Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Write once? (Score 1) 153

Hmm, how do you backup the crypto keys?

In short: turtles all the way down.

Not 100% sure, I don't work on that system, but I strongly suspect it's by encrypting the crypto keys with a master symmetric key and replicating/backing up the encrypted ball-o-keys as needed. The master key itself lives in an HSM; backups of the HSM are handled with the usual HSM approach of "M of N physical smartcards".

Comment Re:Write once? (Score 4, Interesting) 153

Anyone know if these burners are write-once drives?

If so, it pretty much guarantees that Facebook keeps a copy of your stuff forever, even if you "delete" it.

Where I work, we use large-scale tape backup (complete with robots), but tapes are so crappy that you basically have to treat them as write-once media anyway, so you have the same problems. (And tape drives are a consumable, but that's another story.) We solved this by encrypting each backup batch with a unique symmetric crypto key, and when a backup expires a cron job throws away the crypto key and marks the batch as "deleted" in our tape index. If all the batches present on a given tape end up deleted, only then do we bother to recall the physical tape from off-site storage and throw it out.

Has the bonus that we don't have to trust the security of our off-site storage provider.

Comment Re:That's not what was said. (Score 1) 683

... Short answer is probably mainly because I've been unemployed for years since I walked out on a six figure salary and a hardwalled office in the historic Xerox-Parc after I walked out on VMWare in January of 2009. Well, we'll set asside my educational 2 months stint working at Wendy's, which truly was more rewarding in every way other than financially than working for VMWare or others.

Why did I do that? [...] The fact of the matter is that the 'average googler' works for a system of control.

Wait, you think tech companies are part of the "system of control" but McJobs aren't? I worked 5 years at Wal-mart and it made me want to scrub away the filth by the time I quit. Even as a lowly overnight shelf stocker, I was complicit in helping to operate one of the most exploitative companies on the face of the earth. Wal-mart has committed serious acts of economic devastation (e.g. classic monopoly abuses like dumping), has bribed and corrupted third-world governments, and has used monopsony power to price-pressure suppliers into cutting corners on product quality and into depressing workers' wages (sometimes to the point of looking the other way when suppliers use literal slave labor). And the Waltons have used their Wal-mart wealth to push an explicitly conservative (evangelical Christian, anti-abortion, anti-gay) political agenda.

I mean, fuck. VMWare mostly just overcharges for neat software you could get for free and convinces idiot CTOs to buy licenses for it. That's peanuts to Wal-mart. And even Wal-mart is barely a blip compared to some other companies I can name off the top of my head. And the fast food chains like McDonald's and Wendy's rank only slightly less evil than Wal-mart (no slavery AFAIK, but look at e.g. their quest to addict us to their food by soaking everything in sodium and saturated fat, or their recent pressure on the FDA to loosen regulations on use of diseased animals for human consumption).

On the package signing: you're doing a piss-poor job of convincing me that poor key hygiene at VMWare was nefarious NSA tinkering, as opposed to some VP with password "password1" handing down security decisions or some fool sysadmin who runs everything from a "sudo -i" shell because it's easier than learning how chmod works. Consider this: RSA, a company that sells security and only security, had their SecurID key material stolen 3 years ago because they were idiots and didn't air-gap the key material for their signature commercial product. The profit motive doesn't explain running one's business into the ground. Total ignorance of security practices (and crypto in particular) is just too common to blindly attribute every bad practice to NSA nefariousness. Even at a company like RSA, where we're 95% sure they did weaken security for NSA bribes. Frankly, it doesn't surprise me that other people perceived you as a loon -- you're not justifying your claims at all. "Snowden, therefore X" is not an argument.

Comment Re:Exactly 0% argue static climate (Score 1) 846

I posted about this on my G+ feed a while back; at some point, we went from being told about Global Warming to being warned about Climate Change.

The reason for that is that people equate "Global Warming" with "hot summers". That's bogus. The greenhouse effect isn't about direct sunlight; it prevents heat from escaping; therefore it affects low temperatures more than it affects high temperatures, and it affects winter more than it affects summer. The Arctic and Antarctic are the places that are changing the most drastically, and that's far removed from your average Joe's day to day "ermigahrd its sooo hot" experience.

