Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re: s/drug trials/climate change/g (Score 1) 246

Are you unfamiliar with the phrase "hand waving", or just being deliberately obtuse?

Science is about numerically accurate, falsifiable predictions. We need some of those in the Climate Change debate, but the science isn't there yet. Non-scientists like yourself, however, are happy to substitute hand waving (like a magician, hoping to distract the audience from the lack of substance).

Comment Might want to move providers... (Score 2) 37

It might be a good idea to change art hosting providers then... I'm sure every artist has given deviantArt a (non-exclusive0 icense to commercially display and use the artwork shown on the site, which means Wix can use that. And chances are, they'll let customers use some of that artwork on their website, both as a hook and a retainer (because the art can only be used on Wix hosted websites without obtaining a license).

And only Wix has access to unique artwork that only Wix customers can use, so it's more attractive to join Wix.

Meanwhile, everyone who posted art on the site sees their work ripped off and used on customer's web sites.

Comment Re:Social media? (Score 4, Interesting) 122

Because really, however bad the news was, 20 years ago you'd be waiting for the nightly news to find out about it. Several decades before that, you'd be waiting for the following day's newspaper. Now, we're getting constant updates, and those updates may be causing a device in your pocket to vibrate and make noise every time something new comes out. We know that checking all of those notifications is addictive, and not checking causes stress. However, constantly feeling the need to check also causes stress. (human nature)

It's the reason we have the term "FOMO", or Fear of Missing Out. By not being attached to our phones 24/7 we fear we're going to miss big news about something (... almost always trivial in the big scheme of things).

If you hate that term, get used to it - it's a root of the term for the phobia, and as a medical diagnosis.

Comment Re:Are two hashes better than one? (Score 1) 99

Taking the MD5 and the SHA1 of something isn't significantly more secure than just taking the SHA1 of said something. This was demonstrated in 2004 here: http://link.springer.com/chapt... This was then further elaborated and improved upon here: http://eprint.iacr.org/2008/07... So, don't concatenate hashes kids. It doesn't do what you think it does. Using a proper hash from the start is the only safe way to do things. Even if nobody has figured out how to do it yet the math conclusively shows that breaking SHA1+MD5 is not significantly harder than just breaking SHA1. This is why TLS 1.1 and earlier need to go away.

That's for concatenated hashes. As in, you hash the two hashes to form one number, usually by XOR'ing the numbers together. Which can be shown to increase the solution space considerably.

What I've been curious about, is if you maintain two hashes separately.

You have blob X here, with SHA-1 of S(X) and MD5 M(X). Can you find a blob Y with both a SHA-1 of S(X) and MD5 of M(X)?

It's easy to see if you XOR S(X) and M(X) you make it much easier - but what if we kept them separate, so the SHA-1 AND MD5 has to match. (With concatenation, you don't have to match, the final result has to match, but individually inside you have to find a S(Y)+M(Y) that equals S(X)+M(X), and not S(Y)==S(X) AND M(Y)==M(X).

The only concatenation that wouldn't be easier is if you literally concatenated the bytes together - so 128 bits of MD5 followed by 160 bits of SHA-1 to form a 288 bit MD5/SHA-1 hash that enforces the property that the two hashes individually MUST match simultaneously.

Comment Re:Practical? (Score 1) 99

Yeah, um...except for a 3 letter agency with a 10 or 11 figure budget or a Google no one has the money to devote this much CPU time to one attack. SHA-1 is still fine unless your worried about 3 letter agencies in which case you probably have bigger problems than just encryption -- problems like drones with missiles attached.

I can easily throw 1 million cores at a problem. That's 2.5 days to get an answer. My company would be pissed at me for wasting the resources, and would fire me, but I could do it. There are lots of people like me in the world.

Fun fact: a core-year on EC2 Spot generally costs less than $100. No clue how many cores you could get in parallel, but lots of organizations could throw $500k in IT spending at a problem, they just need to achieve something worth more than that by doing so.

I bet doing the same with an ASIC solution would be surprisingly cost effective if you had a lot of digital signatures to forge.

Comment Re: s/drug trials/climate change/g (Score 0) 246

Bad analogy. It's very expensive to emit less CO2. Humans will suffer from the reduced standard of living. What's the right trade off to minimize harm to people? That's the whole point of the debate. Dismissing people you disagree with without understanding what they're talking about is popular today, because it's easy, but it's not smart.

