Please create an account to participate in the Slashdot moderation system


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment I don't understand the text security angle (Score 2) 46

Fully agree with potential problems of requiring a cell phone: not all people that use the system will have access to cell phones or text messages, for example. There's also the question of how to update your cell phone number in the system if it changes. Krebs seems to be focused on the creation of accounts, which allows you to register a phone number and lock others out (which gets back to that updating your number thing); that seems to be a potentially big problem, considering how many security breaches have leaked our SSNs and what not. If all I need is a name and SSN to initially register and get benefits, then the system needs a better way of verifying identity before allowing to apply.

But I don't understand the text message security complaint that is "more important". Two factor auth means I need *two* things. Even if someone were to intercept the text message (which I believe is difficult, requiring special equipment and proximity to the victim, but feel free to correct me), the point of the system is that nothing can be done with that text without also knowing the password. And if someone knows your password and text messages, then no system is going to prevent an intruder. I understand that NIST is working to update the recommendation (which is a good idea), but I feel like its more safe than not using 2FA (it at least requires attackers to do much more work!), and I'm sure when the NIST guidelines are finalized, other agencies will begin the move to the new recommendation too. It seems a mountain out of a molehill. Am I missing something?

Comment Yes exactly, maths results (Score 5, Insightful) 387

But string theory is different. Although it has not been a success phenomenologically, it has led to many beautiful results in mathematics and field theory, such as Mirror Symmetry and AdS/CFT. Further research in string theory is definitely worthwhile, and Lee Smolin is unreasonably biased against it.

Yes, string theory is a bit different in that it hasn't been able to make any testable predictions, which makes it non-science. Science is based on the idea of experimental evidence, and falsifiability. It isn't science, it isn't physics.

Now it very well may have some beautiful results in mathematics. Maybe it will have applications and effects on topology, cryptography, who knows. But those things are mathematics, not science.

I tend to agree with Smolin that string theory, as currently presented (and I understand it), is not a scientific theory, even though it is interested and deserves its own mathematical research. The problem is, string theory gets the ratings, so we have more cosmologists and string theorists as professors physics, taking the few positions (and associated funding!) away from people that want to be true experimental physicists. That's where the semi-outrage is.

Comment Depends what you mean (Score 2) 443

Except Windows 10 is not a security update: the computer in question had Windows 7, which is still in extended support and will still get "proper" security updates until 2020.

Yes, Windows 7 will get security updates in the form of patches that correct already known defects. Bandaids, in some sense.

Windows 10 has a list of actual security improvements, not just bandaids. Better ASLR and DEP, better support of harddrive encryption, more secure default browser, and other goodies. Microsoft maintains a page of Windows 10 security improvements over Windows 7/8. In theory, Windows 10's features mean a reduced attack surface. Maybe it still has issues but it is certainly more hardened than Windows 7 in general.

I'm sympathetic to both sides. I don't like things being pushed on people; it's their right to decide what to do with their own property, and maybe they have special needs that require an older version of Windows (some mission-critical software is known to have bugs on 10 for example).

But I also know that Microsoft is trying to improve the security of its products and the Internet as a whole by trying to get everyone updated. They don't want Windows 7 to be a repeat of people clinging to Windows XP, clinging to old technologies that are broken when new tech/implementations are available to prevent security problems. Not just security, but also think features: new protocols might be developed that weren't supported in the old OS, and so until majority of the Internet moves on, that protocol can't be rolled out. Many computer users are pretty clueless and need automatic updates for that reason, or they'll never do it themselves, and bring down the security of the Internet as a whole. Of course, it doesn't help that Microsoft's marketing team wants to take advantage of the security updates by also collecting info and all that stuff.

I hope we can find a good balance between the competing interests soon.

Comment Loser Pays Isn't Justice (Score 1) 571

Loser pays would also make it basically impossible to sue any entity that has more money than you. The risk would be far too great, even if you had a legitimate dispute.

Let the judge award "loser pays" only after meeting a high threshold. Such as in situations where no rational person would consider it a legitimate dispute.

I agree. In the state Pennsylvania, state cases have a loser pays provision. You pay a filing fee but will get it awarded back to you if you win your case, as well as reasonable legal fees, etc. Without going into the whole crazy story, I found myself suing an old landlord for damages. While I won the initial case, the landlord was able to appeal... and appeal again after that. I couldn't keep paying the attorney fees to keep going further and so ended up settling, which cost me something like net $1500, rather than winning the $1500 in damages I was hoping for. While that may seem small to some of you, at the time I basically was making minimum wage and used my savings to do it. It wasn't sustainable. Based on that experience, I'd only go to court if I knew I was able to fight all the way to the top state courts, because that's pretty much what you're in for if your opponent has money.

