Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Profitable (Score 1) 109 109

Some of those apps are probably really profitable. If you're somebody who likes to listen to lectures and you're not one of the 0.00001% of nerds who use xposed, to turn your screen off while YouTube plays costs $120/yr for a subscription (the feature is non-technically tied to Google Play Music).

There might some apps that have in-app purchase fees higher than $10/mo to keep going, but I haven't run across them. I realize you can't give everything away forever, but Google's got a lock on that market and boy do they monetize it.

Comment: Re:We're All Dicks (Score 1) 246 246

Seriously, does anyone make it to the top without at least some dickness?

Depends on which "top" you mean. If you mean "wealth and power", then, yeah, those are ends that dicks seek and so the successful there are almost entirely represented by that type.

But it's possible to have a huge amount of money and a stupid ugly yacht and for many sensible people to still consider you a failure, especially if you have failed family relationships and your employees fear you.

"Some people are so poor all they have is money."

Comment: Re:alogrithms aren't racist (Score 2) 349 349

I don't believe the algorithm is impugning the humanity of my offspring, I just think it is far-from-perfect.

But is the algorithm even wrong? I think the question to the Google recognizer is "of the images in my collection which ones look most like a seal"? If the collection is mostly all pictures of your kids, it'll show you the pictures of your kids that it thinks have the most in common with what it has as an idea about what seals look like. This isn't to make fun of your kids, of course, it's just its best guess due to the nature of the question that was asked of it. A human could make a similar selection when posed with the same question.

So as to the point of TFA, the searcher asked Google for the pictures that are most likely to be pictures of a gorilla inside his photo collection. If we assume that there were not actual pictures of gorillas in the collection, then the guess might not be a bad one. If you gave any human a set of pictures of a speedboat, a skyscraper, a turtle, a box of cereal, and a woman, and asked the human which one of those things looks most like a gorilla, there's only one truthful answer. It might be an offensive one to some people but that doesn't make the guess mathematically incorrect.

Reading the Twitter stream, Google has decided to censor such results. Their first attempt was to say "if somebody searches for gorilla and it matches a picture with a face in it, don't show that". That failed on two pics where a face wasn't recognized, so they added even more filtering and now they're building an i18n wordlist of "offensive" words to restrict the algorithm's output depending on locale.

Being a for-profit company, one of Google's primary concerns is to not alienate its users, so for them I'm sure it's the right move. But we need to be aware that it is imposing censorship (on itself) and that the output of the algorithm is becoming less useful to some degree to avoid offending some people. It's their trade-off to make, for sure, but for the larger computing community it's a valuable lesson to keep in mind. Such trade-offs need to be made carefully and consciously.

Comment: Manage Outsourcing (Score 2) 245 245

You listed a bunch of strengths:
1) she has J2EE experience
2) she lives in Spain where the developer job market sucks
3) she has the talent
4) she'd like to move up to a better job

So, how about she goes and finds un/under-employed local programmers, sets up a syndicate, and manages outsourcing jobs for enterprises in areas where the labor market is tight?

That will gain her marketable sales and management skills which she can then parlay into better career opportunities. Maybe even sell the company once it's successful.

I'm assuming she can speak English about as well as you can, which is plenty good (I can't tell if you're native or not).

Here's the thing that bothers me most about your post, though: she's of child-bearing age, so I'll assume under 40, and you say doing IT is better than picking up a new career now. Don't fool yourself - she'll be working another 40 years (unless the AI's take over) and so she's less than 1/3rd of the way into her career. If you love her, you'll want her to be happy for the next 40 years, and you'll support her in finding/creating something that supports her passions and can pay the bills. So, if she really hates IT, ignore what I wrote above and work hard to help her find her purpose.

Comment: Re:That's not what the blockchain is for (Score 1) 46 46

The bitcoin solution is to sell the space to the highest bidder

'A', not 'the'. Sidechains are a much better bitcoin approach (the blockchain need only record the entry and exit points). Marc Andresson's company has been working on just this for a year or more.

Comment: Re:Apples and oranges (Score 1) 107 107

So then, aren't size comparisons between OpenSSL and s2n at best useless, and at worst intentionally misleading?

Possibly misleading, if one doesn't understand the true claims, but definitely useful.

If you're just using OpenSSL for running servers and s2n can provide all of the functions a server needs, and s2n is is 1% of openssl's size, then it's a much, much cheaper target for auditing, and so it's far more feasible to feel secure about it.

If you're doing something different with OpenSSL then the use case probably doesn't apply.

It may be that a machine analysis of the OpenSSL codebase, starting with the function calls from, say, mod_ssl, could produce a useful graph of the OpenSSL code that's actually in use by typical servers. I'm not personally aware of such an effort, but it seems obvious enough that probably somebody has done it.

