Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Hard to believe (Score 3, Interesting) 162

by plover (#49142293) Attached to: Microsoft's Goals For Their New Web Rendering Engine

Microsoft is a very different company than they were under Gates or the Sweat-hog. They long ago figured out that their cash cows were kind of fragile, and they more recently figured out that they alienated a lot of developers. They are now trying to find ways to woo developers to any of their product families, not just to Windows. And they've done some great work on a lot of software engineering fronts, including secure development, powerful tools, integrations, and are even dabbling in open source,

Comment: Re:Pesticides for humans (Score 1) 224

by plover (#49124519) Attached to: 100 Years of Chemical Weapons

My point was that DDT was the first large scale agricultural pesticide that was engineered specifically to be less toxic to humans. You could use cyanide gas on a field, but your farm hands or animals would die if they wandered into the cloud. That meant a farmer wouldn't apply those kinds of poisons except in severe infestations.

DDT made the application and use of pesticides measurably safer, and led the way to routine applications of pesticides on all kinds of crops. Today's pesticides can be deployed on a schedule as a preventative measure to ensure reliable crop yields, and not just applied on an as-needed basis. For that matter, GMO crops are now engineered to express all kinds of toxins throughout the plants, with the plants' own cells serving as microscopic pesticide factories from germination through harvest.

Comment: Re:Pesticides for humans (Score 0) 224

by plover (#49113869) Attached to: 100 Years of Chemical Weapons

As I recall, the agricultural pesticide industry was initially derived from the chemical weapons industry, not the other way around. Poisons had been known for centuries, but weren't widely applied as they were toxic to both humans and pests. Large scale agricultural applications of pesticides began with DDT, which wasn't developed until 1939.

Comment: Re:I don't care how righteous your goal is... (Score 5, Interesting) 224

by plover (#49113805) Attached to: 100 Years of Chemical Weapons

The second you approve of a policy that restricts action X based on moral grounds, you have defined a vulnerability that a less ethical enemy will exploit.

Furthermore, when you're in a war, it's chaos. Bad stuff happens. Collateral damage happens. You certainly don't plan to inflict 1000 civilian casualties, but you can predict that in a city of 1 million people undergoing an all out conflagration, there will statistically be civilians killed, displaced, wounded, orphaned, starving, etc. You don't stop a war just because you're better at math.

War also isn't the first choice of a rational society. Diplomacy, negotiations, sanctions, pressure, demonstrations, all these kinds of activities are intended to solve the problem before it degenerates into war. But there is always another side, and if it degenerates to war, it's because at least one side was acting in bad faith. ISIL isn't even acting as a rational society. They don't negotiate - they enter an area, kidnap and rape the girls and take them forcibly as wives, and kill, conscript, or indenture the males. They use civilians as human shields, betting that an opposing force won't bomb their headquarters if they have them located in a schoolhouse full of children.

An outside society can do two things: allow the continued expansion of slavery and genocide, or attempt to stop it. If non-military resolutions fail, what would you have them do? "Sorry, you can't fight those insurgents because they duct-tape kidnapped children to the front of their vehicles." "Right, we'll just let them continue on their homicidal path because we can't place those children at risk."

It's not like anyone in the West wants civilian casualties. The moral high ground may not be perfect, and it may not be absolutely 100% civilian casualty free, but you can't claim a millimeter of moral high ground if you let the atrocities continue unchecked.

Comment: Re:someone explain for the ignorant (Score 1) 448

by plover (#49089591) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

This problem was addressed in v4.3 of the protocol. Also note that this particular problem only enabled theft from the store by a dishonest customer, but it does not enable the large scale skimming or cloning attacks that have been the subject of headline news.

A fake card can't lie about the PIN because it doesn't have the key needed to sign the packets the card sends to the merchant's terminal. The merchant terminal has a bunch of certificates in it and authenticates the messages coming from the card. In this specific attack, Ross' team discovered the message that said "Transaction Approved!" coming from the card in an offline sale was unsigned, so they had their tampered card send the same unsigned "Transaction Approved!" message at the right time in the protocol. The change to V4.3 (or was it 4.2?) fixed this problem, so it should not be an issue for the US market.

