Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Reminds me of one thing (Score 1) 692

by IamTheRealMike (#49352757) Attached to: Germanwings Plane Crash Was No Accident

Because then everyone dies when the computer fails. Autopilots regularly fail and expect the pilot to take over

I think this depends on your definition of "fail". As far as I know true computer failures where the machine just goes crazy and tries to crash the plane are non-existent. What happens more regularly is the autopilot sees that something weird is happening and chooses to disengage itself - presumably an autopilot program could be written that never disengages and always does the best it can to fly the plane, unless deliberately disengaged.

This is particularly problematic when sensors fail, as they did in AF447, and the computer doesn't know what's going on any more.

No, this is irrelevant. If the planes sensors completely fail then the pilot doesn't know what's going on either, and the plane is probably doomed no matter what. In normal operation these planes are flying in a very small speed corridor between disintegration and stalling. If you don't know how fast your going a stall or overspeed is pretty much inevitable, and if you don't know how high you are even basic visibility problems can cause a crash into the surface. Neither human nor computer can succeed in such a situation.

Comment: Local rates = OK, everything else with them = bad (Score 1) 129

Hopefully though, the rise of MOSS compliant payment processors should make the system easier to follow - you just put a disclaimer up that final price will be based on the buyers VAT rate, and let the payment processor calculate the right rate and store the records.

Which is, of course, contrary to consumer protection laws in much of Europe. Merchants are often required by law to show tax-inclusive prices for B2C sales. (For anyone interested: I have now received conflicting advice on this from official sources in my own government, indicating that X+VAT pricing is now magically acceptable for this purpose again, despite it largely defeating the point of the previous consumer protection rule by hiding the bottom-line price in early advertising.)

The big problem with the new VAT rules isn't the principle of charging in each customer's home nation, if that just means looking up the rate for a given country from a database instead of using a fixed rate. It's a mild inconvenience, but it's an hour or two of programming work for someone, and with MOSS it's maybe an extra hour to file an additional tax return once per quarter.

For a lot of merchants (though certainly not all and particularly not the really tiny ones) the problem isn't even the need to impose VAT on transactions instead of having a threshold. As I understand it, some businesses selling digital goods in EU states didn't have VAT thresholds before anyway, so they already had reporting requirements here, and in places like the UK that did have a minimum threshold before VAT was compulsory, some merchants would have chosen to register for VAT voluntarily anyway because it was advantageous in terms of reclaiming VAT on their expenses.

IMHO the largest and most enduring problems with the new VAT rules are actually all the other things that came along with charging at customer-local rates, from conflicts with pre-existing laws on things like consumer protection and data protection (or potential conflicts, with inconsistent advice coming even from government departments) to the fact that you also have to match the entire VAT regime in each country not just the rate, which means things like knowing which rates apply to which products or services and the local geographical issues (I hope you're not just looking up a tax rate by ISO country code like, you know, everyone, because that doesn't actually work reliably). And of course you require a standard of evidence for the customer's location that will be literally impossible for many small merchants to comply with; at present, I don't see how it's possible for any fully automated system to be 100% reliable here, even for big payment services with dedicated resources and access to all the relevant raw data, because of those local issues of different interpretations of which product/service types get which tax rates and the local geographical anomalies.

The best part of all is that even the EU didn't manage to publish an accurate source of current VAT rates across all affected states in time for the deadline. The information on their own web site was actually wrong for several weeks after the switchover, because Luxembourg changed their VAT rate on the same day. And no-one wanted the data in an actually useful form so you could do something stupid like importing it into a database, right? PDFs running to dozens of pages that you can scan for relevant information are so much more useful.

Hilariously, Luxembourg are actually being compensated by the EU for these changes anyway, so all the arguments about preventing exploitation of low tax rates by different nations within the EU doesn't look so noble any more either.

+ - Germanwings plane crash was no accident

Submitted by hcs_$reboot
hcs_$reboot (1536101) writes "The Germanwings plane crash takes a scary turn. After a couple of days investigation, it appears that the co-pilot requested control of the aircraft about 20 minutes into the flight. The pilot then left the cockpit, leaving the co-pilot in full control of the plane. Then, the co-pilot manually and "intentionally" set the plane on the descent that drove it into the mountainside in the southern French Alps. Co-pilot Andreas Lubitz, a 28-year-old German national, could be heard breathing throughout the plane’s descent and was alive at the point of impact, according to the prosecutor."

Comment: Re:Cruise control? (Score 2) 274

Somebody who can't pay attention to the street signs shouldn't be driving.