But warming the poles more than the temperate latitudes evens out the temperature difference between them, and that has huge consequences from a weather standpoint. Temperature differences drive the jet streams; a polar jet stream is a 100mph~200mph river of air that circles the planet 5 miles up, and if you live in a temperate latitude (e.g. the US, Europe, China, south Australia) then a polar jet streams is responsible for everything nice about your weather. A polar jet stream blocks cold dry air from plunging equatorward (and warm moist air from surging poleward), and it also shepherds weather systems from west to east, forcing them to keep moving. Without a jet stream, weather would just sit in place for weeks or months at a time, causing droughts or flooding depending on whether a high pressure system or a low pressure system decided to set up shop over your head. (Either possibility is a disaster for agriculture and local ecology.) But thanks to CO2-induced polar warming, the jet streams have been creeping equatorward a little bit each year and they've been weakening. With weaker jet streams, we can expect things like polar vortex plunges and balmy temperatures in Alaska and 15%-of-normal-rainfall droughts in California and 115 F heat waves in Australia to become regular occurrences. (These things are all happening right now, if you haven't been paying attention, and they're all a consequence of polar jet stream shenanigans, which are getting more common and more extreme as of late.)

Like the jet streams, ocean currents are also driven by temperature differences, so ocean currents will eventually start to shift if polar warming continues. That will have far-reaching consequences, because ocean currents determine evaporation rates and thus where precipitation falls, but ocean current changes are very hard to predict because we have so little data to work from. This hasn't really affected us yet, but the El Niño vs La Niña dichotomy (drought vs flooding; where you live determines which one brings which) gives a small taste of how much power the ocean has over the weather (and how big the effect will be once we do get our first permanent ocean current shifts). That awful The Day After Tomorrow film was mostly made of bogus-science-from-hell, but it was very loosely based on a real-world hypothesis that freshwater glacial melt could disrupt the thermohaline circulation that powers the Gulf Stream, the ocean current that keeps the UK and northern Europe warm. (The UK is at the same latitude as the Gulf of Alaska, suggesting it would be as cold as Alaska if the Gulf Stream were disrupted. The Gulf Stream weakened 30% from 1957 to 2005, which causes some concern.)

It's also worth noting that the changes are being buffered by the ocean, but that's not without consequence either. The ocean has been absorbing tremendous amounts of CO2, and that has seriously reduced CO2's greenhouse warming impact and bought us time before the Arctic temperature situation gets completely out of hand. But when CO2 dissolves in water it forms carbonic acid (H2CO3) -- that's why flat soda tastes disgusting: carbonation adds acidity (tartness) -- and now the ocean's pH is getting so acidic that coral reefs are dying en masse. The loss of biodiversity dominoes up the food chain to fish that human industry cares about. Coral reef biodiversity has also been a fruitful source of drug discovery ideas, so the pharmaceutical industry will suffer a bit from coral reef deaths too. And beyond coral, the falling ocean pH is also hurting shellfish operations because the water is now too acidic for baby oysters to mineralize their shells. The Pacific Northwest's oyster industry has started suffering from this problem in the last couple of years and is now resorting to artificial hatcheries to stay in business. Expect to see the global shellfish industry in dire straits within the next decade or two.

The situation is horrendously complicated. There's no way you could summarize it with two English words, no matter how pithy. But "Climate Change" is a little closer to the reality than "Global Warming".

Comment Re:Utilitarianism is correct (Score 2) 146

Utilitarianism is false, because no human being can know how to globally maximize the good.

This is like saying "mathematics is false, because no human being can know if a statement should be an axiom or not". In both cases the subordinate "because" clause is trivially true, but not logically related to the independent clause it pretends to justify. Mathematics is a tool for generating models, some of which are useful for approximating how the real world behaves; utilitarianism is a subtool within mathematics that's appropriate for generating models of the part of reality we call "human morality".

They just believe they do, and then use "the end justifies the means" to commit atrocities.

Every proposed moral system has been used to justify at least an atrocity or two at some point: utilitarianism, deontology, moral relativism, moral absolutism, every goddamn religion you care to name — even Buddhism! (What the hell, right?) The truth is that people choose an action, then they justify their action by creating a post hoc story that rationalizes why the chosen action was Right, and it makes no sense to blame the justification instead of the choice.

