Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:VeraCrypt designer is an authoritarian idiot (Score 1) 71

Actually, if you're using a 94-element space (26 + 26 + 10 + 32), an 8-character password is on the same magnitude as a 26-element space (all lower-case letters) at 11 characters (7.2 x 10^15 vs 3.7 x 10^15). With a 1,000-element space, 5 characters (words) are on the same magnitude (1.0 x 10^15); although the 1,000-most-common words don't include conjugations and plurals, which takes you to several thousand. You have to breach a 5,700-element space for 4 characters to be on par (1.1 x 10^15).

So all-lower-case can actually be secure as the standard four-classes, eight-character password just by adding three characters. In all of these, we're looking at 50-53 bits (1.1 x 10^15 to 9.0 x 10^15) of entropy.

Seriously, the 8-character password with complexity requirements thing should have never come about. When they went from "8 characters" to "something more secure", it should have been 11 characters.

Comment Re:So long, Linux (Score 1) 52

After Dirty COW, the self-protecting kernel people will end up porting all Linux interfaces and core functionality (e.g. iptables) to Minix services. Then they can replace the VM manager and just pass over the PTE data to the new server when there's a bug, instead of rebooting everything. Systemd will be stripped as core functionality makes more sense as a kernel service than as kernel capabilities managed by a user program.

Comment Re:DCMA Fair Use / Parody (Score 1) 218

No, it wouldn't. These notices are made on behalf of Samsung about an exclusive right to something about the Galaxy 7 which is allegedly being infringed. The assertion of infringement has no legal standing, but the assertion is made on behalf of the owner of an exclusive right that is allegedly infringed.

A judge can find a load of other shit you're doing wrong if you're misusing the statute. Abuse of the legal system is frowned upon.

Comment Re:Mitigations (Score 1) 108

The simple mitigation is to not have local users who will hack your machine.

If you run a server, an exploit of the server software (nginx, PHP scripts, Ruby on Rails, etc.) will provide local non-root access, which you can then root.

If you run your server software in Docker, then the host system's binaries aren't exposed. That means an attacker can't modify the disk cache for /bin/su and then su to root; he can only modify the disk cache for /bin/su or glibc from e.g. the debian:jessie image that the Docker image the container used is based on. Elevation in the same container is useless: anything mounted read-write is likely already writable by the software the attacker exploited in the first place, so they have that access; and modifying the system is pointless, since you can just destroy and recreate the container in 10 seconds.

A container exploit might give a cross-container exploit to all containers eventually descended from the same version of the same base image (e.g. everything ultimately built from that release of debian:jessie), but it's tricky. You can modify e.g. /usr/sbin/nginx and send a reverse-shell to all nginx containers; or you can modify glibc and get it into everything using the same base image (because it's from the same disk blocks, thus the same disk cache). Either of those has to use the existing memory space (can't add empty memory pages or use anything outside the file), replace code in an existing function, and not outright crash (or the container terminates and all processes end immediately); and a glibc modification would make your reverse shell kind of useless (bash would just re-exploit and call a new reverse shell).

Escape to the host system is as impossible as it is without this exploit, so there's that.

So, for some server software configurations, this is diminished to the point of uselessness. For others, they get the www-data user and then su straight to root.

Comment Creationists and flat-earthers (Score 4, Insightful) 601

We have this idea in free society that people are entitled to their own opinions and the government should not force people to believe one thing or another. And it’s not like we lack precedents where totalitarian governments actively suppress ideas that might disrupt their regime. So we do need to keep in mind that indvidual people should be free to be wrong and be assholes. That kid in the gorilla costume at Tennessee State was an asshole, but should he be brought up on criminial charges? We need to ensure that “assholes” are not summarily suppressed. Richard Dawkins acts like an asshole but he’s still right about evolution.

Now, when it comes to these nurses, the situation is entirely different. They are entitled to their *personal* opinion. But this is a matter of professional activity. In their capacities as nurses (even on their own time), they represent their employers. As a CS professor, I could be dismissed for a wide range of inappropriate behaviors in my “personal life,” including hooking up with an undergrad and making offensive and racist statements on social media. I can maintain my right to express an opinion, and my employer can exercise their right to not be associated with someone who does not represent their core values. (Although, I will say that I’ve heard that BYU won’t grant tenure to anyone who they see as not sufficiently “Mormon,” and I think that’s reprehensible, so there is some room for debate on this, which is why we have courts.)

There’s also not much room on this subject for “personal opinion.” Science doesn’t have answers for everything, but all attempts to show a solid link between vaccines and autism have failed, and those attempts have been numerous. This isn’t based on a single publication with no replication studies. This topic has been beaten to death. It be shown that their statements are factually wrong. They are also not researchers in this area. If they were, then they would be in a position to conduct further studies to see if they could prove a link. Instead, they are just talking out their arses.

