Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:HOME ownership is key (Score 1) 440 440

You have to be able to float that much money to wait for the rebate, correct?

Not if you lease. If you lease, it's the lessor that gets the rebate, so when they calculate the financing they just take it off the top. The federal credit, anyway. This is one of several reasons why more EVs are leased than purchased.

Comment: Re:The reason is more simple (Score 1) 440 440

He also says he had to install a 240V socket it in his garage because apparently though you can charge it on 120V in a pinch, apparently it can cause damage to the batteries. That's according to Nissan.

This is incorrect. Charging on 120V doesn't do any damage to the batteries, in fact it's probably a little bit better for them. The problem with level 1 charging is that it's slow. Assuming the LEAF's battery is empty it takes about 21 hours to charge it to full on the 120V adapter included with the car.

I actually charged my car regularly on 120V and it wasn't as bad as you might think -- as long as I only needed to make one trip into town per day (from my house to the city is about a 40-mile round trip). The car was almost always fully-charged by morning, but if I went somewhere in the morning and came back home, there was no possibility of making a second trip in the afternoon or evening. Not without stopping off at the level 3 charger in town, anyway. Which I did from time to time -- it's free, and recharges the car from empty in about an hour, but it means having to kill an hour, and there isn't much of interest within walking distance of the charger.

So, I installed a 220V "level 2" charger. With it, the car recharges from empty in a little under four hours. In practice, that means that when I pull into the garage and plug in, it's generally full again in a couple of hours. Most of the time the flexibility that provides doesn't matter, but sometimes it's very handy. The level 2 charger cost me about $400. Was it worth it? Maybe, maybe not.

Comment: Mozilla Foundation now works for Microsoft? (Score 1) 152 152

"remember back when Google used to be behind Firefox?"

Google paid Mozilla Foundation $300 million each year.

Now, I understand, Mozilla Foundation now gets most of its money from Microsoft. Microsoft pays Yahoo. Yahoo pays Mozilla Foundation to make "Yahoo search" (actually mostly Microsoft Bing search) the default search engine in Firefox. Most people don't have the technical knowledge to know how they've been manipulated, or how to restore the default search engine to Google search.

The Thunderbird and SeaMonkey Composer GUIs have been damaged, apparently deliberately. Every time you do a file save, the newer versions of both ask for a new file name, and don't suggest the last one chosen. The damage was reported several months ago, but has not been fixed. Is that another example of Microsoft's Embrace, Extend, Extinguish? People who feel forced away from Thunderbird may choose Microsoft software to replace it. Is that something Microsoft is trying to accomplish?

Comment: ...just like functional programming! (Score 1) 61 61

Oh goody. So it's no different than any other monadic polymorphized differential functor system utilizing monoidal categories and parameterized applicative type expressions.

Whew. Lucky me. I was worried about finding something to do over the holiday weekend.

Comment: Re:Basically, you can only spend so much (Score 1) 183 183

Not true, a major problem with the current economy is the low interest rates. There are huge pools of money looking to be invested, and only so many places to invest them. That's what's running up stock prices and moving us back into bubble territory.

Comment: Passwords are not the only way to authenticate (Score 1) 73 73

Both of you are wrong and so is Dustin Kirkland (whoever he is). The core of your error is in this statement:

Only secrets can be used as token for authentication.

That sentence is true, as stated, but only because it includes the word "token". Yes if you're using secret tokens for authentication, then the tokens must be secret. But exchanging secrets (or proof of possession of secrets, which is what most cryptographic authentication protocols do) is not the only way to do authentication. Not by a long shot. In fact, humans hardly ever use secrets for authentication.

How do you identify and authenticate your mom? Do you ask her for a secret password? Of course not. You use the same tools for both identifying and authenticating her, and those tools are a set of biometric markers. The same set of tools are also used in high security situations. Back when I was a security guard in the Air Force, I was trained that personal recognition is the very best form of authentication. Not only is it not necessary to check the badge of an individual you know personally, badge-checking is inferior to personal recognition for authentication (note that badge-checking may still be important for authorization, verifying that the person who has been identified and authenticated actually has permission to enter. Thus I was trained to always check the access control list before allowing someone near nuclear weapons).

With respect to user authentication in electronic contexts we generally use secrets because computers don't (or at least haven't) had the ability to use the sorts of biometric authentication that humans use quite effectively. But, when we equip them with biometric sensors, they can.