Morality itself is a pattern in the brain that shapes what one chooses — how one resolves the balance between conflicting goals — and it's not actually an object-level belief that one can directly observe with conscious thought. If you give people books to read about object-level moral beliefs, the readers don't become more moral or less moral, they just get better at crafting post hoc justifications.

(Also, as it turns out utilitarianism was not a great model for human behavior by itself, but it actually does pretty well if you extend it with uncertainty in the Bayesian sense. Moreso if you go the extra step and add causality to the model (fixing the edge cases that crop up in more nai:ve decision theories that treat actions as evidence). If the space of possible futures is small enough, you can even wrestle the conditional probabilities into submission, e.g. using Judea Pearl's causal networks, and get concrete answers that take that uncertainty into account — still a high bar, but more tractable than "noooo, it's not worth doing unless it's perfect". Many human behaviors that seem irrational in a Homo economicus utilitarian calculus suddenly look perfectly rational if you model the study participant as, say, a Pearlian estimator with a low computed probability for P(stranger will actually give $100|stranger says they'll give $100 if I were to do X AND I counterfactual-do(X)).)

Comment Re:Lack of vision (Score 2) 157

Sometimes, Google just baffles me. The lack of direction in their product lines makes me shake my head.

We have several distinct software platforms:

1) Android. Development in XML with Java used as glue to hold everything together. Unless you don't. You can use standard C libraries and call the Linux kernel directly, bypassing the Dalvik Java VM.

2) Chrome browser. Development largely in javascript, again there are some obvious exceptions. Javascript is, of course, preferred because it's safer, so ChromeOS protects you by having everything done in Javascript. Except that it isn't.

3) ChromeOS. Kinda/Sorta like using the Chrome browser, except that it's not, because you are developing things that run as if they were actual clients. In Javascript. And of course, this too, is just as strictly enforced.

4) But Let's not forget the 4th platform in the trio: Google's Go language is clearly a contender, and it's designed to replace C, except for a few bone-headed decisions like linking everything statically resulting in enormous binaries. Because you really, really need to have the same library installed once for every app installed, because that way you get to recompile everything installed on your system any time a security update comes out for your favorite library. Except that, of course there are exceptions here, too.

And most importantly, you cannot target all these platforms with any single codebase written in any language. It's like they are trying to make their product suite as difficult as just using products from multiple vendors anyway.

It's really quite simple. A lot of Google projects started from a handful of people going "you know what would be a cool idea?" and doing it with very little approval or red tape (the fabled 20% time). That's certainly the only explanation I can think of for DART, at any rate.

Go is basically what you get when you hire a former Plan 9 developer, expose him to Google's internal hermetic build system (where a 100MiB binary is small), then let him build cool stuff to keep him from getting bored.

Disclaimer: I work at Google but do not speak for my employer. I don't work on any of the teams mentioned in your post. The information in this post is already available to the public in various places.

Comment Re:eh, Google no eat own dogfood? (Score 2) 308

Care to share the Distro of choice on those linux based non chromebook machines? Is it a free employee option ? Are there a set number of pre-approved distros? Is there a top-secret Google Gnu-Linux Distro that dispenses chocolates on the half hour?

Only Goobuntu is available. It's Ubuntu Precise Pangolin plus some light policy customization (internal base-install *.debs; some Puppet stuff).

Comment Re:eh, Google no eat own dogfood? (Score 4, Informative) 308

why use so many Apple computers when there's your own awesome Chromebook?

Google employee here (but I don't speak for my employer and I am basing this purely on anecdotal observation, not hard data).

I'm only familiar with my impressions from the engineering side, so I don't know much about the sales and marketing side of things, but nearly all of the engineers use Linux desktops (unless they're developing client software, like Chrome). Laptops are a different story. As a Bay Area-wide phenomenon, software engineers sure like their Macbooks, and this place is no exception. A few of us run Linux laptops, but my impression is that Macbooks outnumber Linux laptops plus Chromebooks combined. But the internal hardware requisition site is now offering the Pixel (indeed, recommending it instead of Macbooks), so this should change with time.

