Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Fuck the wisdom. Tell her about who her father is (Score 1) 684

I would want my daughter to know who her father is as a person.

There is a great deal about you that your child will remember. But there are clearly stories about yourself that you would never tell a 12 year old girl.
Things like the first time you got drunk, or did something that horrified your parents. Essentially, things that your best friends and wife might know but might not tell your child about.

So tell your kid about the first time you got drunk, but also say why you did that and what you were thinking. Tell you child about the most important decisions you made in your life, and why you made them. Tell your child about your regrets and what you wish you could have done differently. If you have any strong beliefs that are important to you, talk about them and why they are important.


Comment: Yes and no (Score 1) 293

by jd (#49129871) Attached to: Moxie Marlinspike: GPG Has Run Its Course

First, the complexity of the engine shouldn't matter. You will never get the bulk of users out there to use, or care about, the real power of the engine. They don't want to mess with the engine. The engine should be under the hood, in a black box, whatever engineering metaphor you want. Users just want things that work.

I remember way back when I was at university. There were various absolute rules for good software engineering. The first was that the user should be presented with a must-read manual no longer than one paragraph. Tips and tricks could be more extensive, but that one paragraph was all you needed.

The second was that the user absolutely must not care about how something was implemented. In the case of encryption, I take that to mean, in the case of e-mail, that the engine should not be visible outside of configuration. A supplied key should trigger any behind-the-scenes compatibility mode or necessary configuration to talk to that user. If the keys the user has aren't suitable to correspond with that person, the system should ask if one is needed and tie it to that protocol.

There should be no extra controls in e-mail, except at an advanced user level. If a key exists to correspond with a user, it should be used. If a key exists for inbound e-mail, the key should be applied. The process should be transparent, beyond getting passwords.

Any indexes (particularly if full indexes) should be as secure as the message, good security practices on both will take care of any issues.

Ideally, you want to have the same grades of authentication as for the early certification system, adapted to embed the idea that different people in the web of trust will have done different levels of validation and will be trusted to different degrees. The user should see, but not have to deal with, the level of trust.

Last, GnuPG is probably not the system I'd use. Compatibility cruft needs to be as an optional layer and I'm not confident in implementation.

There should be eight main libraries - public key methods, secret key methods, encryption modes, hashes (which encryption modes will obviously pull from), high level protocols, key store, index store and lacing store. (Lacing is how these are threaded together.) The APIs and ABIs to those libraries should be standardized, so that patching is minimally intrusive and you can exploit the Bazaar approach to get the best mix-n-match.

There should also be a trusted source in the community who can evaluate the code against the various secure and robust programming standards, any utilized theorum provers and the accepted best practices in cryptography. Essentially replicate the sort of work NIST does, but keeping it open and keeping it free of conflict of NSA interest.

Comment: Re:So, how much do the labels get? (Score 1) 303

by Overzeetop (#49112389) Attached to: Pandora Pays Artists $0.001 Per Stream, Thinks This Is "Very Fair"

Payments are paid to the rights holders. Artists get what is in their contract unless they own the rights.

It's one reason the artists are so up in arms - they're getting shit because they have shit contracts. Well, that and they're just the performer. They think they should get all the money. But that would be like paying an architect $1,000,000 for your house and paying the builder and subcontractors nothing. It doesn't work that way.

Comment: Re:Add it up (Score 1) 303

by Overzeetop (#49112351) Attached to: Pandora Pays Artists $0.001 Per Stream, Thinks This Is "Very Fair"

That's what the artists are not considering. In the best of cases, the entire production team: artists, writers, producers, promoters, will never average more than about $0.55-0.60 per track for a CD or permanent digital download. Pandora pays the cost of a permanent individual license, valuable for the life of the author plus 70 years by copyright law, after just 320 listens. Spotify in less than 90 listens. I'm finding it hard to see the economic case that an ephemeral transmission for 3 minutes is worth more than 1/90th-1/320th of the value of a permanent download good for 100 or more years with no limits on the number of times it can be played.

Comment: Radio streams a million listeners, Pandora to one (Score 3, Interesting) 303

by Overzeetop (#49112301) Attached to: Pandora Pays Artists $0.001 Per Stream, Thinks This Is "Very Fair"

BUT radio plays that song to millions of devices simultaneously, whereas P & S play to a single device. If it's listens we're worried about (and that is what this is about), it would take Pandora 5.7 years for a million people to consecutively listen to that 3 minute Lady Gaga, but radio can distribute the same amount of listens in just 3 minutes.

