Forgot your password?
typodupeerror

Comment: Re: Passwords should not exist (Score 2) 173

by dgatwood (#48226269) Attached to: Passwords: Too Much and Not Enough

They only fix 2 problems - weak passwords and keyloggers.

That's not true. They also provide protection against:

  • Shoulder surfing attacks, which require no compromise to the internals of the endpoint
  • Storage of data encrypted with a protocol that later proves vulnerable in some interesting way, such as a key compromise

For example, consider heartbleed. If someone stores your encrypted communication, and later compromises a host's private key, that attacker could ostensibly decrypt those communications. If you use a password, that password is compromised, and it's "Game over, man." If you use a physical token, only the PIN is compromised (assuming the actual verification happens in a separate process).

Ideally, you would still want to issue new PIN codes, but the account hijacking risk would be largely mitigated by the physical token requirement, at least after the n-hour cookie expiration window passes, and you could even eliminate that window by expiring any cookies in your authentication database before bringing it back online after you fix the heartbleed vulnerability.

Comment: Re:USB VID is meant for a specific organization (Score 1) 508

by dgatwood (#48224873) Attached to: FTDI Removes Driver From Windows Update That Bricked Cloned Chips

Regardless of the fact that it may be legal for others to do so, it's unethical and clearly misrepresentation.

Not true. Lots of small homebrew hardware uses off-the-shelf chips like the ones FTDI builds without applying for their own VID/PID combo. This causes minor headaches because software can't tell them apart from one another, but as long as the final product doesn't have a USB logo on it, it is perfectly acceptable to sell it, even if your homebrew flash programmer looks like a USB to serial adapter to any software that asks.

If you want to use the USB logo, you have to apply for your own VID/PID combo and reprogram the chip to identify itself as being your product, and ship a custom driver that talks to it (which could be a modified version of the official FTDI driver, or the open source driver, or whatever).

Comment: It's not a tank (Score 1) 153

by plsuh (#48220323) Attached to: British Army Looking For Gamers For Their Smart-Tanks

Geez how the press gets this sort of thing so wrong. It's not a tank, it's an Infantry Fighting Vehicle (IFV). It's lightly armored against small arms and small-bore auto-cannon rounds, not against ATGMs, tank main guns, or RPGs.

https://en.wikipedia.org/wiki/...

The weight at 34 tonnes is much less than that of any current front-line tank (according to Wikipedia the Challenger 2 is 62.5 tonnes, almost double the Scout SV). It is a lot heavier than most current IFV's (e.g., the German Marder at 28 tonnes or BMP-3 at 18.7 tonnes), but that may not be such a good thing. It makes strategic mobility more of a problem and ensures that the Scout SV can't swim across rivers by itself.

Some reporter just cut and pasted from the press release. Feh!

--Paul

Comment: Re:Is this legal? (Score 1) 687

by dgatwood (#48210721) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.

First, there's no such thing as "illegal access to software". The customer may be violating a licensing agreement, but as a rule, that's not a criminal offense.

Second, I'm pretty sure there are third-party FTDI drivers out there. So you really can't make the argument that the clone chip vendors don't have an alternate driver. The best you can do is state that if a clone gets bricked, it means that the commercial FTDI driver was loaded at least once by the customer for some reason (possibly with the intent to use it with the clone hardware, but possibly to use it with some other device), and that it matched the clone because it was attached while that driver was loaded.

Comment: Re:Is this legal? (Score 1) 687

by dgatwood (#48210693) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.

Actually, if you sell it as a "USB/Serial converter", then you are, because the USB mark is trademarked.

Only if they use the USB trident mark. The letters "USB" are likely to be held as descriptive.

If some medical device manufacturer uses a consumer-grade FTDI chip - counterfeit or not - in a medical appliance, then that manufacturer is the one who would be liable, as FTDI has already made it clear that these chips are not certified for such uses.

Liability is not binary. If the failure were accidental, you'd be correct. Because it is deliberate, at best, both companies would be held liable—the medical device vendor for choosing an unsuitable part and FTDI for deliberately breaking it, and at worst, FTDI would be held solely liable for deliberately breaking it.

Comment: Re:How hard is it to recognize a stoplight? (Score 1) 283

by dgatwood (#48210663) Attached to: Will the Google Car Turn Out To Be the Apple Newton of Automobiles?

