Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Re: What does this have to do with science? (Score 4, Interesting) 570

I fully realize that everything we think we know about exo-planets may be complete bullshit. There's no way of really knowing until we actually go out there.

Nonsense. Empiricism and experimentalism are thoroughly dead and debunked philosophies of science. Popper explained this quite clearly decades ago.

The way science works is though theories which attempt to provide explanations for observed data. Theories are tested by comparing them to what we've already observed, and by making predictions which we can test. It is in no way necessary that the testing process be experimental, only that the theory be falsifiable (actually, there are a few more requirements of a scientific theory, but I won't get into them).

For example, relativity makes many predictions that we cannot test experimentally, but only observationally. Indeed, the first really big confirmation of Einstein's hypothesis was based on the fact that relativity predicted that the gravitational lensing effect, light being bent by passing near a large gravity well such as a star, was roughly twice as strong as that predicted by Newtonian mechanics. There was absolutely no way for anyone to test this difference in a laboratory, you need a huge gravity well to produce observable effects. Luckily, we have a huge gravity well nearby (our sun) and during a total eclipse it was possible with early 20th-century technology to measure the deflection of light of distant stars that passed near the sun.

No one "actually went out there" to conduct that test of the theory. We just evaluated data that was falling on the Earth in the form of starlight, without our doing anything to create or control it. There's a great deal of science, both on the hard sciences like fundamental physics, and the squishier social science, that can be done only observationally, and that's just fine. Scientists working in those areas have to think a bit harder in order to rigorously test their theories than those who can craft exquisitely controlled experiments.

The first thing you need to be willing to embrace is the fact that we might be wrong about everything. It's not religion.

This is the core truth that makes science work. Science has nothing to do with experimentation, except that experimentation is a useful tool in the areas where it works. The fact that social sciences, climatology and astronomy often can't use experimental methods means nothing about whether they are real sciences.

Comment Re:What does this have to do with science? (Score 1) 570

No, actually most of these just aren't "scientific issues". Scientists, of course, can and even should have opinions on these subjects, but, really, these aren't scientific issues-- these are social issues.

They are issues for social scientists to study. AFAICT, social scientists are studying them, so I don't see the problem. Perhaps the argument is that social science is inadequately funded, but if so the point was not well made.

Comment Bitcoin vs economics (Score 1) 166

I don't see why parent post is modded Insightful. To me, it looks like another bitcoin-hate rant, typical of "I-wish-I-were-an-early-adopter" people.

Nope. Don't have the slightest regret for not getting involved in bitcoin. I think bitcoin is a dumb idea and I think it is important to say why so that people can make an informed decision about whether they want to bother with it or not. I'm sure some people have made a lot of money off bitcoin but I largely regard them as charlatans who found a greater fool.

First of all, it's funny to see opinions such as "why Bitcoin is doomed to fail/succeed". I guess strong opinions have their charm, but the truth is *nobody really knows yet*.

I might not know with 100% certainty but that doesn't mean I can't judge based on the evidence. And bitcoin is far from the first attempt at a new currency and it very clearly has certain known characteristics. I'm not about to pretend that the laws of economics have been repealed for the benefit of bitcoin. It has some advantages and a lot of disadvantages. There are many people telling falsehoods about which are which.

If you look at the reason of "why the gold standard failed", literally NONE of these reasons apply to cryptocurrencies such as Bitcoin.

Sadly you couldn't be more wrong. Almost all of the criticisms relating to the gold standard apply. Basically the only thing bitcoin solves that was a problem in the gold standard is the problem of physically warehousing and transporting the gold if someone demanded it. Obviously with data this isn't an issue. Otherwise it is little different than any other fixed supply asset being used as a form of currency. Same economic rules apply - only the minor details of use differ. And that's a play we've seen before many many times.

As for "It also prevents central banks from being the arbiters of the money supply"... sorry, am I the only one seeing this as a GOOD thing?

Fixing the money supply to an unalterable amount does not solve the problem of the failures of central banks. In fact by all objective measures it actually increases the problems that central banks we created to deal with. Yes central banks do an imperfect job of managing the money supply. But there is no evidence to reasonably believe that bitcoin or any similar crypto-currency will do the job any better. That is just an unsupported pipe dream by bitcoin supporters.

The thing people seem to fail understanding is that Bitcoins are VERY FINE-GRAINELY splittable.

So is gold. Down to the atom if desired. You're failing to illustrate a difference. You can split a dollar in sub penny amounts too and it's done all the time down to 5-6 decimal points in many contexts.

And, in case anybody is even considering that, I refuse to enter into the debate "BTC is fake and without any value, unlike real currencies and gold", because that's just moron.