Even more important, they are putting people in danger. And that’s what this is all about. The benefits of vaccines are not in dispute, and the risks are minimal and nebulous. When your scientific illiteracy puts people in danger, you need to be stopped.

Comment Re:How can that possibly be legal? (Score 1) 303

Well they could disable access to the travel data stream--a resource you're continuously using, maintained by them, at a cost of loads and loads of money per year diffused through thousands of consumers.

400 million copies of Windows XP sold. If they paid 270 programmers full-time for 10 years to develop and maintain XP, Microsoft would have made a profit selling it at $1. What's Tesla's incentive to keep up with firmware and data updates?

For what it's worth, the 2009 DVD to update the 2004 Mazda 3's in-dash navigation system costs $300. Yes, you have to pay $300 for the DVD, then install it into your car yourself, and then you have 2009's map data instead of 2004's. This was also true of the 2007 update.

Comment Re:DCMA Fair Use / Parody (Score 4, Interesting) 218

Not even.

The phone isn't copyrighted. Its existence and a representation of it as a material fact can't be copyrighted. You can't copyright the existence and form of your product in such a way that, for example, a novel writer can't mention that a person was using a Samsung Note 3 and describe the functionality he was using. Those are material facts.

The phone is a trademark--or at least its visual form and its name are potential trademarks. You may be able to patent the production of a phone in that form (design patent), and trademark a particular shape of a phone (like the Gibson and Fender headstocks--yes, their brand-identifiable shapes are trademarked); that applies only to actually making a phone.

Samsung is legally-required to protect its trademarks, else they lose them. That means a number of things. It means you can't make a DogRun Galaxy 7 phone (especially in substantially-similar design to the Samsung offering) because Galaxy and Galaxy 7 are Samsung trademarks. It means you can't use the Samsung name to brand your phone. If you do these things, Samsung must take action, or else the next guy to do the same thing can point out that Samsung hasn't protected their trademark.

A reference to a trademark isn't a trademark infringement.

A reference to a trademark in a book, in a TV show, in a video game, in literature about your own product, wherever it is, does not infringe trademark. Trademark distinguishes products. If you make a phone and, in the literature, identify that it is distinct from the Samsung Galaxy 7 by pointing out that it has similar or superior battery life to the Samsung Galaxy 7, you haven't infringed trademark because you haven't identified your phone as a Samsung Galaxy 7.

That video isn't parody, by law; it's non-infringing. It's a non-infringing reference to a trademark and to the existence of a product. Artistically, it's satire: it explores an existing material fact with humor and exaggeration. Even if it had no artistic defense, there's no standing for any intellectual property claim--copyright, trademark, patent, or otherwise. Samsung's phones blowing up is a material fact; it might be over-emphasized, but it's a thing that happened in the world, and the phones are a thing that exist in the world, and the thing in the game is a representation of that thing and not a counterfeit product.

Comment Re:Holy flamebait batman! (Score 1) 891

It's something we need to move into, as a matter of social welfare. There's actually an argument (not very sound) that the United States is legally-required to implement something substantially-similar to the system I designed as soon as technically-feasible.

The ideal that we'll need some kind of UBI because of an upcoming crisis is rooted in a misunderstanding of economics. People think automation is a new thing and jobs go away forever; but it's just technical progress, the same as we've been doing for thousands of years. The threat comes when progress occurs too rapidly: if you create rapid unemployment, the slow replacement of jobs doesn't keep up, and you get high unemployment.

The only zero-job economy is a zero-labor utopia where humans do nothing. Flat out. As long as human hands are required somewhere in the process, there's no such thing as permanent job destruction. As well, new jobs range from highly-complex, heavily-specialized disciplines to pushing the buttons on the machines at the correct time; sometimes the sensors and probes aren't nearly as accurate as humans, or just cost a lot more. That's why things like injection-molded plastic forms are removed from the mold by hand and placed on a conveyor: a machine that can handle that job would be ridiculously-complex and unreliable; at the very least, it'd require thousands of hours of QA testing after retooling the IM to make a new form--or you just skip all that maintenance and extra QA and pay someone to do it by hand.

The nature of technology is also that it's invented as soon as it's envisioned in sufficient detail. It's in-production shortly after. People have romanticized about robots replacing 100% of all jobs since Karl Marx proposed it as an immediate, tomorrow-goal for society; then, they made machines and came up with new jobs doing the last bits of work finishing up after the machines--the robot does the job of a hundred men, and one man clears up their mistakes.

