage.

However, the database on the cloud provider is where security needs to be tight, and, if possible, not brute-forcable. Ideally, the database would be protected by a randomly generated key, which is then encrypted by each device's private key. If the user wants to add a new device, the new device's key is slapped on a keyserver, one of the other devices shows the user that device's fingerprint and asks the user to compare and approve that the key is the same, then would allow the new device to have its decrypting key entry. If all devices are lost, a recovery mechanism can be as simple as having a password on the chain that unlocks the key, or a shared secret. All solved problems -- this functionality is all native to the OpenPGP format (where one encrypted file can be decoded by any key on the list, or a passphrase.)

For Android and iOS, both have secure modes to store sensitive data. These should be used in combination with the app's encryption, so there is both the device's hardware protection, and the app's protection.

For desktop usage, the app's encryption is likely enough, since desktops are less likely to be stolen.

Backups? Again, there is an easy, secure way to do this. Use a similar encryption mechanism to what Titanium Backup (a must have for Android) uses. It has a public key, and encrypts backups with that. When a restore is needed, each backup file has a private key, which is encrypted with the user's passphrase. This results in being able to do backups without having to hold a key or password indefinitely in memory between sessions, but allows the user to restore/decrypt without worrying about having the proper key... just the right passphrase.

Of course, there is the password generator. Yes, /dev/random or Windows's equivalent is "good enough", but having a password generator which can take user input (keystrokes, using a high speed timer, as well as mouse movements) provides additional randomness, which would be useful if a bug happened, and /dev/random just outputted zeroes or some other glitch happened. The ideal would be a combination of Apple's and Keepass's, where one can use memorable words with a number or two, or generate custom passwords [1].

I just wish someone would do it "right". KeePass has everything nailed, except good syncing with a cloud provider, and if each instance of the password manager would use a PGP/gpg key, then store the database as an encrypted file, this would provide excellent resistance to brute-force attacks, should the cloud provider get compromised, as there would be no passwords to guess.

[1]: Sometimes I was asked to send a user a password over one channel, and data over another. I liked sending passwords in a standard format (like 2-3 Windows CD keys for more sensitive stuff, or phone numbers for less sensitive items) so the receiver knew they were not totally lost when typing in a long password. Thus, having templates come in handy. Same with generating a large amount of starting passwords for an AD domain, where I wanted the passwords to fit the criteria, but be of a certain format so the user knows they are typing in the right thing, and there wouldn't be any "0/O", "1/l" mixups.

Comment Re:Again? (Score 2) 121

Ideally, the best fuel would be something with a high energy per volume, such as the Audi-made synthetic diesel (e-diesel) from CO2 in the air, or perhaps ethanol. Something that doesn't need anything more significant than a liquid storage tank, as opposed to what is needed for CNG, or even LP gas. Cars get into wrecks, and who knows what might puncture the gas tank, so having a complex system is nice, but if it takes out a city block if the vehicle using it gets rear-ended, it isn't workable.

Then comes the engine. Moving to an IC engine design means that you get 1/3 of the energy coming out as torque, and the rest as heat or exhaust. Engine design isn't an easy task either, because it will see environments that the engineers have never even anticipated. So, it would be generations of engines before a H2 motor became as reliable as what moves an average gasser.

What would be the ideal, is what the parent poster mentions -- high capacity batteries. Get a type of battery that is portable, fairly safe (think LiFePO4 batteries), can work in the temperature extremes that vehicles are put to, and has a high discharge/recharge cycle rate. If this gets within a tenth of what gasoline has for energy by volume, this changes everything. The IC engine can be tossed, and electric motors used.

For the average Joe Sixpack, what does the hydrogen economy bring? It means more energy used (hydrolysis is very energy wasteful), so utility prices go up and more base load power plants needed. Hydrogen is very explosive, so expensive means have to be used so mitigate damage to the tank and lines. This means vehicles cost more. There has to be an ecosystem put in place to fill up on H2 or replace fuel storage cells... and that is expensive, which gets passed to the consumer.

Even more insidious, is the fact that the H2 economy will be tied to a limited group that provides the H2 creation and distribution. With an electric vehicle, it doesn't care where the electricity comes from. It can come from a solar array, a water turbine, a wind turbine... there are many ways from the ground up to make usable electricity that it provides robustness. We really do not need another monopoly/cartel.