There's also the matter of hardware refresh cycles. The Pixel is not even a year old yet, and it hasn't been available for requisitions for its entire lifespan, so a good number of employees haven't yet had the chance to switch even if they want to. (Returned working laptops are refurbished and reused, so turning over the inventory will take longer than you might expect.) Also, lack of VPN or native SSH impeded the Chromebook's internal usefulness in the early days, but today hardly anything still requires VPN (it works now regardless) and the Secure Shell app is pretty workable (set it "Open as Window" so that ^W goes to the terminal). And... well, the early Chromebooks had anemic hardware specs, which is not true of the Pixel.

Comment Re:Movie idea (Score 1) 127

You could make a film about a pile of dead body parts assembled into the form of a man being shocked by lightning and being given the will to live. You could even add some wanton violence and philosophical questions of existence to make the story interesting.

You mean Frank Henenlotter's 1990 masterpiece, Frankenhooker , of which Bill Murray said (and I quote) "if you see one movie this year, it should be Frankenhooker"?

Comment Re:Freedom of thought (Score 3, Insightful) 392

Uhhh...just FYI? Rohm and the SA leadership were pretty much ALL gay and Hitler and pals didn't have a problem with it until Rohm started talking about a "second revolution" because he thought "the little colonel" had betrayed the socialist part of national socialism, just FYI.

Hitler had a pretty firm "babies good, homosexuals bad" policy for the common folk. Rohm was a party insider long before Hitler was elected Chancellor; in general, Hitler was pretty willing to give special treatment to party insiders, even ones less senior than Rohm. Even so, I'm not aware of any other SA leaders who got a pass for the same reason; care to name names?

For that matter, Hitler's family doctor Eduard Bloch was Jewish, and he got special treatment too (only Jew in Linz with special protection from the Gestapo, notes Wikipedia). Adolf reportedly had quite the soft spot for him after he did everything he could to treat Klara Hitler's rather horrifically advanced breast cancer, despite her financial hardship. Basically, Hitler was a giant hypocrite who tried to ignore the brutality of his own policies by shielding only the people he cared about and could personally see suffering from them.

Comment Re:Mysterious quantum mechanical connection? (Score 4, Interesting) 186

I am not a physicist.

But I keep hearing that there is actually nothing mysterious about entanglement at all... Something along the lines of:

You post 2 envelopes containing cards in opposite directions, one with a printed letter A, the other card with the letter B.

At one destination, the envelope is opened to reveal the letter A. ... then through some mysterious quantum mechanical connection.... you know that the envelope at the remote destination contains the letter B.

And that's about all there is to entanglement....

Can any physicist confirm?

I'm not a physicist, just a well-read layman, but...

It is more mysterious than that, but if you go with the Many Worlds interpretation it's not much more mysterious.

Basically, if you entangle letters A and B and send them in opposite directions, you're really creating two universes corresponding to the two possibilities: universe P (A here, B there) and universe Q (B here, A there). If you open the envelope to reveal A, for instance, then that copy of you in universe P now knows they exists in universe P, and likewise for B and Q. But unlike in classical physics, universe P is not completely separated from universe Q. P and Q still exist as a single mathematical object, P-plus-Q, and you can manipulate that mathematical object in ways that don't make sense from a classical standpoint.

Basically, it all comes down to one small thing with big consequences. The real world is NOT described by classical probability (real numbers in the range [0,1]). Instead, the real world is described by quantum probability (complex numbers obeying Re[x]^2 + Im[x]^2 = 1).

As it turns out, "system P-plus-Q has a 50% chance of P and a 50% chance of Q" is really saying "system P-plus-Q lies at a 45deg angle between the P axis and the Q axis". Starting from P-plus-Q, you can rotate 45deg in one direction to get orthogonal P (A always here), or you can rotate 45deg in the opposite direction to get orthogonal Q (B always here), thus deleting the history of whether A or B was "originally" here. (If P and Q were independent universes, this would decrease entropy and thus break the laws of physics.) Even more counterintuitively, you can even rotate P-plus-Q by 15deg to get a 75% chance A is here and a 25% chance B is here (or vice versa, depending on which quadrant the starting angle was in). Circular rotations in 2-dimensional probability space are the thing that makes quantum probability different from classical probability, and thus the thing that makes quantum physics from classical physics.

