Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:FIPS 140-2 4.9.2. The Other Back Door. (Score 1) 168

Perhaps I will phrase the question in a more helpful manner.

Let's take it as read that you are indeed a (possibly former) Intel employee who worked on RDRAND. Given the black box nature of the RNG and the fact that some time ago someone posted anonymously to Slashdot claiming that a small number of chips were jinxed so that RDRAND was predictable, do you know of a good way to rebuild confidence in the integrity of a particular chips RNG?

More generally, do you have any interesting thoughts on the topic of building trust in blackbox hardware, whether it be an RNG or otherwise (e.g. Intel SGX)?

Comment Re:There is a major difference (Score 3, Interesting) 132

Hey Kasper,

It's Mike H, remember me? We used to work together in SRE ;) How is the startup going? I have also recently moved on from the big G.

Now. When this thing first started to bubble up, I didn't feel very concerned either. OK, so I got fewer emails from recruiters than otherwise would. No big deal, not like there was exactly a shortage of those.

However, I just want to point out one thing:

I would only consider there to be a real problem, if facebook would reject resumes submitted by candidates, just because they happened to work for Google. I have seen no evidence of such a practice existing.

Did you read the article? It seems that the only reason such a situation did not occur is because Sandberg told Google to pound sand. During the time in question, these emails clearly show that a very senior Google executive was directly asking Facebook not to hire Google employees, even if they employees in question wanted to go work there and what's more, good corporate relations were being pegged to that demand.

I must admit, I never knew much about Rosenberg and don't have many memories of him (can't even recall what he looks like). But regardless, this paints Google in a very negative light indeed. Rosenberg was willing to threaten other companies in order to make them stop not just pursuing but actually hiring "his" people. Facebook refused, but who knows what other companies didn't? Was that really the only time he took that approach? Was this a Rosenberg-specific moment of madness/idiocy or does it run deeper? I await further discovery with great interest. Even if this was a brief failure on the behalf of just one executive, that's still completely unacceptable and Rosenberg needs to be fired, now. Employees are not assets whose freedom of employment can be traded for corporate deals and to treat them that way is completely unacceptable.

Comment I'm kind of of the opinion that... (Score 4, Interesting) 449

...these supercarriers need to be advised that any service they plan on replacing POTS with, will fall under common carrier regulation, and they will need to get approval from state regulatory boards for price modifications, service level changes, and the like. Under Common Carrier regulation, they will have to open up their service offerings to competitors at the same rates they charge their internal providers, i.e. their Internet Service capability will have to be available to companies like NetZero, at the same rates that they charge their own internal ISP organization.

They will also be obligated to build out their infrastructure to provide universal access to provide coverage to every customer they pull POTS services from. That's not to say that they can't make hybrid service available, where they provide some form of a wireless trunk to an equipment stack outside of town that provides local distribution in the same area that they already do this for with POTS. Essentially they will replace T1 trunk hardware at those remote vaults with a wireless T1 system, and presumably none of the customers would be the wiser.

Note, I don't expect that this is how things will play out, just how I think it should. I'm biased, as I am a customer who's worked in the telecom industry.

Comment Re:Tip from a programmer (Score 1) 78

The problem is CAs get suberted all the time into issuing certs they shouldn't issue.

Can you please prove this? Unless you're using a very flexible definition of "all the time", there is no publicly known evidence for this point of view. There are millions of certificates in the world and the number of bad certs is low enough that people can enumerate all the compromises on wiki pages.

Comment Re:Tip from a programmer (Score 1) 78

Fail. SSH has been researched and discovered to not work.

We monitored SSH logs to analyze user behavior when our system adminis- trators changed the SSH host key on a popular server within our department. The server’s public key had remained static for over two years and thus expected to be installed at most user’s machines. Over 70 users attempted to login over the server after the key change during the monitored period. We found that less than 10% of the users asked the administrators if there was a key change and none verified the actual key.

SSL is a hell of a lot better at stopping MITM attacks than anything else humanity has created. Certainly SSH does not even qualify.

Comment Re:I admire their spunk, but... (Score 2, Insightful) 275

Inflation means your purchasing power goes down, deflation means your purchasing power goes up. It's the only definition that makes sense, and per that definition BTC has been, on the whole, experiencing deflation.

Alright. If you insist on that definition please re-read my post substituting the word inflation for money supply growth.

The "central bankers" say this because it is true. Deflation encourages people to hold their currency.

