Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment Re:You can't be fucking serious. (Score 1) 580

However, that 1 dollar a week thing... isn't it exactly what people here and elsewhere asked for? Like, for so long?

Close, but not quite. Quantity is relevant here. What people were asking for was the ability to pay the amount that the site would have received for the advertising in exchange for ad-free access, not 50 times that amount. It's doubtful that Wired even gets $1/year in advertising revenues from an average non-ad-blocking visitor, never mind $1/week. Paying $52/year just for access to a handful of Wired articles would be unreasonable for all but the most devoted readers.

Comment Re:$52/yr is a lot for a subscription (Score 1) 580

Would you be ok with a company monitoring your browsing habits like that? Such that they know if you bought something already.

The problem is that they're tracking you too closely already. If they just showed the same selection of ads to every visitor then the odds of repeatedly seeing ads for something you already bought wouldn't be very high. Instead, they track you just enough to know that you were interested in the product at one time, without also noting that you already purchased the item and thus are no longer in the market. Rather than adding more tracking, the issue could be resolved by doing less, or at least allowing the obsolete tracking data to expire from the ad profile after a reasonable time (days, not months).

Comment Re: This is why (Score 1) 229

taking advantage of the fact that binary data can be encoded into something that looks like a photo to software

Not just to software; the encoding looks like a photo to humans, too. It may not be a stunning landscape or an entrancing self-portrait, but even a photo of pure noise is still a photo.

Comment Re:Seems reasonable (Score 1) 173

So if the utility wants to deter bitcoin miners from moving in to their area (or at least charge them more to make up for the risk) they need to work with the local government to draw a line in the sand somewhere. That line needs to be drawn in a way that non-technical lawyers, judges and politicans can understand and that can be enforced using information the utility has access to.

I don't disagree with any of that, but whatever "line in the sand" they pick ought to have some relationship to the risks they're trying to mitigate. Power density is simply too arbitrary, and thus discriminatory. Do your bitcoin mining in a traditional data center drawing 220 MW and you pay an extra $3M/month. Colocate your mining operation at a low-energy farm operation spanning a few hundred acres, using the same amount of power, and you pay the normal rates. The risks haven't changed at all, but the power density is much lower.

They should just require a multi-year transferable contract with an early termination fee for any new commercial-grade service, backed by an insurance policy. Established industries with low churn would be able to get low premiums, since their risk would be low. Riskier industries would pay higher premiums. This would deal with the real issue while getting the utility out of the business of discriminating against specific customers.

Comment Re:Seems reasonable (Score 1) 173

To keep entire proposed 220 MW addition under the 250kW/ft^2 threshold you only need to add 880 square feet, which would be far less expensive than paying the 2c/kWh surcharge, over $3M per month for 220 MW.

Never mind that; the summary just got the units completely wrong, and consequently was off by four orders of magnitude. The actual threshold from the linked slides is 250 kWh/ft^2/year, which is a long-winded way of saying 28.5 W/ft^2. Ergo, 220 MW would need a bit over 7.7 million square feet of operating space, or about 177 acres, to stay below the threshold, which makes the rule a bit harder to game. (Partner with a local farming operation, perhaps?)

Power density is still a stupid way to decide electric rates. The size of a client's operating space has no bearing whatsoever on cost or risk to the electric company.

Comment Re:Seems reasonable (Score 1) 173

They are not targeting miners specifically. They are targeting "high density users (more than 250kW per square foot)".

Yeah, right. The rule may not say "bitcoin mining" in so many words, but even the utility company itself said that this was targeted at miners.

The real issue is that kW per square foot is a arbitrary and meaningless metric. It has nothing at all to do with the cost of delivering the electricity or the risks associated with building out new infrastructure. It's not unreasonable that the utility wants some compensation in exchange for the risk of building out expensive distribution infrastructure, especially for the sake of what they see as a risky industry, but they need to come up with a more equitable basis for sharing the risks than "power density".

If nothing else, the metric is too easily gamed: just rent a larger facility. To keep entire proposed 220 MW addition under the 250kW/ft^2 threshold you only need to add 880 square feet, which would be far less expensive than paying the 2c/kWh surcharge, over $3M per month for 220 MW. Minimal expense to the miners—all of which goes to real estate and construction, not the utility—and the utility remains stuck with exactly the same expenses and risks as before.

Comment Re:One word (Score 1) 171

To give only representation to people or groups and not people in different geographies is called taxation without representation, since, then the geographies with low populations are not getting a vote comparable to the vote that larger communities get in the process.

Nonsense. It's people that are taxed, not geographies. Representation by land-mass is perhaps the least equitable way of voting on taxation. That just ensures that the more populous areas suffer from tax burdens far in excess of their representation.

(The most equitable arrangement, of course, would be proportional representation based on how much taxes the individual pays—counting as tax any loss of value due to restrictions imposed on the use of one's property.)