Ross likes to get EMV flaws in the news. While this benefits us all in that the protocol's security is tightened each time a flaw is uncovered, poor news reporting and the claims repeated by ignorant people (and fomented by organizations who don't want to see EMV succeed) are causing counterproductive hysteria. On one hand, EMV is a complex mess that was made worse by all the compromises stuffed in there by competing interests (banks, card associations, terminal manufacturers, card manufacturers, merchants, and payment processors), but on the other hand it's converged onto a remarkably secure solution to a problem that has plagued the industry for over 20 years.

The real crime here is that all the competing interests have resulted in foot-dragging by all the players who see changing over to EMV as too expensive, too hard, too risky; worse are the disruptive elements delivered by those who see EMV as a threat to their current business model. For example, EMV yields a system so secure the merchant's terminals are no longer the weak link, so why should merchants pay for expensive secure terminals? This makes companies like VeriFone nervous, because they'll soon be trying to peddle devices that only serve to secure the merchant's interest, not the cardholders or the banks. The PCI assessors are also finding ways to whip up hysteria and make bank now, because EMV will ultimately render their services unnecessary, too. Meanwhile, the completely non-secured mag stripes continue to deliver fraud around the globe, and the fraud won't stop until the mag stripes are dead and buried.

Comment: Re:someone explain for the ignorant (Score 1) 448

by plover (#49084915) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

Chip and PIN is now relatively secure. The cases that Ross Anderson has exploited generally don't scale beyond a single hacked card. The notable exception was a particularly crappy ATM, with a non-random random number generator. But hacks on the scale of Home Depot and Target will not be possible on EMV transactions. (Card-Not-Present transactions, such as any online transactions, will continue to be at risk).

Comment: Re:someone explain for the ignorant (Score 0) 448

by plover (#49084879) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

Apple jumped on this as a ploy to get customers before EMV completely locked them out of the payment market. EMV is going to render a lot of crappy, insecure technologies obsolete (things like Coin, LoopPay, NFC, and many of the smartphone based "wallet" apps.) But Apple is making their bank on the iPhone 6, and their loyal customers always forgive them for just about anything.

American customers aren't going to like the weird way EMV works, because it will be different and slow, and they don't like change. They will have to learn to put their cards in the reader when the cashier hits total, and keep them in there until the payment is complete; and I bet many of them will forget their cards in the readers a time or two. But at least the transactions will be secure, and they won't have to worry if the waiter is skimming their card, or if there's a data breach at the store.

Online is a completely different unsolved problem, as are recurring payments, and other card-not-present transactions. There are niche technological solutions, but none that are widespread.

Comment: Re:Perhaps it wouldn’t pass today’s .. (Score 1) 280

by plover (#49077521) Attached to: 1950s Toy That Included Actual Uranium Ore Goes On Display At Museum

Especially the scare-mongering over depleted uranium being somehow seen as more toxic than lead is entirely political theater ungrounded in any science.

Not all heavy metal poisoning is the same.

True. Lead poisoning is well understood, and has been for thousands of years. However, uranium toxicity has never been responsible for a single recorded death of a human. Ingested uranium was even used in the treatment of diabetes before the discovery of insulin.

Comment: Re:Its politics/emotions not intelligence level .. (Score 1) 580

by plover (#49049363) Attached to: Low Vaccination Rates At Silicon Valley Daycare Facilities

The problem with that is that you are the one deciding who is trustworthy and reputable.

And why is that a problem? Ultimately the data comes from somewhere, so the more I understand about the source, the better I understand the results. How many studies on climate change were funded by the NSF? The U.S. Army? NOAA? Some land grant university? A private university? Were they funded by Greenpeace? Were they funded by the American Coalition for Clean Coal? Follow the money. If the source of the study's funding comes from someone vested in the outcome, and those results don't fall in the same direction as the other studies, it's not particularly trustworthy.