If you're on minimum wage and can't pay the up front filing fees and attorney fees, you're screwed. In principle, you'd get it back -- but how are you going to get the money to initiate it in the first place? And what happens if you do end up losing? The poor in our country get no justice.

Comment Free Software Is Necessary (Score 4, Insightful) 564

This is exactly why free software (in the vein of what Richard Stallman calls for) needs to be supported. *YOU*, the user, must own complete control over your computer and the software it runs, not developers (much of the more liberal open source licenses are about developer rights, not user rights -- big difference!) or corporations.

I know many of you would object, "But I bought this computer, it's not Microsoft's!". Well I wholeheartedly agree, but the thing is, Windows being proprietary closed source means that Microsoft has a claim to intellectual property rights. Microsoft believes that you license Windows, not own it. Essentially, they still own the software on your computer. Again, I know that *you* disagree, but it kinda doesn't matter what you think -- Microsoft has money and lawyers and they push for the outcome they want. Which is to own your computer. And if they own it, they're technically allowed to do whatever they want with it, including force upgrades. That is the nature of licensing agreements -- you agree to their licensing rules, which means they can do whatever they want.

If this bothers you, switch to a free software OS. Some flavor of Linux or even BSD. Get involved in the free software community, both the technical community (making more/better free software) and the political community (that lobbies for changes to copyright law, tries to get government to adopt open standards, etc.). We have to fight back, or you can expect more behavior like this from Microsoft, Apple, etc., in the future.

Comment Yes, It is a Law (Score 1) 476

There is absolutely no law banning communism, just like there is no law saying you can't put a white sheet over your head and march down the street with the KKK.

How in the fuck is this scored Insightful?

It's Insightful because it's unfortunately true. Check out this gem of American history: the Communist Control Act of 1954. You can also download the text from the Government Publishing Office. It very explicitly states that, according to law, anyone in the Communist Party is considered to be attempting to overthrow the government, and shall be punished according to the law of Internal Security Act of 1950.

Now you might be able to make the claim that if you generally believe communist principles but aren't part of the established Party, this won't apply to you. But I think that effectively takes away your rights to organize, does it not? Still effectively a ban on the idea, if nothing else.

Comment MITRE CVE is not everything (Score 4, Informative) 34

They probably shut down because the MITRE's CVE database is pretty much regarded as the canonical database for all vulnerabilities, open and proprietary. I've not see a security advisory that didn't have a CVE number for a long time. I don't remember ever seeing one with a reference to OSVDB.

MITRE itself has a list of things it thinks deserve CVE IDs: for details. Things outside of this list may not ever receive a CVE ID, even if they are valid vulnerabilities.

The takeaway is that lots of products have vulnerabilities but never receive CVEs or are included in the CVE dictionary. This is why alternates like OSVDB popped up, and why alternate vulnerability ID systems popped up recently (see DWF as a primary example).

It's a shame to lose something like OSVDB, as there really isn't a good canonical source of ALL vulnerabilities. MITRE's CVE works for vulnerabilities in big name products, but it is nowhere near inclusive of all vulnerabilities reported. Of course, OSVDB hasn't been updated recently either, so there's a big gap in even knowing what's out there. Maybe projects like DWF will help us move in that direction.

Comment Full Text of 2nd Amendment (Score 1, Informative) 663

They absolutely were. "the right of the People to keep and bear arms shall not be infringed." That's the limit on government. They're ignoring the limit. It couldn't be any more obvious. You right to carry was infringed by coercive action of the federal government. How hard is that to figure out, really?

The full text of the 2nd Amendment is as follows:

A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.

So many people always forget the first half. The amendment specifically states "well-regulated", meaning it is within the powers of the federal government to regulate militias and arms. Taken in context in the 18th century, "well regulated" probably means something closer to "well trained", but still, it is obvious that arms are meant to be regulated and dispersed through trained militias, and not just any random jerk has a gun. Especially because today's guns can do substantially more damage than the guns did when the amendment was written.

I'm all for a conversation on what the appropriate level of regulation and training is. I don't think anyone really argues that guns should entirely disappear. But we need reasonable limits, not a free-for-all on weaponry, and the amendment supports that as a federal power. Please stop spreading misunderstanding.