Hybrids need to go past the novelty stage, to becoming something every vehicle has, just like power door locks. For example, a hybrid pickup, if coupled with an inverter that can handle heavy loads, would make the need for a PTO generator moot. Since a vehicle engine has a lot more in the way of pollution controls than most generators, it is better, environmentally, to have that engine do the work. It also means one less motor to worry about. GM has tried attempts at a hybrid pickup, but the ideal would be to have the technology in the 2500 and 3500 vehicles, which the beefed up electrical storage would be a lot more useful. Even more useful would be a hybrid diesel. If FCGEN (an European group making a fuel cell that runs on diesel) gets something useful out there, then the vehicle could be made entirely electric, but a diesel fuel cell (generating 3-10kw) able to keep the batteries powered, eliminating range anxiety.

tl;dr, the absolute best thing are electric vehicles. Second to that, diesels and synthesizing diesel fuel which doesn't go boom due to vapors. In the interim, it would be nice to see hybrid diesels. Hydrogen is a nice dog and pony show which really is a distraction, and would cause far more expense to every party (except the H2 makers.) Not worth it.

Comment Re:No supercapacitors? (Score 1) 117

I notice Intel enterprise SSDs have capacitors on them, and I'm guessing it is there so the drive has enough power to complete any in-flight writes (or at least find a stable, consistent point on the block/page level to stop and power down.) This makes me guess that for the hard-power off issue, this is a solved problem.

Non-enterprise drives, who knows.

Comment Re:No supercapacitors? (Score 1) 117

SSD do fail, but they fail in different ways than HDDs. It is wise to have backups regardless of what one's primary media is, but SSDs are nice in the fact that they can take environmental issues than a HDD. It is still not good to drop one, but if one drops an external SSD while it is plugged in, it is almost certain to continue working. Drop a HDD, who knows.

I would say that the benefits for using a SSD as primary storage well overcome their drawbacks. Just the fact that don't have that bottleneck of waiting until the set of heads aligns up with the data needed (so a virtualized OS and a host OS don't have to fight for the head array), data doesn't have to be shoved on the inner or outer tracks for performance regions, and other HDD specific issues goes a long way with performance, especially random I/O. Caching and smart HDD controllers have helped some, but SSD just gets rid of the problem entirely.

Of course, this doesn't make HDD entirely pointless. It is cheap, and holds a good amount of storage. Which makes it useful for backups or secondary storage, a place where tape once reigned. I wouldn't be surprised to see HDD cartridges used in a silo, like Sphere 3D's RDX format (formerly Imation).

The future of hard drives are also long term archival storage. Even though tape has an archival rating, while HDDs don't, it wouldn't be surprising for HDD makers to go this route, especially coupled with HAMR, SMR, patterned media, and other technologies which add storage, but trade off with I/O performance and the need for TRIM-like commands or garbage collection by the HDD controller. A good start in this direction are the NAS drives WD has. I wouldn't be surprised to see more drives go this route, but likely in the 2.5" form factor so RAID enclosures can be smaller.

Comment Re:Nobody fucking wants this (Score 1) 196

Of course, the downside of that is that when the car has major trouble, such as an electrical malfunction, or a dead battery bank, there isn't any fixing of the vehicle... the vehicle just will have to be replaced. Similar with car wrecks... more than just a "love tap" can cause the insurance company to just total the vehicle and call it done.

Electric cars have their place, and for a lot of people are useful... but until there is a better infrastructure for long distance trips, range anxiety will be an issue, and people will still continue to buy vehicles with IC motors, just because they will start and run even if there is a power blackout. I wouldn't say dealers and service stations will be gone anytime soon. In fact, with all the proprietary gizmos, they will make even more money. A clogged particulate filter? $3200 right there. An air filter with a built in MAF sensor? Even a battery replacement on some vehicle models require one to haul the vehicle to a service station to have the battery "registered" with the ECM, and the new battery will only last a year before failing.

Slashdot Top Deals

Nothing will ever be attempted if all possible objections must be first overcome. -- Dr. Johnson

Working...