HOWEVER, this does not mean that biometrics are useful for authentication in all circumstances.

Secret-based authentication has the advantage that -- assuming the secret has sufficient entropy and can be assumed not to have leaked nor been intercepted and cannot be rerouted (note that that's a pretty long list of criteria, some of which are hard to establish) -- you don't have to worry about the possibility that the authentication could be spoofed. An attacker who doesn't know the secret can't fake knowing the secret.

Biometrics, though, are not secrets. They are public knowledge. This means that an attacker must be expected to have access to copies of our fingerprints or faces. The biometric authentication process is different, though. It does not rely on secrecy of the authenticator, but instead on non-replayability. If we can be certain that (for example) the fingerprint placed on the scanner belongs to the person we wish to authenticate, and that the stored template we match against belongs to the person we wish to authenticate, then we can perform a good authentication. The fact that the fingerprint is not secret does not matter.

Where biometrics fail is if (a) we can't be certain that the livescan data acquired from the sensor belongs to the person trying to authenticate or (b) the stored template belongs to the person we wish to authenticate. Part (a) is particularly difficult to validate in many contexts because faking the input isn't necessarily hard to do, and in some cases an attacker can even bypass the sensor entirely and simply inject a digital copy.

This doesn't mean biometrics are worthless, it just means they're only useful in certain contexts. And, again, their utility for authentication has nothing to do with their secrecy. And rotation is likewise irrelevant and silly to discuss. You need to rotate secrets because you can't be certain they have stayed secret and because if they have low-ish entropy they may have been brute forced. None of that applies to biometrics because they're not secrets and their utility as authenticators does not depend on secrecy.

Can we please kill this incorrect meme about biometrics as identifiers, not authenticators? They can be either, or both, and are used as both, by billions of people, every day, with high effectiveness and reliability. Whether or not they provide security depends on the context.

With respect to credit card payments, fingerprint and facial recognition biometrics are pretty reasonable tools. This is especially true if the sensors are provided by the retailer, and the consumer is providing a traditional electronic authentication (cryptographic challenge-response) with their smartphone or smart card. It's not quite as good if the smartphone is also providing the fingerprint scanner and camera, because in the event of an attempted fraudulent transaction that means the attacker is in control of those components.

But you also have to consider the model that is being replaced. Is fingerprint plus face recognition better than a signature which is theoretically matched by a non-expert human, but in practice never checked at all? Absolutely. Is it better than a four-digit PIN? That's debatable, but it's at least in the same ballpark.

Comment: Re:Most of their apps are annoying anyway (Score 1) 109 109

I tried Inbox, but wasn't impressed. It strips so much of gmail away that it is basically "Gmail for beginners". You want filters, labels, etc, then it is worthless.

Actually, Inbox is Gmail for power users, for people who have massive volumes of e-mail to manage. It takes a little bit of work to figure it out and set it up, but once you have, it's awesome. There are some features it lacks, like complex filters (simple filters are very easy to set up; you just move a message to a label and Inbox asks if you want to always do that. Click "yes" and you have a new filter rule), vacation auto-responder and the like, but you can always use the Gmail UI when you need to set stuff like that up.

The Inbox features that that make it great for heavy e-mail users are:

Snooze.

Many people use their e-mail inbox at least partially as a task list, especially their work e-mail. This results in having to keep e-mails that for you can't work on yet sitting in your inbox, cluttering it up and making it harder to process new e-mail. When you snooze an e-mail, it goes away until some point in the future. You can pick a date and time, or even a location (requires using the Inbox app on your mobile device). Heavy application of snooze with well-chosen times/locations lets you clear all of the stuff you can't do yet out of the way, knowing it will come back later when you can handle it.

Bundles.

Bundles are just Gmail labels, but with an additional setting that tells Inbox to group them in the inbox. This is fantastic for high-volume mailing lists. With Gmail you can get almost the same effect by setting a filter to apply a label and skip the inbox, but then you have to remember to actually go look at the label from time to time. With bundles, you get the same grouping effect but the bundles show up in your inbox so you don't forget to go look. The reason that grouping (by whichever mechanism) is useful is because when you have large volumes of email, most of which you don't actually need to read, it's much faster to scan through a list of subject lines and evaluate what's important and what isn't when you already know the context.

