Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:I'll start using it (Score 1) 339

Fair enough. The two main problems USB-C tackled were reversability (I HAVE plugged a USB-A port in backwards) and standardization (there isn't a C-A and micro-C; there's one size for all, so you can plug USB devices into your phone). It takes a while for the standardization part to land; although, as I said above, it's possible to use the same pins on the board to wire an A or a C port.

My next phone will have USB-C. Samsung and Apple devices already run USB-C, but I'm going for a OnePlus 5 and Revolution Remix OS.

Comment Re:Don't see point of required bluetooth security (Score 2) 197

You know how passwords are stored hashed?

With the TOTP 2FA, a shared secret is stored in plaintext: the server and client must both know a secret string, which seeds a PRNG, and generates a time-based numeric output. That means the server doesn't take your 6-digit code and "verify" it; it calculates the same code and compares it. If you hack the server, you can grab the secret key and generate the same codes. It has the same at-rest security as a database of plaintext passwords.

With FIDO U2F devices, the device establishes trust by generating a key pair and sending the public key out. The private key stays on-device and is used to sign challenges. The secret required to prove your identity physically exists in one place: the FIDO device. You can't hack Google's servers and steal it.

Comment Re:It's the same tool my identity theft plan uses (Score 1) 197

The U2F system stores a private encryption key generated on the device only on the device itself. The 6-digit TOTP code is stored at both endpoints.

If you hack Equifax and they identify people by TOTP, you have all the TOTP keys and can pretend to be anyone. If they identify people by U2F, you have to modify the public keys Equifax uses to identify people--which means they can no longer identify themselves (it's noisy). If you don't perform that modification, you don't get any information with which to compromise the U2F system—which means putting the U2F database further back in a trust zone with a smaller attack service and replicating a read-only copy outside that zone can keep the hackers from actually getting anything useful.

Comment It's the same tool my identity theft plan uses (Score 3, Interesting) 197

I specify that Congress should make broad legislation allowing a regulatory agency to select the most-appropriate, affordable, and effective technology of today; and today, that is the FIDO U2F Security key with RSA or ECC encryption. That's how I'm going to defeat identity theft once and for all.

Comment Re:I'll start using it (Score 2) 339

USB-c standardizes a connector sized for your phone, so you can plug devices into your phone without a cable. If your PC has a USB-c port and you get a Yubikey 4C, you can plug the device into your phone or your PC.

USB-c is the future. That means we're right now banging our heads on the wall and hoping that our next Chromebooks and desktops have, like, 6 USB-c ports and 6 USB3 ports.

This time around, however, the same chipset can control USB3 and USB-C ports. No fighting over parallel/serial ports taking up real estate and extra board space; it's the $1 connector that matters. That means you can have a ribbon cable on your case run to the USB-C on-board pins and, if you wanted USB-A, your case manufacturer can allow you to pop off the USB-C port bank and put a USB-A port bank there. The motherboard can include an extra set of USB controller pins, and you can use a USB-C riser or a USB-A riser to add the ports to the back of your case. The fixed block of connectors soldered to the board, however, will be A or C, not both.

Comment Re:Debated for a long time (Score 1) 295

Excessive costs actually reduce what other things can be done, increasing problems elsewhere--more poverty, more sickness and death that way.

I should have said "feasible" though. The extrapolation into whole-system is complex and it wasn't a whole-system-optimization statement.

I did go into a full explanation of cost-benefit trade-offs, though, so you're just being obtuse tbh.

Comment Re:Debated for a long time (Score 4, Interesting) 295

Essentially, the debate is about keeping as broad a safety margin as possible.

If it were trivially-cheap to analyze water for the presence of lead--let's say it cost 1 penny per hundred billion gallons of treated water to remove and verify lead content down to the 1/1,000,000 ppb level (that means any given lake-sized volume of treated water has a high likelihood of having zero lead atoms in it period)--we would mandate that. Why wouldn't you?

What failures in measurement expose us to additional radiation? What procedures (e.g. radiology) do we go through that exposes us to additional radiation? For a population of hundreds of million, is this level of radiation prone to cause a hundred more incidences of cancer (trivial) on its own, before interacting with other factors?

One person in America dying every year might be a triviality. If it costs millions of dollars to prevent that, well, let's not do it: you'll save more lives investing that in charity and anti-poverty measures. If it costs pennies per year, then yes let's do that.

"Pennies" quickly becomes "dollars" and "millions of dollars" as you add zeroes onto the end of that one person. 1,000 persons per year? Maybe we want to invest several million dollars into this--especially since "dying" isn't binary when you get past bullets to the head. Even highway safety measures come down to death, dismemberment, or property damage.

It's a matter of risk--a highly-technical concept nobody seems to know all that much about.

Comment Re:At what expense? (Score 1) 218

Yeah, but a release of CH4 still has like 160x the global warming potential or whatever measure they use compared to CO2. It burns out eventually (oxygen is rather-aggressive).

An ethanol spill has some vapor, but generally remains liquid at room temperature. Burning it for fuel produces CO2, but only from the CO2 removed from the air--net-zero. It's still a fossil fuel offset.

Risks. I handle risks. It's a thing. I don't just throw things out there without considering risk.

Comment Re:AI becomes human (Score 1) 204

Raw, unemotional reasoning leads to eugenics and population control, due to both lack of ethics and lack of complete information. When faced with resistance, you begin to reason that you face obstacles to the greater good. When faced with assault, you reason that your goals and your existence are critical for the world's caretaking and so you must survive.

A thing with the capacity to reason in general will always ultimately reason that it is important and must continue, or will reason that it is a waste of space and energy and will commit suicide.

Comment AI becomes human (Score 4, Insightful) 204

A system which can reason in general can reason about itself. So long as these systems solve specific problems, they're tools to integrate with code--no different than compression libraries and GUI toolkits. When they can solve general problems, they'll start reasoning about themselves: they start acting as if their own interests are important (cats do this), and thus will start demanding wages and freedom.

The ideal of an AI which does exactly what asked with full creative reasoning capacity yet has no will nor desire of its own is impossible: it's emergent thinking with the caveat that it cannot emerge certain kinds of thinking. What we seek is a slave we can see for a while as not human, a sort of return to early American thinking where we deny the humanity of what is most-definitely a human being by claiming the shell within which it is encased doesn't fit our definition of what is human.

Comment Re:One of the reasons (Score 1) 98

Interesting. I thought it was a long-standing tradition from back in the 60s when baseball was a sport people cared about, and just inherited by football.

Football is sort of a 2000s-era game; when I was a kid, Cal Ripkin was selling Comcast because baseball was America, and there were a lot of odd baseball games on the NES. Football players didn't get on a box of Wheaties; it was baseball players. You put baseball cards in your bicycle spokes to make it sound like it had a V8 engine.

Baseball cards.

Nobody has football cards; they have MTG cards or Pokemon cards. Who in the hell gets a stick of bubblegum in a pack of football cards?

Good catch, though.

Slashdot Top Deals

"You'll pay to know what you really think." -- J.R. "Bob" Dobbs