Bitcoin isn't fake. I just don't think it is a smart idea. It's proponents generally support it for either ideological reasons (typically unsupported by evidence) or sometimes for nefarious purposes. Proponents typically claim it is a cheaper way to exchange funds but that's only true if you don't adjust for risk. It's not widely accepted, has substantial deficiencies as a medium of exchange, is an unstable store of value, is based on still-unproven technology, and has a host of other serious issues. I haven't heard a single argument that I find credible that bitcoin will be the magical solution to the problems of central banks or fiat currencies. To date it largely seems to be attractive to those engaged in activities that they would prefer to remain untraceable to law enforcement and/or taxing authorities.

Comment Deflation does not aid growth (Score 2) 166

i give you B- for economics

Gee thanks professor.

Republic of China had two decades of economic growth while having a deliberately set deflationary monetary policy.

I presume you are talking about Taiwan. Please cite your source for "deliberately set deflationary monetary policy". The Taiwan Dollar exchange rate has varied quite a bit on Forex markets in relation to the dollar but never consistently deflationary.

This is a country that now supplies 90% of world's microchips

Taiwan does supply the most but the number is no where near 90% and to my knowledge never has been.

Comment Re:Holy crap is this company ever user hostile. (Score 1) 235

So only allow pairing a new scanner when the device is unlocked.

That sounds good, and I actually typed a long paragraph agreeing with you but pointing out concerns about complexity and the difficulty of getting such a complicated solution that must touch several layers of hardware and software right... until I noticed the fatal flaw. The basic problem is that you're assuming that everything will work correctly, but that is what security engineers specifically must *not* assume, except when and where it can be adequately justified. In this case, you neglected to consider what could happen if iOS were compromised. Sufficiently-privileged malware could install its own key in the scanner when the device is unlocked, providing a way to remotely obtain a copy of the user's fingerprint. That's not a security problem (fingerprints are not secrets), but it is a pretty serious privacy problem. Not for most people, since malware that can exploit vulnerabilities to obtain root can already extract all sorts of personally-identifying information (PII), but there are people who have good reason to keep PII off their device, and enabling remote access to their fingerprints would be very bad. There are some other, less serious, problems as well, such as enabling a remote DoS of fingerprint auth functionality.

For this sort of system, we really need mutual authentication. The matching hardware cannot trust livescans from any device other than the correct scanner, or you have a security problem. The scanner must encrypt livescans so no device other than the correct matching hardware can decrypt, or you have a privacy problem. It must not be possible for an attacker to violate these guarantees, especially not in a remote, software-only attack. In a local attack we worry less about privacy because the atttacker almost certainly has access to the user's fingerprints.

Mutual authentication is very easy to bootstrap from a shared secret. It's also possible to bootstrap it using PKI but this adds complexity which the scanner probably cannot handle, as well as opening potential security holes; an attacker who can extract the relevant key from any device can pretend to be that device to any other. So an attacker that uses electron force microscopy to extract secrets from one phone could use those secrets to compromise any other phone. That could be mitigated by batch-level PKI (different root keys per batch), but that creates a lot of supply chain management problems -- and still doesn't really make the devices replaceable by third party repair shops.

Personally, I'd probably take a different approach based on bootloader-coordinated key agreement at each boot. As long as there's a way for the scanner to securely know when the device is booting, which can be done -- though it's a *lot* harder than it appears -- this provides a basis for establishing a shared secret that is secure against a remote attacker (there are good reasons to assume the bootloader cannot be remotely compromised). Against a local attacker, we don't worry about preserving the privacy of scans. This reduces the problem to one of ensuring that the matching hardware will only accept scans from authentic scanner hardware. PKI is probably a reasonable solution to that; the scanner only has to sign one message with a factory-burned private key, and deliver a public key cert. An attacker who extracts the private key from one scanner can fake it to other devices, but only in a local attack. This isn't quite as secure against local compromise as Apple's, because in Apple's the attacker would need to extract the secret from the scanner of every device they wish to unlock, which is expensive. But it's a reasonable middle path that allows third-party repair.

In the Android world, my approach would be preferable even ignoring third-party repair issues (which, honestly, I would probably not consider), because it would eliminate the need for every OEM to securely manage the keys needed to authorize pairing. Apple can do this key management and do it well, but many Android OEMs cannot.

Were I working for Apple, I think I'd have done exactly what they did. Not to prevent third party repair, but because it's the simplest and most secure solution, given Apple's capabilities and resources. Since I work on Android, we have to think about how stuff will work for OEMs that don't have Apple's capabilities and resources... and also think about how to make it hard to screw up, since not all OEMs are great at security.

I should note that I have put very little thought into the above strawman design. Were I doing it for real I'd more clearly define the threat model, including what attack vectors I am and am not trying to mitigate. I'd also probably put some more thought into how to structure it so that it's very hard to get to bootloader implementation wrong; ideally, no secrets should pass through the bootloader and any mistake in implementation should simply cause things not to work, rather than compromising security.