My process for plowing through a busy mailing list is to scan the subject lines and click/tap the "pin" icon on the few that are interesting, then "sweep" the rest. A single click or gesture archives all unpinned items in a bundle. Then I handle (or snooze until I can handle) the pinned items.

I also have a bundle (label) called "Me" that is applied by a filter that looks for my name or username in the To line or the body of the message. This helps me to be sure that I notice e-mails where people are mentioning me or asking me questions. It's the first bundle I look for every time I check my e-mail. Similarly, I have a bundle that extracts e-mails that reference my project's name. That's the second bundle I look at. Other high priority bundles are e-mails from the code review system and e-mails from the bug tracker.

Obviously there are many e-mails that mention both my project and me. That's fine; bundles are labels not folders, and it's perfectly reasonable for an e-mail to be in more than one of them. When I archive a message in one bundle, it disappears from the others. So, often I'll look at Inbox and see the "Me", project, code review and bug tracker bundles displayed, but by the time I've processed everything in the "Me" bundle, the other three have disappeared.

Delayed Bundles.

I think this vies with snooze as the killer feature of Inbox. By default, a bundle appears in the inbox whenever you receive new mail with that label. But there's lots of stuff, at least in my inbox, that I don't need to see immediately. Having low-priority stuff displayed instantly distracts me from my work, or obscures truly urgent e-mail. Also, it's more efficient to handle low-priority e-mail in bulk. So, you can specify that a bundle should only appear once per day, or once per week. Inbox will accumulate e-mail in delayed bundles and only show the bundle at the specified time.

When I start work in the morning I have a dozen or so bundles containing low-priority e-mail. I can quickly scan each of them, pinning the items I care about and sweeping the rest. I have a few bundles for purely informational mailing lists which are set to display once per week, so I only see them on Monday morning.

I'd like a little more granularity on this feature. Specifically, I'd really like to be able to set some bundles to show, say, every three hours. Then I'd only allow the highest-priority bundles to show immediately, giving me larger blocks of uninterrupted time but with the knowledge that I'll still get notified of truly urgent stuff immediately.

Consistent Interface

It took me a while to realize just how valuable this is, but it's really great that the mobile and web UIs for Inbox are virtually identical. I don't have to have two different flows for handling e-mail on mobile vs desktop. The mobile UI is a tiny bit better because of the gestures a touchscreen interface can provide, but my process for using it is the same.

One common complaint about Inbox vs Gmail is that Gmail's more compact; you can fit a lot more stuff on the screen with the Gmail UI. I find that isn't a problem, because the Inbox workflow mostly eliminates the need to scan through a big list of messages visually, looking for something in particular. The need to do that arises mostly (for me, anyway) when I'm keeping a lot of stuff hanging around in my inbox. With Inbox, I don't do that. I snooze it or I archive it, so my inbox is empty nearly all the time. If I need to find something that I've snoozed or archived, I search for it.

Bottom line: If you're a heavy user of Gmail, you should really take a good look at Inbox. Odds are you'll never go back.

+ - Supreme Court justices hold stock in tech vendors, other firms->

xantonin writes: "Chief Justice John Roberts owned up to US $750,000 in shares of Time Warner and its subsidiaries at the time the media giant filed a brief in ABC v. Aereo, which broadcasters won 6-3 last June, with Roberts in the majority. Aereo was a start-up offering TV service to subscribers through specialized antenna farms."
Link to Original Source

Comment: How well you know about socialism? (Score 1) 254 254

It's not just Cameron. The people I know in the UK support this kind of thinking. A few years ago there was legislation introduced to assign a caseworker to *every* child in the UK. It didn't have as little support as you'd think. They are, broadly, a bunch of well-behaved socialist conformists who are afraid of the real world, and think that a panopticon surveillance state will make them "safe". It is disgusting

Just wow, socialism does not advocate panopticon surveillance, infact I don't think socialism has anything to say about matters relating to observation of the population. This is the sort of bullshit that got the US in the hellhole they're in now. I think the most applicable term for it is fascism

Tell us, my friend, how much do you know about socialism?