Does it? Who told you that? Central bankers?

Here's some economists who tested the data and found it lacking in this regard. The consumer electronics industry is another market that's been in permanent extreme deflation since basically forever and yet is doing just fine. Having something today instead of tomorrow has real value.

But regardless, the argument is circular - if a closed economy used Bitcoin and prices fell because the economy grew and the money supply didn't, then if the hoarding theory was right the economy would stop growing and prices would stop falling. There'd be an equilibrium point.

Not every company which acquires capital is as useless as a company which makes coats for penguins. Consider most companies which manufacture electronics.

Such companies should make for good investments even when there's no inflation: if your option is to do nothing with your money and either get no return (but also no loss), or more generally a return that's no better than the general rate of economic growth, then you should still want to invest. The only kind of investments that inflation can trigger are investments that people would have left on the table, except having their money vanish was even worse. These are not the kind of "investments" our society needs.

Finally, if the goal of BTC is to avoid "massive booms and busts", I'd say that it has failed thus far. In fact, BTC is much more volatile than the national economy. If that is your criticism of the current financial system, what good is BTC?

Give it time. BTC is volatile because nobody knows its future. It could be anything from "world governments ban it" to "the future currency of humanity". In such an environment it's natural you'll get massive speculation, especially because there aren't many high risk/high yield investments kicking around right now. 10 years from now Bitcoin's future will be much clearer. Government policy will have stabilised, Bitcoin's competitiveness vs the current system will be much more established, it won't be covered in the press every day and in general will be boring. Then I'd expect the currency to be rather stable.

Comment Re:I admire their spunk, but... (Score 1) 275

Random guy here. I may be wrong, but I think you are confusing inflation with deflation. The value of BTC is rising against real goods. So in other words, it costs less in BTC to buy things today than it did last year. This is deflation.

One of the reasons this topic is so hard to debate is people using the same words to mean different things. In my post above, read inflation to mean "the creation of money" independent of prices. This is not how statistical agencies use it, but in the context of mining it's the one that makes the most sense.

Yes, as it happens, last year the price rose significantly and BTC became worth a lot more. However this is not guaranteed by Bitcoin's design and in fact this year the price has mostly fallen and thus prices have risen (price inflation). Whether Bitcoin prices are rising or falling varies over time.

In other words, you could get into a situation where people holding BTC are largely those who have spent a large amount of money mining it, and those who are speculating on its value. For those who wish to use BTC as a token of exchange for goods and services, it can be difficult/expensive to acquire in any quantity.

Miners have bills to pay and hardware to purchase, so they tend to immediately sell the bitcoins they earn in order to pay their costs. Mining is a highly competitive business with low barriers to entry (though they are rising fast along with the general level of professionalism involved), so over time profits should be thin. And this is indeed what we see.

For people who are holding bitcoins to speculate with them, all it means is that the price rises but that doesn't make bitcoins harder to acquire. The unit we call the "bitcoin" is entirely arbitrary: they are subdivisible into 100 million pieces. Satoshi could have placed the decimal point anywhere and it'd still work the same way. I've been using Bitcoin for years and the difficulty of doing so has never been lower.

In an inflationary system, currency essentially expires ..... this is an excellent feature because it encourages the use of the currency, allowing it to get into the hands of people who will use it for true growth

You're parroting the standard line sold to people by central bankers, yet under their watch the world has experienced a series of massive booms and busts. One of the most natural words that follows "financial" is "crisis". So be more skeptical!

Consider the following scenario. You have some savings in a currency with a stable monetary base, no new money is being created and none is being destroyed. Let's also say the economy is stagnant and not growing or shrinking. We would expect in such an environment that prices remain stable. Now someone comes to you and says they have a great business idea: he's going to knit little coats and put them on penguins in Antarctica, then charge tourists to visit and take photos. He wants you to invest in his business.

Perhaps you think that this is a remarkably stupid business idea that is unlikely to turn a profit, so you politely decline his generous offer. You would rather keep the money as savings for retirement instead.

Now reconsider the same scenario, but in a world where your savings are being confiscated at 2%-5% per year. Recall that due to the mathematics of compounding, at a relatively modest sounding 5% price inflation rate, after 20 years $1 has turned into just 0.35 cents: you lost most of it. Very small changes in the CPI can create huge changes in how much you end up with when you're old. In this world, you listen to the penguin pitch with interest. Sure, you think, it's very unlikely that tourists will pay large sums of money to go to Antarctica just to see slightly cuter penguins, but if you do nothing you're guaranteed to lose more than half your money. If you pay for penguin coat knitting, you'll probably lose more than half your money, but you might not. You might lose, say, only 10%, or possibly even break even. So you invest.

