Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Ahh: More than you think: Bottling plants... (Score 5, Informative) 166

Guess where all the Pepsi in the USA is made?

Hmm, I'm going to guess "at regional bottling plants run by different bottling companies who franchise from PepsiCo", because that is in fact how it actually works. There is no one factory which makes the Pepsi for the whole country. Heck, most large metropolitan areas have their own bottling plant which uses the local water, so there's not even usually one source per state.

Perhaps you've confused your regional Pepsi bottler for the only source of Pepsi in the US because you don't understand what's going on at all.

Comment Re: Say what? (Score 5, Informative) 130

Allowing an anonymous login for an FTP server is tantamount to putting up a sign which says "take the files". If you don't understand why, just follow this link. If you did, in fact, follow that link, congratulations: you just downloaded a file from an FTP server using an anonymous login. It's such an accepted thing that your web browser just did that process for you without bothering to ask if you were okay with it. You've now done the same thing he was accused of doing without even knowing you were doing it.

Putting files on a public FTP server with an anonymous login is exactly the same as putting those files on a public HTTP server without requiring user credentials. The only difference is which protocol is being used.

Comment Reaches into the past, too. (Score 4, Interesting) 241

In addition to requiring all encryption products in the future must have backdoors, it also requires that all encryption software from the past already have been backdoored unless you want to have to brute-force it in response to a court order to "render technical assistance".

If passed, this would open up a novel new extortion attack where you intentionally use non-backdoored software to encrypt some data, thoroughly delete the unencrypted versions, create a lawsuit where that data is part of discovery, and then get your opponent in the lawsuit (who is conspiring with you) to ask the court to order the company which distributed the encryption tool to render the technical assistance needed to decrypt. Thus the company will be on the hook for the cost of all the needed electricity to run all the CPUs or GPUs to brute-force the encryption key, except that you conveniently offer that if they can help work out a settlement in the lawsuit (i.e. pay you or your conspirator), then maybe the lawsuit can be dropped, thus vacating the court order.

Comment How to make money if Burr-Feinstein passes (Score 2) 314

Last night I figured out how to extort money out of big tech companies if the Feinstein-Burr bill becomes law. It requires that any company which has provided encryption technology render technical assistance in order to provide unencrypted versions of information in response to court orders.
So, here's what you do:
1) Choose a company which provides any existing encryption products which don't have backdoor and will host data for you in some form. Good choices might be Apple, Google, or Microsoft. For Microsoft you can use their BitLocker product to encrypt things. For Apple or Google, you can just use OpenSSL's command line to do the encrypting. There are likely some other companies that would work, but those are the first which come to mind.
2) Find a co-conspirator who is willing to sue you.
3) Create some key piece of information which is relevant to the potential court case.
4) Choose an amount of money which is quite large, but is within the potential budget of the company.
5) Do some calculations like this spread sheet does: (although I'm not sure these numbers are correct because I'm not sure they account for the efficiency of doing this with GPUs instead of CPUs) to figure out how long the key will have to be to be in order to cost the target amount of money. Assuming their figures are correct, then 86 bits would be the correct answer.
6) Choose an encryption function which uses more bits than that. So let's go with 128-bit AES for this example.
7) Encrypt the key piece of information with it.
8) Make a second file which contains notes about what algorithm is used and contains all but your target number of bits of the key. So in this case, 128-86 yields 42, so we put the first 42 bits of the key in the file.
9) On the storage provided by your target company, store the encrypted data and the unencrypted second file.
10) Ensure that all other copies of the data and the key have been completely and utterly destroyed, but keep references to its existence.
11) Proceed with the lawsuit and have your co-conspirator find out about the file in discovery.
12) Have them obtain a court order requiring the target company render technical assistance. Now, to comply with the court order, they must spend approximately $10 million dollars to brute force the remaining bits of the key.
13) Offer to have talks about settling the lawsuit, but only if the company is also involved in those talks.
14) Hint that this could all go away for a much smaller amount, like only $100,000 especially if the target company were willing to pay.
15) Once they pay up, drop the lawsuit thus vacating the court order.

Comment DMCA Violation (Score 1) 261

And if you undo the rot-13 on your own, you've committed a DMCA violation and Slashdot can sue you. No, I'm not kidding about that. Legally, they could. There are no requirements in the DMCA that a technological measure which control access to a copyrighted work need to be non-trivial to defeat. Even when it's just rot-13, bypassing it is a violation of the DMCA.

Comment Re:One data point... (Score 1) 291

He also said that they don't understand loops and conditionals. I think that the author is pretty clear that web development isn't CS, based on several of the other articles he linked to (like, this one). But students who have a solid understanding of programming and are used to consulting reference material for how particular commands or functions work would be highly unlikely to be stymied by IMG tags if they were to try to create some. It's not exactly a complex concept. People who have trouble with IMG tags would be people who aren't used to looking at code carefully or ones who think that computers "understand" things. Neither of those should be the case for anyone who has had a reasonable computer science education.