The corollary is we're constantly imagining all jobs will go away forever when we see a new technology (machines, trade, or materials--cotton is the bane of the sheep-shearers's union!). We can't imagine what new technology will appear tomorrow and how it will create jobs, because technology reduces labor requirements.

So what actually happens?

We reduce the labor involved, and the costs go down eventually--the relative cost of things is in constant turmoil, and the relative desirability of goods changes. Food has enormous competition. Every good competes with every other good--if you spend more of your money on food, you have less for iPads; if 2/3 of the price of iPads is actual costs and people are only willing-and-able to spend 3/4 of the price, then you need to lower the price (by 1/4, meaning the cost is now 8/9 of the price--an 11% margin instead of 33%). Instead of margins getting fatter and corporate profits soaring, corporate profits average the same marginal percent over the long term.

So people steadily get that spending power back. They then buy more stuff. That creates replacement jobs. If you've eliminated (over a wide time span) 50% of all required labor to make things, then costs are now only 50% as much; prices adjust in total to half of all income; and people now buy twice as many things. It takes half the working-hours to make the same, or the same working hours to make (and buy) twice as much.

Handwaving away all the economics bullshit, you can just state mathematically that a profit margin of X% implies paying wages of 100%-X%. Wages being what they are, the number of labor hours is mediated by how much money is spent. Reducing labor in one place means you have unspent money; you spend it elsewhere; suddenly there's labor there. This works over long timescales; your economy collapses if you replace a third of it with machines over the long weekend.

So, all of that. Yeah. Point?

I don't believe we're going to need to face up to a UBI in the future, in the sense that I don't believe society will collapse from catastrophic job loss and everyone will need free money. I believe the system I designed slows the transition onto technical progress by making human labor lower-cost, thus strengthening competition with lower-labor solution, without lowering take-home (spendable) wages. That means businesses take less risk waiting for automation solutions to come down in price (delaying for a competitive advantage of implementing even-cheaper automation later, at the cost of paying more for labor now); the variation in risk appetite and risk tolerance will lead some businesses to implement earlier and others later, whereas ramping up the cost of labor will cause the higher-risk players to hit their risk limits at the same time (i.e. earlier) as the lower-risk players.

A UBI is one way to avoid a transition like the Industrial Revolution (60% unemployment for THREE GENERATIONS), and instead get a transition like the Information Age (low employment, rapid job growth, rapid economic growth, and a high-speed evolution through generations of new technology and greater economic security--and occasional bitching about 6%-8% unemployment peaks that came a decade apart and lasted 2-3 years; the Great Recession of 2008 was pretty huge). It reduces the risk of a societal collapse in the way people fear one might occur, but that collapse isn't guaranteed anyway.

Other than that, it's also a lot more efficient than our current system--but only once we've got a wealthy-enough nation (which became a stable fact in 2013, in that we could do it while moving around no more money than we're already spending on welfare). Doing this in 1950 would have destroyed America.

Comment Re:It's not a matter of those reasons (Score 1) 548

True, and that's their prerogative.

The thing is both positions are surprisingly mature. Zuckerberg is probably just being a loud-mouth and trying to prevent a public incident from screwing with his company; but it's still an important point if you exclude his viewpoint. The highest-developed psychological defense mechanisms include suppression and tolerance--delaying an emotional response until you can deal with it safely, and allowing behaviors of others which aren't harmful to you even if you disagree with them. Trump supporters are their own problem, by and large because they want to support a celebrity or a political party (a lot of Republicans are blind to their own candidate and only want to be saved from socialism or something); and people who object to Trump have the right to declare that their particular organization has strong objections to Trump's message.

That means YC can declare it wants nothing to do with Trump or its supporters; and Facebook can declare itself not the steward of people's opinions; and both are essentially-correct behaviors.

Comment Re:If only there was some possible way to ... (Score 1) 82

Sure, in the same way it's not hard to just order the cheap dextromethorphin powder, measure it on a mg scale, and sift it into empty capsule shells. People still buy Robitussum.

Part of the point is that the storage has gotten so cheap there's no excuse, even if you seal the device and just permanently install a 128GB or larger microHD card in one of these devices.

So one of the things I argued was the control circuitry for a storage card costs about as much or more than a large (32GB+) amount of storage, if you use those NAND chips instead of (or in addition to) the NAND chips you used anyway. You just suggested a more-expensive way to achieve the same goal; and it's also slower than just integrating the storage directly.