No, not the 'theoretical socialism' but the ones which had been implemented in real life

Do not tell us what you 'think', as what you 'think' doesn't matter in the whole scheme of things

But do tell us what you know, my friend

I am from China, a socialist country - in fact, I ran away from my own motherland because socialism had turned it into a hellhole

Massive social upheavals and people suffered greatly because under a socialistic society, it is the STATE (or whoever is in power) which dictates what happen, and the people must follow

Whoever dare to go against the grain will be tagged as 'anti-social' and even 'counter-revolutionalist' and are severely punished

I am not saying that capitalism is the panacea, but at the very least, under true form of capitalism, it is the individuals who are responsible for his or her own action, not the state

Those of you who never understand the real horror of socialism please understand this --- we who have gone through the baptism of fire under socialism will never sing hosannas praising socialism because we know how harmful it is

Comment: Re:You know it's not going to work (Score 1) 254 254

Take SSL/TLS. Are they going to demand both parties stash the session key, or do their handshaking through a proxy logging each packet?

Probably not. You're thinking like a geek instead of a politician. Politicians don't get their way by understanding technology. They get their way by finding people who do and forcing them to obey their will.

In this case, what Cameron means by banning encryption is passing laws that say something like, "If your website is used by people in the UK, you must always be able to comply with a warrant demanding data and you must provide all data, even if it is encrypted". The exact details of how that works is neither here nor there to them.

Now of course the interesting thing is how this interacts with jurisdictions, and whether it would be enough to make GCHQ shut up (probably not). The UK may or may not be able to force the hands of Facebook/Google/etc because the UK is such a huge market and they all have offices there, but China was a huge market too and Google walked away from that anyway. So it's hard to know how things would play out. For companies that have no UK exposure it's not clear what they'd do - probably use ad-hoc blocking of any website they suspect might be used by The Evil Terrorists if it doesn't comply. Could be a mess depending on how heavily they enforce it.

Comment: Re:Nevermind the bollocks, here's David Cameron (Score 1) 254 254

All those figures say is that birds of a feather flock together. Tory voters tend to live near each other and because the UK has a political system designed a long time ago for resolving local issues, not surprisingly it doesn't translate votes to seats directly at the national level. As local politics becomes less and less relevant, of course, people feel this system no longer works well for them.

However, as you note, it would not have mattered if Labour had won, or any other party. There are NO parties in the UK that believe people should be able to keep secrets from the government. It's just not something that fits into the political worldview. And because the voting system collapses thousands of decisions down to just one every so many years, surveillance and encryption is simply not democratically decided at all. Basically the wheel of power is decided by the economy, and that's about it.

Unfortunately this is not specific to the UK and is true nearly everywhere, France is even worse for example, and the USA pretends to care but realistically lots of Congressmen would very much like total surveillance of Americans .... and only feel they can't demand it openly because of that darned constitution. That won't stop them doing it in secret though!

Comment: Re:At least he included warrants (Score 1) 254 254

Ha ha, did you think he meant warrants?

He meant warrant. Unfortunately as is often the case with the Tories, they use words differently to how ordinary people do. By warrant he means a ministerial rubber-stamp. For instance Theresa May last year alone "signed" nearly 2,800 warrants, a number that clearly shows zero attempt to investigate their legitimacy and indeed almost certainly means some anonymous flunky is signing them on her behalf.

Comment: Give Obama's answers to security questions (Score 1) 242 242

You're right that it's normally easy enough to find the answers to questions like "what high school did you go to?" I make that much more secure by secretly replacing "you" with "Barak Obama".* I don't enter MY high school, I enter Obama's. I enter Obama's mother's maiden name. So anyone who goes on my Facebook** to get answers will get wrong answers.

* I actually use another famous person, not Obama.
** You won't find much on my Facebook page, because I don't use Facebook. But if I did, it wouldn't show the answers I use.

Comment: Re:Ummmm... (Score 1) 242 242

There's better options than PBKDF2, like scrypt. Also, both require you to chose some parameters; PBKDF2 with a salt of String.Empty, hash algorithm of MD5, and iteration count of 1 is... just an MD5-hashed password. Obviously, those are terrible and stupid parameters, but if people were *good* at choosing secure options then this whole thread wouldn't exist. At least scrypt *only* has the work factor, and it's pretty straightforward.

The UNIX philosophy basically involves giving you enough rope to hang yourself. And then a couple of feet more, just to be sure.

Working...