Classically, A is either definitely here or definitely there, and until we open the envelope and look we are merely ignorant of which is the case. Classical physics is time-symmetric, and it therefore forbids randomness from being created or destroyed; classical probability actually measures ignorance of starting conditions. In a classical world obeying classical rules, you can't start from "50% A-here, 50% B-here" and transform it into "75% A-here, 25% B-here" without cheating. The required operation would be "flip a coin; if B is here and the coin lands heads, swap envelopes", and you can't carry that out without opening the envelope to check if B is here or not. Quantum physics is also time-symmetric and also forbids the creation and destruction of randomness, but quantum probability (also called "amplitude") is not a mere measure of ignorance. In the Many Worlds way of thinking, physics makes many copies of each possible universe, and the quantum amplitude determines how many copies of each universe to make. At 30deg off the P axis, cos(30deg)^2 = 75% of the copies are copies of universe P, and you experience this as a 75% probability of finding yourself in a universe with "A here, B there".

(Or something like that. It'll probably make more sense once we eliminate time from the equations. At the moment not even Many Worlds can help us wrap our heads around the fact that quantum entanglement works backward the same as it does forward. The equations as they stand today imply that many past-universes containing past-yous have precisely converged to become the present-universe containing present-you.)

One last complication. If the information of A's location spreads to more particles than A and B, then P and Q become more and more different, and as a consequence the quantum probability rules become harder and harder to distinguish from the classical ones. If you open the envelope and learn "A is here", for instance, then P now contains billions of particles that are different from Q (at the very least, the particles in your brain that make up your memory) and it now becomes impossible-ish to perform rotations on P-plus-Q, because you would need to find each particle that changed and rotate it individually. (Not truly impossible, but staggeringly impractical in the same sense that freezing a glass of room-temperature water by gripping each molecule individually to make it sit still is staggeringly impractical. And both are impractical for the same reason: entropy.)

When so many particles are involved that we can't merge the universes back together, we call the situation "decoherence", but it's really just "entanglement of too many things to keep track of". Entanglement itself isn't really that special; what's special is limiting the entanglement to a small group of particles that we can keep track of and manipulate as a group.

Comment Re:Democracy? (Score 1) 371

Just under what legal theory before the FDA was poisoning people a legitimate business ?


Back in the U.S. robber-baron era (1870-1905) it used to be the case that it was your own fault if you put it in your mouth. It didn't matter if the seller marketed it as edible despite knowing or suspecting that the product was poisonous (such as radium water or formaldehyde-preserved milk). As the buyer you were supposed to know better, as summarized by the legal doctrine caveat emptor ("let the buyer beware"). It was only later that caveat emptor was _partially_ overturned by the invention of the "implied warranty", as federally formalized in the Uniform Commercial Code of 1952 (though the concept was kicking around decades earlier than that on a state-by-state basis). In the absence of a warranty (explicit or otherwise), the seller had made no promise to the buyer about the product sold, and with no promise to break there was therefore no fraud on the seller's part. No fraud, therefore no wrong and no restitution: no wrongful death damages, no medical bill expenses, not even a "satisfaction or your money back" refund guarantee.

To this day, there's still quite a bit of caveat emptor in the law. For example, cigarette smoke is poisonous at the intended dosage, full stop. Habitual smoking of cigarettes is known to inactivate hemoglobin by way of carbon monoxide, to reduce lung capacity by accumulation of scar tissue, to damage the cardiovascular system by hardening the arterial walls, and to dramatically increase the risk of lung and other cancers. But despite their documented toxicity, to this day tobacco companies are not held liable for selling them. They have been sued several times, but generally for their advertising, and many of the advertising suits have been for ads that played up false benefits or downplayed real drawbacks -- i.e. they made a promise (implied warranty of fitness) that was then broken (fraud). But so long as the buyer is duly warned (no false advertising, the Surgeon General's Warning is present), the situation reverts to caveat emptor and it's again the buyer's own fault if they put poison in their mouth.

