Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:What are the current options? (Score 2) 114

VirtualBox is open source. Having a lot of Oracle contributors doesn't make much difference. Oracle may decide to make a closed fork, but the builds for FreeBSD and in most Linux distros' package systems are from the open source tree, so they'll keep being supported even if Oracle decides to do something evil.

Comment Re:Now it gets worse. (Score 2) 999

And does cutting government services help the poor? The rich can typically opt out of them: send their children to private schools, buy private security, pay someone to take their rubbish away, drink bottled water, go abroad for heath care, and even use stock and currency markets so that they're not reliant on a single government's currency.

Comment Re:Thank goodness (Score 4, Insightful) 999

For society as a whole, we single payer countries tend to see better results. But per person, the healthcare in the US is the best. Assuming you have a good health insurance plan.

The last sentence here is the important one. And it means that, if you are either wealthy, or have a good job and no preexisting conditions (especially the kind that would stop you working for a bit) then you're better off in the USA. Or, to put it more cynically, US health insurance is a great deal, right up until the point where you need to make a claim.

Comment Re:Just use RSA (Score 1) 105

Luckily, it's not too difficult to build a CPU which performs fully homomorphic operations. The math isn't even beyond high-school level (it's about on par with RSA). The primary issue right now is speed.

The primary issue with homomorphic encryption is speed, in the same way that the primary issue with running Quake 4 on EDSAC is speed. No one has come up with a general-purpose homomorphic encryption scheme that doesn't also come with a slowdown that is so many orders of magnitude that you would get faster results doing the work on your mobile phone than in Amazon's cloud with homomorphic encryption. There are some special-purpose schemes for simple database queries, but each primitive operation you need (at least) doubles the total dataset size (and insertion / deletion times).

Comment Re:Waitaminit... (Score 5, Insightful) 233

No, the argument is that it can happen if someone decides that it's worth doing. Just making the code open doesn't mean that anyone will read it. It does, however, mean that:
  • You can build it yourself, so you know that the code that is audited is the code that is built (modulo toolchain trojans)
  • You can audit the code, or pay someone else to do it, without permission from the original authors beyond their original license
  • You can fix any security holes that such an audit turns up (or pay someone else to do it, again without requiring permission from the original authors beyond their original license

Comment Re:My favorite (Score 1) 211

I would not expect that loop to have any impact on performance. Once the code is in SSA form, it's obvious that it's a fixed-length loop and that it's side-effect free, so constant propagation will eliminate it. If you want to write a slowdown loop, your best bet would be to make counter volatile, so that the compiler is not allowed to elide the reads. In Java, you can make it a static public volatile field and that will have the added bonus of making everyone who reads it wonder where it's modified and what the effects are...

Comment Re: We don't bother with sidearms, we use BIG GUNS (Score 1) 292

It's been about 15 years since I fired or stripped one one, but doing so made me very glad that I was never in a position where my life depended on its correct functioning. Lots of moving pieces, all manufactured at too low a tolerance, any one of which could cause the weapon to jam (or worse). I'm glad they finally got the kinks worked out, although possibly if your navy chum has been using them all this time it's a case of stockholm syndrome finally getting to him...

Comment Re:Bullshit (Score 1) 299

A webmail provider (like Google) has to be able to see what your email is, even if only because they are sending you the HTML containing your emails

They have to store it. They have to provide a mechanism by which you can index it. They don't have to provide a mechanism to search all email on their servers, because that's not something email users want (or have access to), it's only something that they need for advertising. And it's difficult to implement. Email on Google servers is stored spread over a huge number of machines, in a number of datacentres. Implementing a search function that (quickly and efficiently and without impacting performance of email access and delivery) that lets you run arbitrary complex queries on this data is far from trivial (Google people have given some interesting talks over the years about how it works).

Everything Ive seen suggests that the Google et al taps were done via tapping at the ISP level or else sending NSLs, neither of which a company can really do much about so long as they are based in the US.

They send NSLs, and what do you think they say? The NSA says 'give us access to the search infrastructure that you've built for your emails'. Now they can run queries like 'who sent an email containing these keywords in the last year' or 'what is the transitive closure of correspondents with this email address'. If Google didn't already have the infrastructure for running these queries, they'd be able to reply 'we don't have the ability to do that and it will cost several million dollars to implement', but they'd already built it.

While Im not happy with that, I fail to see how the use or lack thereof of XMPP somehow presents an obstacle to the NSA.

If a GTalk user comes under suspicion as a terrorist, then the NSA will request their entire social graph to a certain depth. If all of they are communicating solely with other GTalk users, then just searching the information Google has gives you everyone that has talked to anyone who has talked to the person under suspicion, and so on. If they've talked to other users on federated XMPP servers, then the NSA can't do anything passively. They get the single-hop information, but because XMPP traffic is encrypted by default they probably can't get anything from the remote server by passive interception. So they have to either compromise the remote server (risky if they're discovered) or send another NSL. Both are within their capabilities, but now it becomes a matter of actively investigating someone, rather than passively scooping up all of the available data.

Comment Bullshit (Score 5, Insightful) 299

You know why the NSA was able to search social graphs and emails so easily? Because all of those pro-freedom Silicon Valley companies (Google, Facebook, Yahoo, Microsoft, and so on) had already built infrastructure for doing so for the purpose of selling adverts. The NSA just piggybacked on existing system to look for other information. If Silicon Valley had really cared about individual freedom, Google would have been pushing federated, decentralised services with no single point where you can insert a tap. Instead, what has happened since we've learned about the NSA's involvement? Google has replaced federated XMPP in GTalk with non-federated XMPP in Google Hangouts.

Comment Re:Summary says it all (Score 2) 634

You realise, I trust, that one of the reasons why people moved away from metal-backed currencies is that they were too volatile? A new large deposit is found, the currency inflates. A new high-demand use is found, the currency deflates. A more efficient material replacing it for a large industrial uses, the currency inflates.

Slashdot Top Deals

The trouble with opportunity is that it always comes disguised as hard work. -- Herbert V. Prochnow