No, I haven't solved any of the hard problems, because determining whether a colored ball or arrow is meaningful really isn't one of them. The hard problems are things like:

  • recognizing and handling road signs
  • dealing with potentially contradictory lane markings
  • dealing with rain on the cameras
  • determining which way to swerve when avoiding obstacles (like a dog running across the road), and whether to brake instead, or do both
  • choosing whether it is better to hit the object in the road or swerve into the next lane (including computing the distance and speed of an oncoming vehicle correctly, even if it is a motorcycle)
  • handling four-way stops when other vehicles don't follow the rules
  • determining weather conditions sufficiently to compute braking distance correctly (Is it rainy or just cloudy?)
  • recognizing that there are kids playing by the side of the road and you should probably slow down just in case one of them falls out into the street....

Traffic lights are relatively straightforward by comparison, so long as they are working.

Comment: Re:How hard is it to recognize a stoplight? (Score 1) 283

by dgatwood (#48210355) Attached to: Will the Google Car Turn Out To Be the Apple Newton of Automobiles?

Describe for me, programmatically, the difference between a stoplight and a taillight.

That's easy. The stoplight is above you. Two cameras at different angle provide sufficient parallax to tell the difference between something far away on a hill and something nearby above the car. And you're done.

and a police light

Same answer.

and a neon sign

Same answer, plus the stoplight is not on the side of the road, as computed based on distance to the edge of the road when looking forward.

and also, please include all the many shapes and sizes of the various stoplights all over the country.

No need. Humans can't see the shape of the fixture when driving at night, but that limitation has never been a problem. You just need to know the color and to be able to figure out which colored light corresponds with which lane.

Comment: Re:How hard is it to recognize a stoplight? (Score 1) 283

by dgatwood (#48210313) Attached to: Will the Google Car Turn Out To Be the Apple Newton of Automobiles?

its video cameras can sometimes be blinded by the sun when trying to detect the color of a traffic signal.

So can people. One possible solution would be radio signals in every traffic light to indicate the light's state. No signal and can't see the light? Stop the car and tell the driver to take over. This would be useful for eliminating confusion when you have multiple lights as well, so it might be worth pursuing.

That said, the simpler fix is to use a higher quality camera with better lens coatings. I can't remember the last time I saw lens flare that blew out a picture to the point that it was truly unusable except when using old camera gear with uncoated lenses. For additional robustness, put more than one camera on the front, pointed in different directions. That way, lens flare should never be a problem, in practice. (Lens flare tends to be angle-specific, and the sun is in one spot, so if a lens at one angle is in a position to flare badly, a second lens at a different angle probably won't be, assuming your lenses aren't old, uncoated nightmares.)

it can't tell the difference between a big rock and a crumbled-up piece of newspaper

Neither can people, reliably, unless it is blowing. Whatever you see in the road, it is best to avoid it. :-)

Comment: Re:How hard is it to recognize a stoplight? (Score 1) 283

by dgatwood (#48210251) Attached to: Will the Google Car Turn Out To Be the Apple Newton of Automobiles?

Really, the problem is that "when children are present" is kind of ambiguous. What if there's only one child? And is the concern really all children, or just unaccompanied children? Are high school students children? Do kids in strollers count? And so on.

Most drivers would assume that the intended purpose is to increase safety around the time when kids are arriving at school or leaving school en masse. So they would interpret it to mean "Speed Limit [X] on Monday through Friday, from 7:15–8:00 and from 2:30–3:15". If the signs just said that instead of "when children are present", then automated cars could easily do the right thing every time. Also, by being more concrete, the signs would eliminate the selective blindness that causes many human drivers to ignore the lower speed limit.

Comment: Re:backup for 911 (Score 1) 115

by dgatwood (#48207123) Attached to: Software Glitch Caused 911 Outage For 11 Million People

The monthly cost of a landline is cheap insurance in the event of an emergency. Cell towers go down, fail, become over-congested, and cell phone batteries die.

Not around here. I'm paying about $40 per month for a nearly bare-bones land line (only Caller ID). Even if I were on a $0.35 per text plan, I'd spend more money on that land line every month than I would on texting for ten years. Cheap, it ain't.

This screen intentionally left blank.

Working...