No, they shouldn't, but some of them are going to anyway. Since your loved ones will therefore be just as injured/dead if they are the unlucky ones who get hit by a bad driver who was going too fast, dismissing technology that might help those bad drivers to be better, safer drivers seems uncalled for.

Comment: Re:Are the CAs that do this revoked? (Score 1) 132

by Anonymous Brave Guy (#49330839) Attached to: Chinese CA Issues Certificates To Impersonate Google

Yes its a To big to Fail problem, just in another form.

If anything is too big to fail, you are usually better off making it fail anyway as soon as possible to minimise the damage. Some of the problems in the global financial industry today aren't because of inherent weaknesses in the system. Instead they have been caused precisely by allowing organisations to grow too big, or perhaps more accurately by allowing them to take on disproportionate levels of risk, and then supporting those organisations at government level instead of allowing them to go under when they should have.

If your browser throws errors on just about ever site you visit pretty soon "many" people will start using another browsers.

But it won't, because plenty of other CAs are used and plenty of sites don't use HTTPS routinely yet. All the big sites, the Facebooks and Googles and Amazons of the world, would have switched to another CA within an hour. All the truly security-sensitive organisations like your bank or card company or government would update their certificates very quickly as well.

CAs determined to protect their reputation at a time when their industry would inevitably be seriously damaged in the credibility stakes might take longer to issue things like EV certificates as they made a point of fully validating the organisations requesting them. However, basic HTTPS access and the highly recognisable padlock symbol would be back on all the big sites almost immediately. The worst they would likely suffer would be a few minutes of downtime (assuming organisations on that scale don't routinely have back-up certificates with a completely independent chain on permanent stand-by anyway) and maybe a slight increase in customer support calls as genuinely security-conscious users noticed the lack of EV identity for a while.

Meanwhile, any browser that didn't remove a known-compromised CA from its trusted list very quickly would be vulnerable to justified criticism and no doubt plenty of rhetoric built on top about being insecure, and how users mustn't use that browser to visit safe sites like their bank or someone will empty their account. The geeks would get hold of the story first, of course, but as soon as it made front-page news (and something on this scale probably would) everyone would be talking about it that day.

Comment: Re:The Web of trust only works (Score 4, Insightful) 132

by Anonymous Brave Guy (#49330587) Attached to: Chinese CA Issues Certificates To Impersonate Google

Trusting many different CAs has proven to be a bad idea

Trusting any one of many different CAs has obvious vulnerabilities, as this case demonstrates (and it's not exactly the first time the problem of an untrustworthy CA has been observed in the wild). The current CA system isn't really a web of trust, because it ultimately depends on multiple potential single points of failure.

One way or another, in the absence of out-of-band delivery of appropriate credentials, you have to trust someone, so I suspect the pragmatic approach is to move to a true web-of-trust system, where you trust a combination of sources collectively but never trust any single source alone, and where mistrust can also be propagated through the system. Then at least you can still ship devices/operating systems/browsers seeded with a reasonable set of initial sources you trust, but any single bad actor can quickly be removed from the trust web by consensus later while no single bad actor can undermine the credibility of the web as a whole. Such a system could still allow you to independently verify that the identity of a system you're talking to via out-of-band details if required.

Comment: Re:Whatever ... (Score 1) 140

It seems like we probably agree on the general idea here, but I was impressed on a recent visit to a museum where they had mobile apps you could download in advance and WiFi available on-site. Together these let you choose from a number of recommended tours based on duration and topic(s) and then guided you around with directions, highlights, and more in-depth background on various other exhibits you'd pass along the way if you were interested. It was a well made presentation that someone had obviously worked hard to put together, and the only thing that was a little awkward was walking around holding a tablet with headphones plugged in for the whole visit. That's an area where I could see an unintrusive headset might be an advantage.

Comment: Re:Whatever ... (Score 2) 140

People where hostile to people with Cell phones in the 1980's

And today there are quiet carriages on trains, coffee shops with no-phones policies, and generally if you're the guy who talks really loud on the phone then everyone around you still gets annoyed and may actually challenge you if you carry on for long.

And that's for a device that is just an interruption, not a device that a lot of people perceive to be an inherently creepy invasion of their privacy literally because someone just looked at them funny.

In general Google Glass may or may not make it.

I expect technology similar to Google Glass will make it, but I also suspect it will be used primarily for specific applications where it has a clear benefit. I don't think anything too similar will be worn by a lot of people all the time in the near future.