Comment Re:Security? (Score 5, Informative) 123

How they maintain security with C and C++ applets?

-- hendrik

NaCl (in its standard, non-Portable flavor) is essentially a bytecode that happens to be directly executable as machine code (either x86-64 or ARM). The bytecode can be statically verified to mathematically prove that the instructions obey certain rules (e.g. exactly one interpretation for any bytecode, execution only leaves the verified bytecode by calling trusted functions, can only read/write memory in the sandbox, cannot write to bytecode, etc.). As I understand it, PNaCl is similar to classic x86/ARM NaCl but trades fake bytecode for real bytecode (LLVM's intermediate representation, last I heard) and statically compiles it to native machine code after the bytecode verification step. Basically, in this scheme the verified C code can run at near-native speed, but it can only communicate with the world outside the sandbox by calling trusted functions that the enclosing app chooses to expose.

Theoretically, Java ought to be just as strongly sandboxed as NaCl: Java code in a JVM sandbox can only call trusted functions that the JVM chooses to expose, too. But in practice the Java standard library exposes a ridiculously broad attack surface, giving sandboxed apps plenty of chances to exploit bugs and escape the sandbox. (For instance, java.lang.String is a final class today because folks discovered that you could subclass it to make it mutable, pass a sandbox-approved value to e.g. a file I/O function, then modify the value to a sandbox-forbidden value after the security check but before the OS system call.) Basically, Java's attack surface is broad and leaky because Java was designed for running embedded devices and servers, not for sandboxed applets downloaded from hostile sites on the Internet. Applets were a distant afterthought compared to Java's "let's write an OS for set-top cable boxes" origin.

In contrast with Java, Chrome's implementation of [P]NaCl only exposes the Pepper API, and the Pepper API was designed from the ground up to be called by sandboxed code fetched from a malicious website. Looking at the Pepper C API site, the attack surface seems... bigger... than I would have expected. But most of the functionality I see there is also exposed to JavaScript, where the code is every bit as hostile. Almost any "attack surface, WTF" argument would also argue against JavaScript and all modern web design. And if they're smart, one API is hopefully built on top of the other (plus a thunk layer made of machine-generated code), so that there's only one pool of security bugs to fix.

Comment Easy solution: measure budgets in Iraq War Days (Score 4, Insightful) 205

A repost of a Google+ post I wrote a year and some change ago:


From today forward, all federal government expenditures will be priced in "Iraq War Days" (IWD) or "Iraq War Years" (IWY). For quick reference:

  • - MSL mission w/ Curiosity rover: 3.5 IWD
  • - Cost of giving $10 to all 312M US citizens: 4.33 IWD
  • - 2012 "General Science, Space and Technology" budget: 43.04 IWD
  • - Cost of giving $100 to all 312M US citizens: 43.3 IWD
  • - 2012 Welfare budget: 210.3 IWD (0.6 IWY)
    • ~ Computed as 26% of the 2012 "Income Security" budget
    • ~ Includes TANF (22%) welfare, SNAP (70%) and WIC (8%) food stamps
    • ~ All ratios from 3rd party analysis of 2010 data; see "How much do we REALLY spend on Welfare?"
  • - 2012 "Medicare" budget: 672.9 IWD (1.8 IWY)
  • - Cost of giving $2250 to all 312M US citizens: 975 IWD (2.7 IWY)
  • - 2012 "National Defense" budget: 994.9 IWD (2.7 IWY)
  • - 2012 "Social Security" budget: 1081 IWD (3.0 IWY)
  • - 2012 Total budget: 4986 IWD (13 IWY)

Source: "United States Federal budget, 2012" and "Mars Science Laboratory" pages on Wikipedia for budgets, for US population, National Priorities Project via "Cost of War" Wikipedia page for IWD exchange rate.


Something I didn't note in my original post that's probably worth mentioning in passing: Social Security is huge, "bigger than the National Defense budget" huge, but it's basically self-funding because it's a retirement investment paid for by payroll taxes (modulo population bumps, e.g. the post-WW2 "baby boom"). Person A pays in, person A cashes out, theoretical net cost to taxpayers $0.

Slashdot Top Deals

Your good nature will bring unbounded happiness.