Comment: The answer: Exactly zero cents to the performer (Score 5, Informative) 303

by Overzeetop (#49112243) Attached to: Pandora Pays Artists $0.001 Per Stream, Thinks This Is "Very Fair"

Performers get zero payments for songs played on the radio ( The authors of the songs (music and lyrics) do get paid. The payments to the rights holders (authors) of the music get paid from radio at a rate which is somewhere around $0.0003 per listener (give or take about 300% - source:

In contrast, a permanent digital download and a CD (which can be played as many times as you like) have the same one time rate of $0.096 per track. This is set by law and is called a mechanical right.

So lets see what kind of relative value we have to a CD or PDD:

One radio listener, one listen = $0.0003, iow a permanent right "breaks even" at 320 listens

For Pandora and Spotify, they have to pay the entire chain - producers, artists, authors, promoters, etc.
If we scale the total fees using an album model, with a typical album costing $9.99 and having 12 tracks, of which 30% goes to the retailer, the value of a "track" is $0.583, or about 6x the amount paid for the author on that track. (you can argue the specifics, but if you're buying tens of millions of CDs worth of songs, you'd better get pricing that it *at least* this good)

So at that 58.3c/permanent track...
One pandora listener, one listen = $0.0014, break even is at 416 listens
One spotify listener, one listen = $0.007, break even us at 83 listens.
Radio has to play that track for 1920 listens to match the total compensation paid by the two streamers.

What does online streaming look like now? Pandora is slightly below Radio in their compensation per track to everyone they pay. You might contend that Pandora "finds" new artists better due to their model instead of radio playing whatever they're given to promote, and therefore provides slightly more value. Spotify, OTOH, lets you choose just what you want - you can play Brittney Spears all day, over and over - and therefore it's more like buying a track. And if you were to hit 83 plays on a track, you'd have been better off just buying the track. 83 plays seems like a lot, but that's over an entire lifetime - actually lifetime plus 70 years in copyright.

Comment: What it really reveals (Score 2) 112

by Overzeetop (#49096283) Attached to: TrueCrypt Audit Back On Track After Silence and Uncertainty

This is good, or bad, depending on the tightness of your tin foil, but I think it reveals something far more important about encryption: we, the average users, are powerless to verify or truly trust any encryption solution offered. To realize that an audit of the code for a single-purpose program can only be done by a very small set of people shows that even with open source we're still just trusting others to safeguard our data. The need for encryption and the mathematical and coding complexity required to understand what we are using to safeguard our data is simply beyond our ability to check that it even makes sense at a basic level.

I'm not so sure I welcome our mathematical overloads.

Comment: Translation (Score 2) 448

by jd (#49084893) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

US businesses are as incompetent and insecure as Sony, but can be provoked into taking absolutely minimal action when their profits are under direct threat by sufficiently powerful financial organizations. You mean nothing, you never have, you never will. You have no say, you have no power, you have no rights, you cannot walk away. You aren't the customer, merely the product. Easily replaced if damaged.

You aren't getting security because security matters. You aren't getting security because you matter. You're getting it because two vendors and a trading bloc said so.

Comment: Stronger? Don't need it. Give me stiffer! (Score 3, Interesting) 106

by Overzeetop (#49073235) Attached to: Nanotech Makes Steel 10x Stronger

Except in specialized cases for manfacturing and mining, we have all the strength we need in buildings and bridges. What we really want is something with a higher stiffness.

Find me a material which costs the same as A992 steel and has a modulus of elasticity of 300x10^6 psi (10x that of steel) and I'll make you a millionaire. With very few exceptions, MOE scales linearly with mass, from Magnesium to Iridium. Beryllium-Aluminum is an exception, but is very brittle and hella expensive.

Yeah, get me 500ksi steel at $0.60/lb would be nice, but if it still has E=30E3ksi it won't save me much in a building. Give me 50ksi steel with E=300E3ksi and I'll save you at least 20% on the steel tonnage in a structure.

Comment: 0.05 from a single drink in 180lb person? (Score 4, Informative) 328

by Overzeetop (#49073129) Attached to: Federal Study: Marijuana Use Doesn't Increase Auto Crash Rates

What chart are they getting their information from - the pre-teen's guide to Vodka?

0.05 is the *peak* BAC in a woman weighing less than 100lbs. At 190lbs, man or woman, you're only half way there (0.02-0.025).

And 0.20 - holy shit, you're well into the "wasted" range and probably are going to have troubles getting the key into the ignition by yourself. For that 180-190lb person, that's shotgunning a .375 flask of Vodka on an empty stomach. Maybe by "four drinks" the poster meant "Four doubles, as made by Bill Cosby at a fraternity hazing initiation"

An adequate bootstrap is a contradiction in terms.