Comment Re:SSL hides malware added by WordPress etc hack (Score 1) 216

And if you're buying internet service from a rogue ISP that alters web pages, you need a new ISP, not a red X.

Big-name ISPs like AT&T, Verizon, and Comcast have been caught tampering with HTTP traffic to insert their own tracking headers and ads—including scripts in some cases—and not everyone has a great deal of choice in ISPs in their area. This is hardly a theoretical concern, and HTTPS is the most direct and effective way to prevent such tampering.

Your own reputation is at stake, along with users' security. Do you want to get blamed for inappropriate content that some random ISP injected into your page? It may technically be the ISP's fault, or even the user's for choosing that ISP, but you made the tampering possible by failing to take reasonable and customary steps to ensure the integrity of the data delivered from your server.

A security-conscious company, head of household, or even ISP can largely protect users against malware that's been added to sites by detecting it at the firewall, as it enters the network. Unless of course it's https, in which case you can't detect the content at all.

If users want that sort of protection they can manually configure a proxy, thus consenting to allow their traffic to be inspected. We do need better proxy protocols for HTTPS which permit inspection but not tampering, and avoid bypassing the browser's built-in certificate validation. This could be accomplished by making the proxy a simple passive conduit while sharing the client's symmetric encryption key and IV with the proxy. This would let the proxy decrypt the traffic as it's forwarded and cut off the connection in the event of a problem, but tampering would still be detectable since the proxy would not possess the HMAC secret.

Companies and households could force all traffic to pass through the proxy simply by blocking direct connections. ISPs would have a harder time getting away with that, which is as it should be. ISP-level malware protection should be an optional benefit, not a mandatory requirement.

Comment Re:Not Sure What the HTTPS Hooplah is all about (Score 1) 216

HTTPS encrypts the data transfer, and provides for VERIFICATION that a third party CA believes the site is who it says it is. No authentication involved.

On the contrary, the HTTPS server is forced to authenticate itself as the holder of the private key signed by a CA. Verification is between the server and its CA, not between the client and the server, and serves as a preliminary to obtaining a CA's signature for the server's key.

TLS can also be used to authenticate the client using a client certificate or a password (TLS-SRP), but this is much less common.

Comment Re:Why do I need SSL? (Score 1) 216

So my simple web server, serving up some basic info - like maybe my most recent cat photos.. Are you saying that I *must* use SSL to do this?

If you don't use SSL then you're putting your users at risk, not because someone might find out that they're looking at cat pictures, but because someone can tamper with the unprotected connection and inject malware which appears to come from you.

And to make SSL work I have to pay to get a certificate (cuz I don't really trust the freebie options yet).

That's your problem. The free certificates work just fine, so there's no need to pay unless you run a big enough operation to warrant an EV certificate.

Comment Re:Google and non-SSL site warnings (Score 1) 216

particularly legacy sites that carry no practical risks

There is no such thing. It doesn't matter whether the content of the connection is particularly sensitive; whenever you connect to any Internet site over an unauthenticated connection, an attacker can take advantage of that opportunity to substitute malware in place of the innocuous data you expected. Malicious scripts, injected third-party ads, exploit-riddled media filesâ"unprotected connections offer endless opportunities for those so inclined to take over your PC. The only way to protect yourself and your PC is to use TLS to verify that the data came from the expected source.

Comment Re:Wait... (Score 4, Informative) 216

So we used to have a simple system, see http:/// on the URL bar, or see https:/// on the bar.

Only http:/// is hidden, so users can still look for https:///. In fact, the difference is even more obvious than before: instead of just one missing letter, the entire protocol field indicates whether the connection is encrypted.

Comment Re:The Bake Sale Model (Score 1) 285

In other words, you want the gold-plated system that you think will work best for you—as you claim not to care about costs—and you don't care how many others must be deprived of the more reasonable levels of care which they could actually afford to get it.

It's not often that you see someone deliberately out themselves publically as a self-centered sociopath, but I do commend you for your honesty.

This isn't an argument for the one-size-fits-all socialist solution. Both options should be available. If all you can afford is the back-alley physician offering hand-mixed medication only marginally more likely to heal you than to make your condition worse, there shouldn't be anyone standing in your way of getting that treatment. (If someone wants to offer you a better option out of their own resources, of course, that's fine too.) On the other hand, if you can afford top-notch care from the finest doctors and are willing to spend the money, no one should interfere with that, either.

The single-payer system doesn't take away the cost; it just redistributes it less fairly. If you make an average income and require the average amount of medical care over the course of your life you'll end up paying just as much in the end, in the form of taxes and/or inflation rather than health care. What it does eliminate, however, is choice. When someone else is being billed for your treatment, the level and type of care you qualify for becomes their decision, not yours.

Slashdot Top Deals

10.0 times 0.1 is hardly ever 1.0.