From the perspective of a central planner, er, central banker, this is great! Investment is happening! Employment is created! GDP goes up! But what they cannot see through the thick plastic windows of their statistics is that the economic activity their policies created is fundamentally not useful. Nobody really cares if the penguins have little coats. Heck it probably would make them overheat and hurt them. In a stable environment nobody would "invest" in this obviously stupid waste of time. But inflation makes the stupid suddenly seem like a good plan, and you get or housing bubbles.

Comment Re:I admire their spunk, but... (Score 5, Interesting) 275

When I see how much hardware and electricity is being wasted on these various mining processes, I can only shake my head.

Bitcoin developer here. Yes, by all means shake your head, it's clear that the current level of mining is a large waste of resources. Nobody has been reporting double spends caused by hashpower attacks, which is what mining is designed to stop, suggesting that right now there's too much security.

But what else would you expect? Inflation causes misallocation of resources. This is basic economics and is the reason Bitcoin is designed to eventually target a stable monetary base. Yet you cannot create a new currency from scratch without inflation, by definition, because the money has to come from somewhere. What's more you can't create a currency fairly if you simply give yourself all the money (pre mining), so there has to be a fairly long drawn out allocation process so everyone gets a chance of taking part in that initial inflation.

This initial misallocation of resources towards excessive security is annoying, but tolerable - existing currencies inflate all the time and this causes huge misallocation of resources towards things like asset bubbles. If we're going to misallocate towards something, more security against rollback attacks is perhaps not the worst thing we could want, especially as market incentives should push people towards using renewable power over the next few years.

I'm not sure when BTC is slated to have all of its coins mined, but it will be instructive to see what happens to it at that point.

The rate halves every four years. It rounds to zero in 2140 but will presumably become irrelevant long before that. How irrelevant really depends on Bitcoin's long term value in dollar/euro/fiat terms though, which is impossible to predict.

At that point mining will be supported entirely by fees. How much mining takes place will depend on how much security the Bitcoin user community really needs, which I am expecting to be determined by letting it fall until double spending attacks start to become commonplace and an actual risk to business. Then the game theory becomes quite complicated because mining is a public good, but I'm expecting merchants and other big sellers who need the security to form assurance contracts with each other to incentivise mining. In theory this solves the problem of people not wanting to subsidise their competitors, but the use of assurance contracts for continuous goods like hash power is a rather under-researched area. I'm looking forward to reading papers written by academic economists and game theorists over the coming years to learn more about what the post-inflation world will look like.

Comment Re:Banks are responsible too (Score 0) 87

It improves security by preventing card cloning, which is one of the key ways the US card system is defrauded. It is not "broken" in Europe, so your latter question is irrelevant. You are probably thinking of academic papers which did what academics do: probe the system for weaknesses and published their research, which often led to fixes (except when their attacks were so convoluted nobody actually does them in practice). This is common to all security systems everywhere and is one way they get better. However magstripe cards don't incrementally improve this way because they're so fundamentally broken there's no point researching them.

If you need further encouragement, consider that America has 5% of the worlds population, 25% of the worlds credit cards and over 50% of the worlds credit card fraud.

Comment Re:From what I understand... (Score 1) 251

Sketchup is frequently used for models, and has been for years. In most cases the process involves pulling a single file out of the archive that sketchup generates, and running that file through a program that turns it into tool paths for the printer to follow. From what I recall, that was a free program as well. There is more information, and links to even more beyond it at

Comment Re:3D printing (Score 2) 251

I think that a 3D printer is pretty much in the domain of a machinist metal lathe at this time. In short you can get a satisfactory home use variety device for about the same price, or build one yourself from reasonably priced off the shelf components and a little bit of work on your part. If you are going to do something that involves one of these in a professional capacity, it's going to cost significantly more.

Both serve the needs of someone who has developed somewhat specialized knowledge.

That said, I'm actually interested in both, though neither is a part of the domain I work in. That's true of several other interests of mine as well.

Slashdot Top Deals

The "cutting edge" is getting rather dull. -- Andy Purshottam