Comment Re:Weak/nonexistent punishments for faulty notices (Score 1) 70

All patent applications are signed under penalty of perjury. However, the US Patent and Trademark office disbanded its enforcement department in 1974. So, you can perjure yourself on a patent application with impunity.

Unless it's testimony in a criminal case, or the perjury trap in front of a grand jury, or something they want to prosecute like lying on your tax form, the Federal government is in general lassiez faire about perjury, or even encouraging of it with their reluctance to prosecute, especially perjury committed by a so-called intellectual property holder.

Comment Re:My experiences in other companies and opinions. (Score 1) 168

In a manager I would find this particularly disturbing, because you should really be promoting managers based on leadership qualities, and shouting at your subordinates doesn't display leadership, it displays bullying.

Shouty managers were common for Baby Boomers and earlier. There's still a bit of that culture around, and I've had a few shouty managers over the years (mostly guys born before 1960, one born in the 60s). It's an effective way to deliver the emotional message that someone is underperforming and needs to change, when sometimes trying to connect rationally doesn't work. I'm glad it's now mostly faded from current management, but it's a valid approach for leadership (there's a reason drill sergeants and marine DIs shout a lot - it works).

The better criticism is that it's unprofessional. We should all be fighting to increase the perceived professionalism of software development. I've seen so much dignity stripped from developers over the past 25 years, and it's bullshit and needs to reverse. We're professionals like doctors and lawyers (and in some countries, better paid than doctors or lawyers). Can you imagine a doctor or lawyer, past the early career years, who doesn't have an office? Who doesn't have assistants to do the shit work?

Comment Re:mode complexity (Score 4, Insightful) 124

Besides, we already have all the technology we need to keep our data private. It's just that current law won't *allow* us to keep it private. As such, the *laws* need fixing, not the technology.

No amount of technology can keep public information private. And no amount of "privacy controls" will make public information private. (See a pattern?).

In fact, "social networks" and "privacy" are an oxymoron. There is no such thing as "privacy controls". "Privacy Controls" are marketspeak for "encouraging marks to over-share". Yes, Facebook and everyone has done their research - people will share more if they get the illusion their data is protected.

In the end, everything you post on a third party website, is public. Thanks to people screen shotting, re-posting, etc, anything you post is public. Even if it's a party for selected individuals, the people you didn't invite will find out anyways.

The only "technology" to keep our data private is to ... keep it private.

Not that I agree with the border proection asking for passwords. But that's a legal issue that can really only be dealt with legally.

Comment Re:Pretty common (Score 3, Insightful) 168

It's what happens when you let sociopaths into senior management.

Corporate management selects for only 2 things: sociopathy and ability to deliver results. The higher up the ladder you climb, the more that it becomes entirely about sociopathy. This is true of almost any large organization, but especially corporations. It's not clear how to fix this, given humans are what they are, but at least recognize the world you live in.

Comment Re: s/drug trials/climate change/g (Score 2, Insightful) 246

he infrared absorption of carbon dioxide is experimentally measured in the laboratory

No one rational doubts this. That has never been what the climate change debate was about. But the atmosphere is not a bottle of air, or even a bottle of air and water (any modern meteorological model treats modeling he ocean at least as importantly as modeling the air). The atmosphere+hydrosphere is a complex, evolving system with many feedback mechanisms, both positive and negative.

I mean, really, do you think a climate model is simply modeling a static stack of air with some CO2 in it? Really?

The question is: quantitatively, what rate of human CO2 emission with create what effects, in detail. This is not the sort of science that lends itself to reproducible experiments, but that's fine, neither does astronomy or cosmology. It is, like any science, required to make falsifiable quantitative predictions.

And, frankly, the best models aren't doing so well, giving about 2 sigmas of accuracy. If you generated hundreds of models at random, you'd expect a couple dozen to have 2 sigmas of accuracy. That doesn't mean the models are flawed in any fundamental way, but there's a big gap between "not fundamentally flawed" and "great, proven science".

Slashdot Top Deals

FORTUNE'S FUN FACTS TO KNOW AND TELL: A guinea pig is not from Guinea but a rodent from South America.

Working...