Comment Exchange rate risk and fixed money supplies (Score 5, Insightful) 166

Bit coin is slowly limiting the supply of new bit coin (by design), which drives up the price of bitcoin.

Correct. This is because the makers of bitcoin were under the (incorrect) belief that having no ability to adjust the money supply quickly (ala the gold standard) is beneficial and failed to understand why such a system failed. Those who don't learn from history are doomed to repeat it.

So every time you go to buy a good or service you spend less bitcoin because its value has increased.

Not necessarily true. Just because the supply of bitcoins is (roughly) fixed it doesn't mean the demand for them is fixed. The price can and does go both up and down with great regularity.

I see a problem emerging when someone says they want to get paid in a fixed amount of bitcoin per hour.

That would be no different than saying you want to be paid a fixed number of dollars per hour. Inflation/deflation are real things with real consequences. Doesn't matter if you are talking about bitcoins or dollars. The difference of course is that you can buy most things with dollars but very few things with bitcoins so you are experiencing exchange rate risk in addition to simple inflation/deflation.

Comment Re: Identification, not authentication (Score 1) 204

I always like a good discussion about security. But since you state you are prejudiced, I'm not going to waste my time at writing a response.

I did not state that I'm prejudiced. I said I suspect your counterarguments are flawed. You apparently agree since you aren't even bothering to make them.

Comment Re:Smart move. Nuclear Fission isn't cost-effectiv (Score 2) 347

That's the plain and simple truth. Nuclear Fission only looks like it works if it is cross-funded by obscene truckloads of taxpayers money

That's true now. It wasn't true forty years ago. Oh, nuclear fission was never the "too cheap to meter" dream originally touted, but it actually was extremely economical for a couple of decades. If you'd like to understand what changed, read this.

Comment Hypocrisy (Score 1) 478

How many of the people here complaining about others buying "too much car" then go home to their glass houses to fire up their overclocked 5GHz i7700k processor, dual 1080Ti monster gaming machines?

A reasonable point though one should point out that even the most power hungry PC doesn't consume anywhere near the amount of fuel a car does and the pollution metrics aren't even close. Nevertheless it is hypocritical.

Comment Strawmen galore (Score 1) 478

I know people here in Japan with 800+HP cars who have drag raced on public roads.

I know people in the US who have done that. It's not legal either place for very good reasons because it isn't safe and cannot be made safe.

Late nights, low traffic, straight roads, experience from drag racing closed tracks AND the street, roll cages, etc....yeah, it can be reasonably safe.

Bullshit. It's barely "reasonably safe" on a proper drag strip where they have actual safety equipment like fire trucks and EMTs. It is never "reasonably safe" on public roads no matter how much you rationalize it. Your argument is akin to arguing that drunk driving is safe because most of the time people don't get killed. It's a faulty analysis of the risks involved. Drag racing on public roads is a great way to find yourself in jail when someone gets hurt - which happens with regularity. Spend 20 seconds on google if you need actual examples.

Also, newsflash: EVERYONE who is even born in an industrialized country is taking a Cleveland Steamer on the chest of the environment, just by existing.

That's a pathetic excuse for trying to justify purchasing an 800HP gas powered car.

Considering that automation/robots/AI are making human labor obsolete...

Umm, what kind of bullshit are you talking about now? This has nothing to do with the topic at hand nor is it actually true.

I'm not advocating genocide, I'm advocating reduced birthrates, globally.

Holy off topic batman. I think we are done here.

Comment Thermodynamic limits (Score 1) 478

People were saying that back in the 90s. Heck, they were saying that in the late 70s.

And they were right. Internal combustion engines have improved notably (and will continue to improve) but even so the differences from a 1970s engine to a modern one are modest improvements. Their efficiency has risen a few percent and literally cannot go substantially higher because they are reaching the thermodynamic limits of the materials available to us. Even using turbochargers and other efficiency aids most ICEs have an average efficiency around 20% and even in the best cases cannot get much above 35-45%. They are limited by the material properties of the engines and the various operational tradeoffs. Electric engines are typically upwards of 90%-98% efficient which is an efficiency no ICE can hope to achieve or even approach. While I'm hugely oversimplifying the efficiency comparisons the point is that we know for a fact we cannot make an ICE that is even close to the efficiency of an electric motor and we've known that for a century. The reason we haven't already switched is because battery technology has only now reached usable levels of power/weight and cost.

Thermodynamics is a harsh mistress. We have for all practical purposes reached the thermodynamic limits of ICEs so to make substantial improvements we will have to move to a different technology. Baring something unforeseen, electric motors appear to be what will replace (or supplement) the internal combustion engine for most vehicles. The limitation on electric motors is fuel storage density which is a problem with far more headroom than trying to eek out a few more percent gains from ICEs.

Slashdot Top Deals

It is better to give than to lend, and it costs about the same.