Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment A few obvious corrections (Score 1) 53

First, DES is 56 bit (near enough 60). Triple DES as per first mode (the authorised standard) is 168 bits. The article fails to distinguish, implying the authors are just a little bit naff. 3DES seems to be quite safe, as long as not used in DES emulation mode. And who the hell emulates a mode that was broken in the 80s?

Second, Blowfish was replaced by TwoFish, ThreeFish and Speck. Skein, an entrant to the DES3 challenge, makes use of ThreeFish.

Third, the Wikipedia page states it has been known for a long time that weak keys are bad. This particular attack, though, is a birthday attack. You can find all the ciphers vulnerable or free that you should be using. Anything not on the list is something you are solely responsible for.

In other words, this information is about as useful as telling up that Model T Fords weren't good at cornering at highway speeds. Below are some links, I can't be buggered to HTML-ify them.

I do not trust most encryption software these days, but that's because programmers these days are sloppy and arrogant.

Comment The question was settled in the 1970s. Just don't (Score 2) 103

Why must you record my phone calls?
Are you planning a bootleg LP?
Said you've been threatened by gangsters
Now it's you that's threatening me
Can't fight corruption with con tricks
They use the law to commit crime
And I dread, dread to think what the future will bring
When we're living in gangster time

Comment This is why... (Score 1) 621 want something akin to Mondo cards, only with all the knowledge that has been developed since on contactless payments and strong access security. Once you have cards that require no network, no central bank and no other external dependencies beyond the communications protocol, there is nothing that rogue officials can do to confiscate your money.

For those not aware of the history of cashless societies, Mondo had tamper-proof strongly encrypted cards that could act like cash. You could transfer money between cards. There was no risk of anyone setting the card to a prior state as any attempt to break into the device destroyed it. This did mean only one vendor made the cards, but we've come a ways since then. The Orange Book and EAL standards cover tamper-proofing and unauthorised writes to memory. Other standards cover application software design and protocol design. All you need is for card vendors to get certified against the general standards, financial transaction standards and the standards specific to some open specification. Vendors can then get encryption keys signed by such a standards verification body. So it would be a procedure similar to the old Level 3 SSL certificates but with all the extra verification layers you'd expect from the FAA or DoD.

You now have cashless, bankless, networkless anonymous financial activity on par with the Shadowrun fictional series, only a good deal more secure still and without having to physically transfer objects. Contactless transfers using unlicensed spectrum at very low power would require the sender to be in range of the intended receiver and to press some keys. That's it. Same sort of range as a key fob. Communication would be by encrypted link, using an authenticating + validating mode to prevent MitM attacks or other attempts at altering transactions.

What could the cops do? Well, they could confiscate any device they didn't recognise. That might not go down too well, though. They could confiscate the card, but as you can do wireless card-to-card transfers with this scheme, there's no guarantee they'd have confiscated any actual money by doing so. They can't determine if you did or didn't, except with the access code. It's not a computer, per se, as it doesn't need to be Turing Complete, and it's not an account, so there's no law on the books that requires that access be given.

Because the device complies with international banking laws and the PCI processing regulations, it would be legal to use such a card. It would be an authorized, licensed financial transaction processor between brick-and-mortar financial institutions, it's merely using the older networking method of store-and-forward with packet fragmentation and fragment reassembly. All perfectly legit operations. Because PCI governs logging, the device is compliant with all tax evasion and money laundering laws. There aren't any laws saying anyone has to actually access that information, the only laws that currently exist merely require that they can if authorized for a lawful need. Let the Feds figure out how to deal with that without making impossible demands of traveller's cheques and cashier's cheques, which can also be used as money equivalents.

Comment Re: Pointless and Useless Speculation (Score 1) 559


The SKA interferometer will be able to directly see a planet's atmosphere at a range of 100 light-years. If two or more gasses are present where they react in each other's presence AND the ratio of those gasses is stable over time, you have concrete proof of life. This cannot be achieved by known (or unknown) natural processes, a dynamically maintained equilibrium that would cease to exist through any process other than direct action requires a biological process.

Actually, it requires at least two. Any organism that tries to make things favourable for itself must necessarily alter some second dynamic to be unfavourable to itself. You cannot do more work without producing more byproducts (conservation of matter) that are in a lower energy state (conservation of energy, since energy has been taken out) where some of these are toxic to the organism (if it wasn't, it would be processed for energy and matter until it was toxic).

So, one organism always produces an instability. Two is the minimum. The more you have, the more stable the dynamic becomes as there are increasingly better solutions to the set of equations. If an organism develops that tries to exploit the equilibrium (which is inevitable), the equilibrium is lost and the new organism is put at a deficit. A new equilibrium will emerge as a result.

