Follow Slashdot stories on Twitter


Forgot your password?
Check out the brand new SourceForge HTML5 speed test! Test your internet connection now. Works on all devices. ×

Comment Re:Imagine Domino's without the labor component? (Score 1) 186

Directly, they probably won't. Indirectly, how much money he is making is going to show up in his prices relatively quickly unless he somehow convinces people that approximately-adequate pizza isn't pretty close to commodified in most markets large enough to have overlapping take-out joints.

It's also amusing that he wants to "be the Amazon of food" and thinks that what he is doing will be incredibly profitable: Amazon is practically iconic for their absolutely tiny margins across most of their history and most of their business.

Comment This seems like a dumb question. (Score 2) 297

Why would self-driving cars destroy the insurance industry?

Even if we ignore the ability of incumbents to fight bitter rearguard actions for years or decades when their economic interests are threatened; it's not as though self-driving actually changes the basic risks associated with cars. In an ideal world, automated cars may be more reliable than human drivers, certainly less likely to be drunk or exhausted; but unless they somehow achieve infallibility, there will still be periodic accidents. And the whole point of car insurance(and the fact that it is generally mandatory) is that a car accident can easily cause more damage than most operators can afford to pay for, especially if injuries or deaths stack up in addition to mechanical damage.

Nothing about the self-driving-ness changes any of this. It might change the determination of who is at fault; or increase the number of 'no culpability can be assigned' situations; but it will still be a situation of occasional ruinously expensive incidents with long periods of quiet, which is more or less exactly what insurance is constructed to cover.

There will, presumably, be lots of fun arguing over who exactly carries the insurance, and what sorts of failure modes become the vendor's problem vs. the 'known risks' that the operator takes in using an automated vehicle on the road; but the same basic factors are in play.

What will probably change is the flavor of actuarial data-mining that is popular: currently, it's all about scrutinizing the driver for direct and indirect signs of riskiness. If the driver isn't driving, they'll presumably shift to exhaustive scrutiny of system maintenance and where/when the vehicle is operated(since some roads and times of day will just be more risky than others). Insurers mapping out 'high-risk' zones and charging people who travel in them more definitely won't go badly or upset anyone. Not at all.

Comment Re:Seems Reasonable. (Score 2) 760

I'm not in favor of more drug testing; but my impression of the bill was that it wasn't actually looking to advance its stated agenda; but to emphasize how much we put up with the current state of affairs only because it targets irrelevant people that nobody likes, rather than gunning for recipients of tax credits who actually count.

Sometimes, when a bad policy has been hanging on by selectively targeting those least able to do anything about it, arguing for its expansion can be the most effective way of forcing a confrontation. So long as drug testing is only going to affect filthy poor people in public housing and repulsive welfare parasites, it's political catnip for everyone outside of core liberal bleeding hearts(plus, in at least the Florida case, his wife owned the company doing the testing...).

If everyone looking to write off mortgage-related stuff on their taxes, or filling out a FAFSA for some federally backed student loans were expected to piss where Uncle Sam tells them to, there would be less happiness with the idea.

Comment Seems Reasonable. (Score 4, Insightful) 760

Obviously, the correct approach is "Don't drug test anyone outside of performance critical situations"; but this proposal seems like a reasonable way to point out one of the (numerous) ways we identify some people as presumptively scum until exhaustively proven otherwise; and others as presumptively guiltless until they really screw up(at which point the loss of standing caused by the case is punishment enough...)

Also worth considering that, even if you hate filthy poor people and criminals and such with a righteous passion; people nobody cares much about tend to be the beta testers for bad ideas that will eventually come to be imposed on the more 'respectable', usually starting with the ones that have less economic leverage. In this case, that's already mostly happened: mandatory drug testing of employees is pretty widespread, even in areas that aren't safety critical, and for metabolites that tell you nothing about the user's impairment on the job.

As a heuristic, you could do a lot worse when evaluating a law than asking "Would I approve if this law were applied to people I sympathize with?"

Comment In other news (Score 5, Insightful) 404

Slashdot poster "Fuzzyfuzzyfungus" highly confident that FBI director Jame Comey doesn't appear to know a goddamn thing about the guy his agency investigated at least twice; but knows to blame the 'internet' thing that damn kids are always getting terrorist propaganda and strong encryption from.

Comment Re: inspection or surveillance? (Score 1) 44

Yes, applying network surveillance tools to systems you own and administer and applying them to every hapless bastard who relies on your ISP are different things. It's not news that 'admin tools' and 'malice' have broad technical overlap; both are designed for easy and powerful control over a whole bunch of systems; but whether or not you are th legitimate admin is an obvious distinction between surveillance and security and 'remoteadministration' vs. remote access Trojan. Bluecoat's products certainly can be used for internal security applications; but it's a matter of record that they can and have been used for widespread surveillance by deeply unsavory state actors with nothing but the thinnest excuses from the vendor.

Comment Re:How To Untrust the Blue Coat CA Cert (Score 3, Insightful) 44

In theory the legitimate users of these sorts of MiTM boxes aren't supposed to need an actual intermediate CA cert because they are only MiTMing devices that they administer, so they simply use their own internal trusted cert and configure their devices to trust it.