Comment Re:The US does other things, though (Score 2) 291

Yeah, we used to teach our kids LOGO and BASIC back in the 80s and early 90s. Now we teach them MS Word, Powerpoint, and Internet Explorer and how to upload videos to YouTube (which is "learning multimedia" in much that same way that the other things are "learning computer science"). We used to do those things. I learned LOGO and BASIC in my elementary school in the early 80s. But you don't find them done any more.

Comment Re:Not Blocking Per Se (Score 2) 291

Being a skilled programmer doesn't necessarily mean being a skilled teacher, especially when it comes to the basics of programming. It can actually be quite difficult for someone to teach to others the things which come easiest to them. However, your overall point that we don't have a surplus of skilled computer science educators is true. But even without that, forcing at least a little basic computer programming on kids, even with unskilled teachers, is a lot better than letting them do without. I'm pretty sure that the teacher who taught me Logo in 2nd grade and BASIC in 3rd didn't understand very much about programming beyond the range of those courses. (I suspect this partially based on, for example, that when I asked when you would use GOSUB instead of GOTO, they didn't have a clear answer). But they were effective at teaching that basic material and that was a great start. I think that the article this was about illustrates this well, as I have trouble believing that Vietnam has a much greater quantity of skilled computer scientists teaching in its schools than the USA does.

Comment Not Blocking Per Se (Score 4, Interesting) 291

What's happened is that the national standard for computing education in this country (which have been adopted by most states) are set by a board of specialists who all specialize in the use of computers in education. They don't specialize in computer science. There are no computer scientists on the board at all. As such, they recommend that teachers teach the sort of skills which make the computer useful in reinforcing learning in other subjects because that's what they specialize in. So, for example, they might recommend that students learn how to use spreadsheets in middle school because it helps them in analyzing experimental data in middle school science. Or they might recommend that students learn how to browse the web because it helps them practice reading and study skills. But they don't recommend learning programming because it is outside of their specialty and they likely don't understand how programming can be used to reinforce learning in other subjects (which I would argue that it can be used very effectively to do so for many subjects, especially math and science).

If we want to change this, we need to get state level boards of education to adopt different standards. That's how change will happen.

Comment Re:Poster/Article is way off ... (Score 2) 392

The HDCP side would most definitely not require that. It's a stream cipher, so aside from any buffering you might do if your HDCP solution was software rather than hardware (which would actually still seem pretty difficult to do even with a fairly stompy processor), it needs less than a kilobyte. The other side, who knows?

Comment Re:You Disgust Me (Score 1) 382

What crime? He hooked a computer up to an open network and used it to download a bunch of papers which were freely available to any computer hooked up to that network. What he did was a Terms of Service violation, not a crime. It should've been a civil matter, at most, but the justice department has decided that using a website while violating their ToS should be considered felony wire fraud. Odds are quite good he would have eventually been found innocent (possible with appeal depending on the judge).

Comment Re:UofA says no (Score 1) 433

They had software engineering when I was there, but it was entirely optional. And the SEI (which was certainly there at that time), like the Robotics Institute or the Information Networking Institute, primarily offers graduate classes. At the time, I don't know that the SEI offered any undergraduate courses. I didn't specifically set-out to avoid any knowledge of software engineering, but all my friends who had taken it recommended against it, so I took other courses instead. I also don't know how much of what I mentioned as not being covered was actually covered in software engineering. From what I heard of it, it sounded more like it was about the waterfall model and writing lots of specifications. This was around the time when agile was a brand new idea, so it obviously wasn't being covered yet. I wouldn't be surprised if it is now.

Comment Re:Evolution of ideas by testing on half the state (Score 2) 627

I completely agree. If we actually want to measure whether or not, for example, laws have the desired effect, this would be a very reasonable way to do it. Science should not be confined to laboratories. We're essentially running uncontrolled experiments in the nation as a whole when we ought to be running controlled experiments.

Comment Re:lead concentration = poverty (Score 1) 627

In the Mother Jones article, they say "Although both sexes are affected by lead, the neurological impact turns out to be greater among boys than girls." I'm not sure what their source is for that, but it certainly sounds plausible that such a difference could exist. Your stating that there is a flaw in their reasoning assumes that the effects of lead on the brain do not differ by gender. Do you have a source that shows that the effects are the same?

Comment Re:UofA says no (Score 1) 433

Out of curiosity, what universities have CS programs which teach how to write maintainable, extensible, and self-documenting code as a required part of the curriculum? I'm not really familiar with any which do. I mean, I got a BS in CS from Carnegie Mellon in 1998 and although I learned a lot of useful stuff about data structures, algorithms, artificial intelligence, programming languages, computer architecture, networking, compilers, and operating systems, I didn't learn much about writing good code.

For example, I never received any instruction on any of the following: how to write good comments, how to choose appropriate variable names, version control, style guidelines, javadoc (or doxygen or similar), design patterns, logging, or designing extensible code. I learned some things on some of those topics from my fellow students, but I really didn't learn any of it from my instructors. Every instructor I had did a good job of covering the material for the course they taught, but that material just wasn't in the curriculum. So what universities do have it in their curriculum?

Slashdot Top Deals

No directory.