This, by the way, falsifies Nash's argument against his equilibrium. The equilibrium is an emergent phenomenon, so if the dynamic changes, the equilibrium changes. Nash made an error by assuming a dynamic equilibrium has to itself be around a static point. No. The dynamic equilibrium has one Strange Attractor per class of actor in the system. That really should have been obvious and I'm honestly shocked Professor Nash did not see this in his original work or his later appraisal.

Now we get onto communication. Could, in principle, a SKA-class array or the half kilometre single dish in China, be used to communicate at a distance of 100 LY to a civilization of like ability?

Much more difficult. The so-called waterhole is the obvious line to use, as there is virtually nothing natural emitting there. Incredibly quiet. Long baseline interferometry can be used to cancel out much of the random noise from individual telescopes, terrestrial sources, etc, as can long timebase interferometry. So you're essentially taking a lot of radio-frequency photos that are, themselves, taken with a very long exposure time. Stuff in common accumulates, stuff that's different cancels out.

A sufficiently slow, pulse-modulated, message at that frequency will be extremely obvious above the noise, even if it's well below noise level any given instant. You're relying on the fact that noise is random, so that the average can be set to zero. The objective is to guarantee that the signal, after sensitivity, loss of strength and less-than-ideal capture time, strictly exceeds zero at the desired distance.

Once the law of big numbers kicks in, noise is not an issue. The average of any number of zeroes is zero. What matters is signal. If the pulse, transmitted for a second, would be 3,600 times too weak, transmitting for an hour would mean that someone capturing for an hour would detect the pulse.

Interferometry means you can also use constructive interference. Even Linux supports nanosecond accuracy and data from nanosecond-accurate PPS sources, and there are atomic clocks now that are millions of times more accurate than the official definition of the second. With that kind of gear, getting the phase such that the waves constructively interfere wherever we want is not going to be difficult. We know the phase difference already, because powerful natural radio sources must be visible from all telescopes and that same accuracy tells us how out of phase they are relative to said source.

Is that enough to go 100 LY, though? Even if both planets were ringed with telescopes, you're limited to less than the shortest year of the two per pulse and one pulse is not enough to say hello. To be unambiguous, you need a prime number of prime numbers signalled by pulses. Preferably pulses short enough that someone will notice there are some to notice.

Probably not 100. 50 would quadruple the chances of detection by any life but would butcher the chances of there being life to detect it. I don't think you can go below 25, just not enough candidate worlds, and the probability of detection only quadruples again.

A pulse of an hour duration is probably acceptable, short enough for someone to detect something strange but long enough to have enough power to stand a chance of, again, someone detecting something strange. After that, it's just a case of proper summation.

Signal power, itself, is the least important part as it falls off with the square of the distance. The challenge is to make it irrelevant, just as you make each emitter very low power in a gamma knife but very powerful at the point of interest.

Even so, you need enough bits for the sum to matter. SKA might not quite be up to the task.

Ok, it's probably not possible to transmit yet. Receive, yes, but it might take another 50 years for transmission to a reasonable number of stars to be possible.

Comment Re:Like an opinion article (Score 1) 381

"Starvation mode" has been shown to be a myth. It comes down to basic math, calories in vs. calories out.

If you eat less and work out more, you lose weight. You do the opposite, you gain.

There's no way for the body to "magically" get fat when eating less. That violates the laws of thermodynamics. Sure, the rate of how quickly you gain or lose weight may change (e.g., when you eat less or change your macros to consume less sugar, you may find yourself being more lethargic in the short term until you get used to it, and so you will burn fewer calories). Or, as you lose weight, you need fewer calories (because there isn't as much of you to support).

But a calorie is a calorie and reducing ~3500 calories results in about 1lb of weight loss. Is it exactly 3500? No. Why? Because there are so many other variables at play. But is it closer to 3500 than, say, 500 or 10,000? You bet.

Comment In a lot of ways it was very annoying (Score 3, Interesting) 264

Anyone could post anything, it was Rational Anarchism in the mould of Heinlein's philosophies, and I found most of the content ended up being drivel as a consequence. Still, diaries were a lot more successful than the Slashdot journals ever were, so it had something going for it.

The source, Scoop, was maintained for a long time and that probably contributed to its demise. However, there were some interesting ideas in the code and I hope someone uploads a copy somewhere. I far prefer the cleaner interface to the one Slashdot uses, heavy interfaces aren't portable and the decreasing support for web standards by the major browsers isn't helping. A major reversion to lighter footprint pages will be necessary at some point.

Going back to the philosophy of Rational Anarchism, K5's failure to survive shows that said philosophy has limits. It has been out-competed. Slashdot is closer to the Benign Dictator philosophy that has served Open Source so well. Slashdot suffered heavily from an excessive of business involvement and loss of focus, but has partially recovered. As long as Slashdot works hard to rebuild the number of active users (even passive users), the trolls will fade to black and Slashdot will survive into the future.

Slashdot, at one point, had a couple of thousand active users and over a hundred thousand passive readers - figures that national newspapers would struggle to compete with. It's a total comparable to the best The Guardian ever managed. That proves the impact these sorts of sites can have. The heaviest threads here have had more warranted +5 content than a BBC Horizon documentary, Question Time and "I'm Sorry, I haven't a clue" combined.