That's why Bluecoat being handed a fully loaded Verisign intermediate CA cert is so disturbing; and Symantec's unwillingness to do anything but bullshit about it so disturbing.

MiTM-ing SSL traffic is one thing if it is from devices you have legitimate administrative access to; but when you have legitimate administrative access it's trivial to configure the clients to trust your certificate so you don't need anything special. The only reason you'd need a Verisign intermediate CA is if you want to be able to hit the vast majority of clients as configured out-of-the-box, without your certs pushed by group policy or whatever. Nobody involved seems to have a remotely good explanation of why Bluecoat has one; or what legitimate purposes it could possibly serve that couldn't be served by a vastly less dangerous toy.

Comment Re:How To Untrust the Blue Coat CA Cert (Score 5, Informative) 44

Symantec's PR bullshit is not reassuring: "“What the certificate does not give them the ability to do is issue public certificates to other organizations," Gideon said. "That's the big misunderstanding.” “This intermediate CA is for their private servers only,” she wrote."

That's cute and all; except that the actual certificate contains no such restrictions whatsoever, and can be used to sign basically anything if the target trusts Verisign; and it's an 'internal testing' certificate that somehow needs to be valid until 2025...

Comment The only upside... (Score 1) 44

The only upside to all this is that Symantec has an astonishingly powerful ability to turn everything they acquire into utter shit. This doesn't make one of the world's major SSL CAs owning a sleazy SSL MiTM appliance vendor any less disturbing; but it at least means that the various malefactors using Bluecoat products to exploit us will have an incrementally more miserable time.

Just more fuel on the "trusting 'trusted' CAs just doesn't cut it" fire.

Comment What do they do with them? (Score 4, Interesting) 120

What can you actually do with a stolen iphone at this point?

There are presumably markets where IMEI blacklists won't cause you any trouble(or you can use the thing as a glorified ipod touch); but Apple presumably has knowledge of serial numbers/device IDs/etc. and there aren't a lot of alternatives for things like iOS updates Indeed, if they felt like it, Apple would be in an excellent position to brick the devices if they ever made the mistake of accepting an update from Apple.

Do they just part them out? Are their actually still jailbreaks and such for the newer models good enough that you can operate one outside of Apple's sight? Do you just resell them to optimistic idiots looking for suspiciously good deals on idevices and make this their problem?

I can see that 'compact, expensive, widely desired' are all good qualities in a theft target; but 'bristling with radios and globally unique IDs burned into the hardware and firmware; and nearly impossible to use without the vendor's continued cooperation' seem like egregiously bad qualities.

Comment Re:Downward compatibility (Score 2) 142

If some of the disasters from the previous console generation are anything to go by(did they ever get Skyrim actually working properly on the PS3?), there is a real risk that the original will be 'supported' rather than actually supported by at least some games; at least if it becomes popular enough to be the favored target platform.

It wouldn't be a huge surprise if it doesn't gain that much traction(attempts to update consoles between 'generations' have historically gone pretty poorly); in which case it'll be the 'Neo' that becomes a dubious value, since 4k video playback is pretty niche; and since even the fastest gaming PCs money can buy struggle under the demands of 4k resolution on modern titles with all the pretty sliders cranked up, the 'Neo' has very little chance of actually delivering '4k gaming' without serious compromises(though it could quite plausibly be a substantial improvement on the base PS4).

Comment Re:4th Amendment? (Score 5, Interesting) 621

They were rolled in as part of The War On Drugs; so they've been afforded a very generous hearing.

It didn't help that, after Reagan signed the Comprehensive Crime Control Act in 1984, the police departments doing the seizing got to keep a substantial cut of the take. The legal theories involved go back considerably further; but the change in incentive structure was what created a...downright gleeful...enthusiasm for the practice among LEOs.

Some of the most visible characters involved either run or work with the "Desert Snow" outfit which does training on how to identifiy the juicy targets; and the associated "Black Asphalt Electronic Networking System", which is essentially a cop social network for trading tips and tales of highway robbery.

It's classy stuff.

Comment Re:Bad headline (Score 1) 35

It would be useful to know what the relationship between "number of ports open" and "number of ports actually being used" is.

A port with something listening on it is always going to be more vulnerable than one without, since there might be some defect in the listening application that could be exploited by bouncing the right input off it; but that is likely a lower risk than the fairly egregious "If you remotely connect via telnet or VNC anyone can just sniff your password off the wire" problem.

If the problem is with the configuration on the server side, telnet isn't really any more dangerous than SSH, since both will horribly fail to stop somebody guessing root's weak password; but with telnet anyone actually trying to use it is leaking information to anyone with access to the wire; while with encrypted protocols you at least have to screw up to be vulnerable.

It's a real pity about VNC. It can be made secure(Apple's "ARD" is pretty much VNC with their authentication bolted on); but none of the widely available and interoperable implementations are remotely safe unless SSH tunnelled or the like.

Slashdot Top Deals

Men of lofty genius when they are doing the least work are most active. -- Leonardo da Vinci