For example, someone walking around a museum might borrow some sort of headset that guides them on a tour and provides background information about each exhibit they are looking at. Staff at a warehouse used for on-line grocery shopping might have a headset that guides them to collect the items purchases in the most efficient way.

However, I think perhaps the tide is already starting to turn against mass surveillance culture, intrusive personalised advertising, and the like. Surely it's only going to get more hostility as things like insurance premiums that people see directly in their bank balance become ever more customised behind the scenes, and as more people suffer significant problems due to identity theft or embarrassing disclosures themselves or know close friends or family members who have.

In fact, I wonder whether even the US government, not exactly a bastion of privacy advocacy, might be having second thoughts about how much personal data is casually thrown around, now that hostile forces are openly doxxing US service personnel and encouraging allies within the US to attack those people and their families at home, as was reported this week.

So if I were going to place a long-term bet on new technologies tomorrow, I certainly wouldn't be backing an obviously intrusive device like the previous Google Glass, complete with tiny camera, always-on microphone, and wireless connection to the mothership. On the other hand, build a device with similar useful features but a less goofy design, and then back it with a widely-advertised and genuine emphasis on privacy so it didn't engender the same degree of hostility from others nearby, and you might be on to something.

Comment: Re:Kill them all. (Score 1) 332

As you say it was stable under the Ottoman empire, because they took over and kept it, America needs to do the same thing. The US, Canada, Australia, NZ were all British colonies, but the difference is the white people never left, so they remain beacons of progress. Hate to sound all racist here, but there is a strong correlation between those and African, Middle Eastern states that were given back.

I think you should probably read a good history of the British empire, followed by 20th century history, before posting nonsense like this.

The causes of problems in the middle east have a lot to do with the long term history of the "beacons of progress" fucking with the region. Specifically when the Ottoman Empire collapsed the colonialists divided the region up along entirely arbitrary borders that often drew straight lines right through native tribes and populations, then appointed flunkies to rule these new countries. There was zero attempt to make something that worked for the people who lived there. This caused serious long term resentment.

Have you ever watched the ISIS video of them blowing up border posts? The ISIS soldiers keep talking about the end of Sykes-Picot. Even though I actually have read a history of the British Empire, I still had to look that one up. It turns out to be the British-French treaty that created the borders of Iraq. Families in different villages were suddenly divided from each other, etc. The people who live there apparently still hate Sykes-Picot to this day.

Plus, when countries in the region got leaders the western powers didn't like, there were interventions (e.g. Iran). There were invasions. Not to mention the gaping wound that is Israel and the absolutist support for it from the US.

There hasn't ever really been a time when more powerful militaries weren't fucking with people who live in the middle east. Religion certainly plays a part, but the USA is a lot more religious than other western developed countries and it doesn't seem to hurt them much ....

Comment: Re:Your government at work (Score 2) 332

You are an idiot. The entire purpose of drone strikes is to carry out very targeted killings.

.... of civilians. You know, when the US says it killed "militants" what it means is "any adult male in the strike zone". This has been verified beyond doubt now, they openly admit it. Often they have no idea who they are killing as the drone strikes are targeted based on e.g. NSA tracking of a mobile phone. Whoever holds the phone at the time gets whacked. This is how they end up drone striking weddings and the like.

If we didn't care about collateral damage and didn't mind indiscriminately killing people, expensive drones would not be necessary.

Obviously you care about collateral damage, not because the USA is such a bunch of caring hippies but because the purpose of drone strikes is to exercise power. You cannot exercise power over dead people. You have to instead kill anyone who does something against your will, or is suspected of doing so, or just someone who got in the way to serve as a lesson to others. If you see the purpose of drone strikes as minimising casualties in a conventional war then you don't understand what drone strikes are for or why the USA uses them. Their purpose is power.

Comment: Re:Fuck those guys (Score 2) 568

And there it is! That European smugness. I didn't expect to see it in this thread but I can't say I'm not surprised. Tells us again, for the millionth time, how your shit doesn't stink....

Yes, there are a lot of smug sounding Europeans posting on Slashdot when stories about the US doing something dumb crops up.

However, today is not one of those days. The OP talked about "other countries". The USA is practically alone in having a problem such as "swatting". It's not just Europe that lacks this issue - it's Australia, Canada, China, Russia, India ...

SWATing seems like a natural consequence of a heavily militarised society that worships soldiers and has decided it makes sense for everyone to be heavily armed all the time. If the rest of the world didn't point out that decisions have consequences, you guys might think it was normal.

After Goliath's defeat, giants ceased to command respect. - Freeman Dyson