But precisely because these sorts of site have such a large potential market, they should not go extinct. Rusty gave up, for whatever reason, and the lack of maintenance is likely a major factor. Slashdot isn't exactly thriving, but it is surviving.

The two attempts by Bruce Perens to run a Technocrat website shows that maintenance alone is also not a factor. A site has to have good quality content, adequate security, adequate bandwidth and a feel of involvement. There were some... problems with some of the stories posted, almost certainly not intended, but the underlying Zope had problems and the Technocrat software wasn't brilliant at checking input for errors.

But, yes, this is a sad day.

Talking of sites that are dead, I would dearly love to revive Freshmeat/Freecode. I have no objection to writing my own software, I know that the maintainers were concerned about the underlying software entering circulation and I want to reassure the current owners that if they were willing to let me take over, I would be willing to write my own versions of anything considered proprietary.

I think the site was shut down in error, but I would not ask others to invest time and effort simply because I think something. I expect to be expected to show that I'm right, on my own dime, on my own time. And, should I do so, if whoever currently owns it wants it back then I'd respect that wish. That's the whole point of this "community" thing, in my opinion. Nobody else has to believe that, how can you possibly lose by me believing it?

The same would be true for Kuro5hin. If Rusty wants to let me have a go at getting Scoop up to scratch and running Kuro5hin, on the understanding that if they want it back if I succeed then I'd not be predatory about it. I'd rather have the community functioning and to hell with who runs it.

Submission + - William Trubridge completes a freedive of 400' (

jd writes: The world record for freediving now stands at 400'. Competitive freediving requires that a person dive with only one breath of air and without aids to help withstand the pressures. At 400', William was exposed to pressures roughly sixteen times that of the normal atmosphere. His body was compressed such that the internal and external pressures matched, so you can figure out what this would have done to things like his heart, kidneys, eyes, and so on. In order to be considered as completing a dive, the person must return to the surface, get on-board a support ship, make the ok sign and say a phrase, I think it's "dive complete". The object of the ritual is to detect physical damage (to body or brain) that can't otherwise be detected. 400' is not the furthest competitive freedivers have gone. The greatest depth achieved by a living diver (who failed to complete the ritual due to extreme damage) is twice the new record, 800'. Herbert Nitschs so nearly held a record that wouldn't have been broken for decades. He did reach 800' and return to the surface, but the effect of the dive wrecked him utterly. For what it is worth, we now know humans can survive 32x atmospheric pressure, but it's not obvious the cost was worth it.

Submission + - 3 Years Ago, Microsoft Said Tech Should Fund K-12 CS Education. What Changed?

theodp writes: Last week, Microsoft and some of the biggest names in tech and corporate America threw their weight behind a petition that urged Congress to fund K-12 Computer Science education. The petition, started by the tech-backed CS Education Coalition (btw, 901 K Street NW is Microsoft's DC HQ) in partnership with tech-backed, now has 90K+ supporters. But three years ago, Microsoft backed a very different petition that called for corporate America to foot the STEM education bill. "While the need to expand high-skilled immigration is immediate," read the letter to Congress, "we also need to expand STEM opportunities in U.S. education. A positive proposal has emerged in Washington to create a national STEM education fund, paid for only by businesses using green cards and visas. This fund will help prepare Americans for 21st-century STEM jobs. The proposal is supported by a broad coalition that includes Microsoft, GE, the National Council of La Raza, the National Association of Manufactures, and the National Science Teachers Association, to name a few." The earlier petition, which wound up with 41,009 supporters, was started by Voices for Innovation, a self-described "Microsoft supported community" that says it's now "proud to support the Computer Science Education Coalition" as part of its efforts to "shape public policies for our 21st century digital economy and society." So, what changed? Well, Mother Jones did warn that what Microsoft promises and what it delivers for education isn't necessarily the same!

Comment Re:That came in at a pretty steep angle (Score 5, Interesting) 206

There are two reasons that I've seen.

Because the rocket is almost out of fuel, even burning only one engine at minimum throttle, the thrust to weight ratio is more than one (ie, the rocket would fly, not land). So, they can't hover, they have to hit the ship and shut the engine off at the exact moment that the velocity is zero (or very close to it). So, to help with that problem, they come in at an angle which helps consume at least some of the thrust in a direction that isn't upward.

The second reason is, as you say, to protect the landing platform. If they run out of fuel (or the engine fails or....), the stage just drops into the ocean rather than crashing into the barge at a very high speed. That said, based on their last several failed landing attempts, that barge can take quite a hit and stay in one piece....

Slashdot Top Deals

"Kill the Wabbit, Kill the Wabbit, Kill the Wabbit!" -- Looney Tunes, "What's Opera Doc?" (1957, Chuck Jones)