Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Sorry buddy.... that's not what happened here.. (Score 1) 200

I am generally very cool with disruption and specifically with Uber/Lyft etc disrupting taxi services.

One issue I lock onto with taxi services pretty much around the world is that many governments aggressively constrained issuing of taxi licences/medallians etc (name varies from jurisdiction to jurisdiction) and essentially turned licences into rapidly appreciating ponzi currency. The Uber/Lyft model shows that this was unnecessary. This is a mess governments created because they saw easy money from it and now they should clean up.

But my problem specifically with Uber is that they are amoral arseholes and arseholes to pretty much anyone if it furthers their perceived interests. And hypocrites. Their attempt to use court system to regulate the formation of a drivers union is anti-libertarian. Like many libertarian endeavours they pay lip-service to core libertarian principals only when it suits them and then happily apply judicial/regulatory mechanisms when it suits. There is no real unifying principal at work other than do whatever it takes to get the things we want.

Further, what they want goes way beyond merely disrupting taxi services, their end game is to monopolise all private transportation and given their corporate culture no good can come from this end game.

Comment Failure is always an option (Score 3, Interesting) 200

I for one am glad to see the wheels starting fall off this libertarian corporate experiment. It's heartening to see signs of failure in an institution whose core principals are deeply entrenched in base human behaviours such as bullying, hypocrisy and total indifference to adverse impacts to others (including it's own people).

Comment Re:Music makes no sense (Score 1) 167

Similarly, not my preferred music yet I do recognise and occasionally enjoy related genres like bluegrass, and americana. Country though, bleah. Johnny Cash, although considered 'country' really is cross genre with heavy rockabilly & blues feel and other styles intermixed too. Looking at most highly considered examples of country, like Willie Nelson and Dolly Parton, easily walk past their music with exception of maybe one or two tunes.

Comment Re:Maybe she was just too dumb to negotiate better (Score 1, Insightful) 360

Employment negotiation is a complex dynamic.

My first and only blue chip job, I was fairly junior just a few years into career yet I firmly established as able to deliver and innovate and provide tech that opened up alot of new rev for them, but always been rubbish at asserting and negotiation. Some freshly minted grads came in, barely could compile a hello world, and I found out they started on 20% more than me. Was so angry about it and acted out of character driven by the emotion of indignation. Kicked up about it, threatened to quit, quit and then shortly later sub contracted back to them at a ruthlessly high rate and tripled my income : arrangement didn't last long but I got my pound of flesh. That and other experiences since, when I eventually moved into management roles, hiring and managing staff etc, have helped me realise it is complex. You can't just tell someone find another job or be more assertive or whatever, it's not easy flicking a switch and becoming a different person: pretending to be an alpha when you are far from that. Fears and insecurities that come into play the power dynamic is heavily against the employee.

Comment Re:"In the wild" - slight exaggeration (Score 1) 167

"not only weak, but broken" seems premature. The attack here involves manipulating two obtuse file formats to yield altered files with a shared hash, different to original unaltered hashes. Definitely weakened and yeah you are probably right this is the final toll for SHA-1 and from here things are likely to get worse quickly. I'll be mindful of this when I think about the various places where I use SHA-1 and start thinking about switching in other things. But I am failing to see how this right now translates into a practical vector for the various places where I encounter SHA-1. A more serious vector would be the capacity to create any desired hash with something significantly more efficient than a brute force compute. i.e. can anyone easily yield output the same as this without knowing the input?"

echo -n 'mysecretpw+somesalt'|sha1sum
3cbb35f831b4e9241dd986f66c16e465e2db2a3a -

Comment Re:"In the wild" - slight exaggeration (Score 1) 167

Umm, that is an uncited claim in the summary. Nothing of the sort is stated in any of the links. The summary links to a paper that provides more details of the attack. Very heavy and technical though a few inital takeaways from it is that implementations only take a few days to run on gear they have so does seem safe to assume that SHA-1 collisions are pretty much pwned.

Comment "In the wild" - slight exaggeration (Score 2) 167

Someone checked in PDFs that demonstrate the first engineered SHA-1 collision and this broke SVN. PDFs in question took 6500+ cpu years + 110 GPU years to generate. "In the wild" is a bit panicky & excessive.

What does this actually means in terms of integrity of repos and other things that rely on SHA-1? Does it merely break repos or does it facilitate injection attack vectors - how important is secure hashing in the guts of repos? What precisely is being secured? SHA-1 has been deprecated for SSL certs already so you shouldn't be using certs with SHA1 sigs anymore. Myself, keep an eye on how this develops and start thinking about using SHA-2 but won't be replaing git or existing usage of SHA1 for password hashing anytime soon.

Comment Re: Malignant narcissist upset, news at 11. (Score 1) 760

It's definitely a weird thing to write. It looks like a fishing expedition / incitement to bully. It isn't evidennce of fabricated threat. The tweets in link I provided above strongly suggest a different motive. I see no smoking gin in all this, nothing compelling beyond odd behaviour. If this is is considered best critique of BW, seriously it isn't much of a critique.

Comment Re:Malignant narcissist upset, news at 11. (Score 4, Interesting) 760

The insinuation is that this was done in a clandestine fashion with intent to deceive and overstate the threat. The rebuttal I linked above says that intent is clearly sarcasm/exasperation. Nothing was hidden. The original argument that this was done with intent to deceive is weak as piss.

On a side note, spent 15 mins flipping through the FBI file linked to the original slashdot story. Some seriously juvenile and purille rubbish there. Allthough the death threats, the ones I read at least, where too over the top to be credible, what is definitely present is a visceral hatred and anger and a quite possibly genuine wish for harm. Apalling: I challenge anyone who thinks that can endure that sort of abuse and remain unaffected by it.

Comment Re:Start the clock (Score 1) 267

They correspond to a global increase of temperatures of ~ 0.7c / 100years that is currently in a protracted period of significantly lower rate of growth compared to the 1970-2000 period (YMMV depending on what dataset you look at, but graph you posted strongly hints at this).

Slashdot Top Deals

This is clearly another case of too many mad scientists, and not enough hunchbacks.