Comment: Re: Above Congress? (Score 4, Insightful) 161 161

not sure if serious ... CIA people have been in the Whitehouse since 1980, out in the open (it's debatable before then). They spy on Congress, have their own secret kangaroo courts, and carry out overseas executions all admittedly. One could suppose that there's nothing worse behind closed doors but that would be generous towards spies. Who doesn't really think they're blackmailing anybody in Congress or other high elected office?

Politics remains the entertainment arm of the military-industrial complex. After all, people would be mildly non-plussed to learn that they were secretly ruled by spooks and banksters.

Comment: Re:Refill (Score 3, Informative) 189 189

Thanks for this. My experience with the refurb vendors has been fair to terrible. I wonder if I should just replace the caps on a leaky refurb toner I got. Brother makes good machines and sells their carts for a king's ransom. I was literally contemplating $50 more for a new Brother color laser than for a set of toner carts for my existing Brother color laser. The refurbs run 25% of the cost, but I'd rather refill them myself now that I know it's possible.

As to the OP - don't spend a gallon of gasoline to bring a toner cart in for recycling - just toss in the trash if that's your only option (for a brand without a mail-back program). Economics is hard, but recycling without considering economics is stupid.

Comment: Re:ipv6 incompetence is nothing new. (Score 1) 65 65

I don't like what you're saying, but it's true. For this reason I disable ipv6 wherever I care about security (vmlinuz ipv6.disabled=1), because I can't trust the existing implementations and I'm pretty sure there will be data leakage if I don't (this story doesn't help assuage my concerns). Therefore, I'm not engaged in filing bug reports very much, because I mostly have to avoid it. Quite a Catch-22.

Also my ISP doesn't offer it and most endpoints don't offer it, so it just adds latency for Internet operations. There are clearly incentives missing or the situation would be better. The recent move to monetize IPv4 space transfers might finally be the impetus needed for network operators to move their internal nets to IPv6, but look at Android 5 not even supporting DHCPv6 (which administrators seem to want) and you can see how far we have to go - whether Google or the admins wind up backing down, there are still fundamental philosophical disagreements about how v6 should be disabled and no amount of shouting "but I'm right" will solve it. That's in 2015 with at least a lead time of five years for everybody to get on the same page, *after* there is agreement. And even if monetization of IPv4 does start to work, the BGP community has had its head in the sand for two decades and really can't handle it.

IPv6 is necessarily more complex than IPv4 since it shifts the complexity of kludges into services (the tech schools aren't even teaching it so only alpha nerds even understand the stack) and fundamentally the transition plan was "we'll make a spec and then everybody will support it for altruistic reasons") which is such a monumental failure in understanding human action that it's socially embarrassing to be associated with the spec. The IPv6 transition will be a warning to future generations about how not to advance technology in society.

Yet we still need it.

Comment: Re:yeah yeah (Score 1) 53 53

It will display a warning and let you continue

No, it won't - and that's the whole problem. It prompted me to write this piece on re-enabling SSLv3 on Firefox which is probably the most heavily-trafficked post I've done on that blog.

Most of these devices will support HTTP and HTTPS. The posture of the browser developers is to blow up HTTPS support on SSLv3 everywhere, regardless of the risk profile.

There are very few people who are going to get $1100 to replace a PDU because the current one only supports SSLv3. As it currently stands, those people have to re-enable SSLv3 for the whole Internet on their browsers to admin their local devices. Pretty soon they will have to stop updating their web browsers entirely.

There are only two possible real world outcomes:
1) people will re-enable HTTP administration and start sending their passwords cleartext on their LANs
2) the very people in companies who do security work will be running outdated browsers, on purpose, to connect to their gear.

3) a million dollars will appear overnight in a company's budget to replace gear for highly theoretical risks

simply is not an option that exists concurrent with reality.

If the browser engineers had handled the situation the same way as self-signed certs, or even made a more complex UI to specifically whitelist certain hostnames or subnets, then we could have made a reasonable transition. But that would have been hard work with real analysis required, and why do that when flipping a switch and boldly posturing is more crypto-macho?

The very same people who jeered corporate people for staying on IE6 are creating exactly the same situation in regards to SSLv3. They may understand a narrow aspect of cryptography very well, but they completely fail to understand the security of complex systems. They are hurting the security and privacy we're working so hard to achieve. Jeers indeed.

Comment: Re:Just run your own (Score 5, Interesting) 147 147

Or be a better netizen by running your own and forwarding to your ISP's.

The whole reason OpenDNS even exists is because ISP's proved they cannot be trusted to run an honest DNS. And let's not pretend that DNSSEC is universally deployed.

Most people here can setup up a 99 cent VPS with an openvpn endpoint running a recursive resolver, limited to the openvpn net. That fits in the smallest slice of RAM available in 2015 and will work fine.

Most other people cannot, though. Google's DNS is honest, if you don't care about tracking - but most people care more about free stuff than privacy.

A memorandum is written not to inform the reader, but to protect the writer. -- Dean Acheson

Working...