I also described that the "so cheap there's no excuse" part is essentially making you buy things you won't use if you don't have a use for it--essentially everybody these days, because the cost of adequate storage for near-100% of use cases is nearly-undifferentiated from the cost of smaller storage (i.e. the process for X gigabyte chips is so efficient it's no more costly than using the same package but only etching in less than X gigabytes, where the cost of more-than-X gigabytes is higher because it requires a more-expensive process or the same process with more chips). To be clear about this: wasting a few pennies that way can have disastrous impacts on the economy, making everyone strikingly poorer.

In the case of fast food as an example, fast food joints serve 240 billion sales per year at an average $8 per sale. If we bump that to $8.14, who cares? Well, 14 cents times 240 billion is $33.6 billion. The money spent in a given year comes from incomes, which comes from revenues, which comes from sales: if you spend $8 more on some other thing, then that's $8 that isn't spent on a fast food value meal in that time frame. $33.6 billion translates to 2,371,241 full-time minimum wages--or a maximum of 2.37 million jobs lost. (The jobs are lost only if you remove their buying power--by taking a bigger corporate profit margin or raising wages so that the same money concentrates into fewer hands).

What you're describing--putting something approximately-nobody needs into the product at an arbitrary "small" cost because the producer thinks it would be nice and is cheap--is technically called "gold plating". More importantly, it wastes labor time (purchasing power and the work done to make what is purchased) producing a thing that nobody is going to use, and thus prevents people from having what that labor time would have made instead. In this case, that's an estimated $10 times 43.7 million Kindles sold per year to equip them with additional storage approximately 0% of the population will actually use--or a waste of $437 million.

That's fractionally-small compared to a few penny's increase in fast food costs. There are also cell phones, computers, watches, shoes, jackets, televisions, lamps, blenders, refrigerators, cars, keyboards, pens, tea pots, and all manner of things people buy which we could gold-plate for pennies on the dollar (because making a $120 device $130 is about 8 cents on the dollar). The end result would be a purchasing power 8% smaller--you might have the same income, but you'll buy 8% less stuff, mainly because all that stuff has a marketing bullet-point that sounds awesome but that you never use (but hey, your car DOES have a hardware Monkey's Audio decoder IC and can directly play .APE files from USB with hardware acceleration!).

I actually used to argue the exact opposite, but then I sat down and reasoned it out trying to generate a supporting argument and shot myself straight in the foot. Attempting to use logic can backfire now and then. I had to change my stance to align with objective reality.

Comment Re:I thought this was obvious? (Score 1) 151

If it were the top 3% of users, it would reach an equilibrium well-below the top 3% of typical user demand.

If it were the top 3% of volume, it would reach an equilibrium at the maximum volume possible at the throttled speed, as that is eventually the amount of use below which you cannot reduce by throttling, and any use above that would eventually push you into the top 3% as the top users are drawn downward.

They're throttling customers in the top 3% of data usage, rather than data users. Supposedly the mean data usage is around 2GB currently, so 17GB at less than 3 standard deviations out seems ludicrous.

Comment Re:If only there was some possible way to ... (Score 1) 82

My point was having two SD cards is rocket surgery--or at least is often more-complex than would be obvious. The UX to easily know what data is on what is difficult. People who aren't obsessive nerds who organize their $HOME directories essentially want "Space": they want things to download and magically end up where they belong. They don't want to spend 40 minutes sorting through 6,000 files, picking out what's what, tagging them, inspecting them when they don't remember, and then individually setting each one's storage location.

Almost 100% of people who put an SD card in a device are adding permanent storage. They put a card in their phone or tablet or whatever, and that's the end of that. It's not an organization tool to most people; it's a bulk commodity.

That's why Android phones stopped having SD cards, and then started having them again, and then started letting users replace their internal storage with SD card (your photos get copied onto the card, and the internal storage space is replaced with the SD card entirely). People see two things with storage: "I can't install an app because my phone is full" or "Now I can take more pictures!" They don't know or even care where it goes.

The solution, then, is more internal storage. External storage is an expensive added complexity that almost all users will use by putting exactly one card into the slot and never removing it unless, somehow, they have the phone 5 years later, the 32gb card is full, and new 1tb cards are available cheap--all the while wanting it to behave as more internal storage.

Comment Re:I thought this was obvious? (Score 1) 151

If you're in the top 3 percent of data volume, then throttling reduces your data volume, moving your span downward. Thus the top 3 percent of data volume becomes lower.

If you're in the top 3 percent of users, then throttling moves reduces your data volume, moving your span downward. Thus others would fall into the usage range of the top 3 percent of users, and the spot group of top-3%-users would become volatile. This would bring more users's use downward, increasing this effect until they cluster together enough to not drag down further.

Slashdot Top Deals

You know, Callahan's is a peaceable bar, but if you ask that dog what his favorite formatter is, and he says "roff! roff!", well, I'll just have to...