Rather than belabor my methodology, consider the alternative and look at how the typical person evaluates a topic like climate change: they saw it on Fox News, they saw it in the Huffington Post, they saw it on MSNBC, or they heard it on NPR. Maybe they saw it on Jon Stewart or Stephen Colbert. Or maybe they got it from their boss, or their preacher, or their social club. Maybe they heard it from their favorite politician, or a sports figure, or some random actress. Now look at who has a financial interest in how climate data is perceived by the public: oil, gas, and coal companies. Is it easier for them to manipulate the data, the studies, the politicians, or the media? Is there a reason they won't try to manipulate all of the above, when the difference could mean trillions of dollars over time?

How would you suggest I get better, more relevant, more trustworthy data than looking at the studies? I may put up a weather station and track temperatures over time, but that only tells me about weather, not climate. I'm not going to Antarctica to drill for ice cores myself, or dig up geological strata to look for evidence of palm fronds in the fossil record. And I'm certainly not going to have 100,000 children so I can track the efficacy of their vaccinations. I have to trust others, so I do what I can with what I can learn.

Comment: Re:Its politics/emotions not intelligence level .. (Score 5, Insightful) 580

by plover (#49043541) Attached to: Low Vaccination Rates At Silicon Valley Daycare Facilities

Being a self-perceived-intelligent pig-headed engineer myself, I think you're missing a critical component in that description. I'm right, until proven otherwise. Show me a trustworthy test, show me trustworthy data, show me trustworthy studies, show me proof from a respectable authority that I'm wrong and I will happily change my mind and apologize to you for wasting your time in having to convince me.

One thing I've noticed about software engineers is that too many of them are lacking the critical statistics skills they need to function effectively. Perhaps it's because we tend to think in Boolean terms of true and false. Thus, "I have a 1:450,000,000 chance of winning the lottery" turns into "I have a chance of winning the lottery", which is a different wording that is remarkably easy to misinterpret as a "50:50" chance, even though both outcomes are statistically equal to false. They apply that same lack of understanding to any risk, including vaccination (a 1:3,000,000 chance of a serious adverse reaction becomes "a chance of a serious adverse reaction".)

In the case of vaccines, I was initially a bit skeptical when it came to vaccinating my son. But it was extraordinarily easy to convince myself that they're safe and effective, and that the one study showing a purported link to autism was completely fraudulent. It took about an hour of research that anyone with a browser and half a wit could do. And because it was so easy to learn the truth, I now hold all anti-vaxxers in that extra-special contempt I reserve for the willfully ignorant. In this case I consider them parties to attempted murder. They threaten society as a whole, either because they're too stupid to do the research or too dull to change their minds.

Comment: Re:Z-Wave (Score 2) 327

by plover (#49035169) Attached to: Ask Slashdot: Panic Button a Very Young Child Can Use

There are many home automation systems out there that could serve this up with a wireless switch or a panic button. I have a Vera as well as the parent poster, and it would work perfectly for this task. In addition to text and email, you can also hook up a Prowl notification to be delivered as an alert to your phone.

A well-connected home would give you another option. Instead of relying strictly on the panic button or your toddler's response, you could ask your wife to use the home automation system at least once an hour (or so.) You could then configure it to trigger a notification if no light switches or TV remote buttons are activated, or if no doors are opened or closed during that time. Give her a way to disable it when she sets the alarm clock for a nap, or leaves home for a walk in the park, or whatever. Perhaps after 55 minutes elapse, you could turn on the lights or ring a doorbell to remind her to check in. The idea is similar to the dead man's switch railroad engine cabs have, where the engineer has to press a button or adjust a control every minute to prove he's still awake.

Of course, this might be too intrusive an approach and she may not be interested in this kind of monitoring, or you might think that a tolerable response time for your wife is too long for you to react, but it also might be a backup option that suits both of you.

Comment: Re:Spot Messenger (Score 1) 327

by plover (#49034841) Attached to: Ask Slashdot: Panic Button a Very Young Child Can Use

The problem is that the Spot has more than just the one button. There is a button that sends the equivalent of "OMG MY PLANE HAS CRASHED INTO AN AVALANCHE ON A VOLCANO AND O GOD SEND THE RESCUE SQUADS NOW!!!" to whatever emergency agency is available. Not the kind of thing you ought to place in your two-year-old child's hands.

One person's error is another person's data.

Working...