Comment Universities expect research money (Score 2) 51

Quality education requires a chalk, a blackboard, and some notebooks (the paper kind). You don't need researchers for education — you need professors. Researchers you get for free — they are called "grad students". And as soon as they can find gainful employment, you replace them with new ones.

The purpose of a university is to teach — any research done is coincidental to that primary purpose.

I once thought as you did. Mind you, not that I'm disagreeing with you, but rather the reality of the situation.

As someone that once tried to become a professor and navigate the academic system, I can say from direct experience that you will not become a professor unless you have a very strong research resume and are involved in research (meaning, you regularly apply for and receive grants from federal government, etc.). When you interview, you come in to meet the department and explain your research interests; its not very focused on your teaching style (you have to fill out a "teaching philosophy" statement, but I think its mostly a formality). The university administration expects to see dollar signs flow in, and so the emphasis is on bringing in dollars. In your more STEM-related fields that don't have as many students (as compared to say, the business school), since you don't have enough students to bring in significant tuition dollars, they expect significant research dollars or threaten to downsize your department (yes, this happened at one university I worked at for a while).

The result of this system is that a very large amount of university professors have little to no interest in teaching (I've had a few in school that were outright hostile to the idea of teaching, and acted like children when the department assigned them classes), and the teaching actually gets shoved off on to the teaching assistants. The TAs are of course also expected to do research and work on a dissertation, so we're talking 80 hour work weeks in some scenarios, which they have to put up with in order to graduate. Big name schools aren't really worth it, particularly at the bachelor's level, because many of your classes will be taught by TAs, or if you're lucky, you will get an upperlevel class taught by a professor that thinks that teaching undergraduate classes is beneath him (again, personal experience).

In some ways, CMU's students might be better off if professors that wanted to be researchers bailed ship. In theory, people focused on teaching could be hired... but then again, I sadly know better than that. I hope it changes in the future, but right now, quality education is really at the end of the priority list for all higher education in the country. I am glad to be away from academics.

Comment Budget is required for priorities (Score 5, Insightful) 644

Given they're trying to speak on behalf of many others that like as not don't feel as they do, it seems disingenuous. Besides, nothing is stopping them from giving more if they really feel that strongly about it.

Nothing disingenuous with stating your own opinion that you'd be ok with higher taxes. The operating assumption of most politicians, especially in the GOP, is that "TAXES ARE EVIL!", so if you remind them that not everyone feels that way (at least if taxes are going to a good purpose), that's your right as a citizen. Feel free to disagree and write your own letter, but in the case of these millionaires, they wanted to point out that the assumption that all rich people don't want tax increases is wrong.

While you can write a check to the Treasury if you really felt like it, its a bit moot if there isn't an accompanying budget. What is preferable is that a tax rate is set that funds a certain budget with a set of priorities, so you know for sure that the law requires your extra tax money go to pay for education, roads, etc., rather than going into a US Treasury slush fund that is used for who knows what, including probably tax rebates for corporations that don't need them. The letter is not just asking for tax increases, but asking for a budget that prioritizes these services and raises taxes as a way to pay for it.

Comment CVSS is not always accurate (Score 1) 139

The CVSS score is a medium of 6.1 for the CVE. So this isn't as bad as Heartbleed

First, Heartbleed was actually a 5.0 base score, so this is more serious if you go strictly by CVSS score (which is not necessarily advisable). Reference.

Second, CVSS scores are based on a certain formula and small set of conditions; in particular, vulnerabilities are scored based on their immediate impact and not necessarily things that occur down the line. In other words, CVSS base scores do not include environmental metrics (There is a CVSS environmental score, but almost no one uses it except for CERT). So looking only at the base score is not always a good indication of severity; possibly its a good first approximation, but it's good to look into the details too. Since glibc is part of pretty much everything out there, this is a pretty serious issue.

Comment Languages have different features (Score 1) 121

why we can't use C++ and C++ style derivatives for compiled code (cross compiled to many platforms), and then for interpreted needs use javascript, python, or whatever floats your boat on top?

There's some interesting languages out there with other features. Haskell comes to mind, as a pure functional language. It's not just pretty syntax, but a different way of thought that provides some features and power that C++/Java style imperative languages can't match. They're so different that you need different compilers really. You can't always write a Haskell program and "translate" it to C++, certainly not without re-architecting. Of course, there may be things an object oriented style is better suited for too, but just pointing out that some languages have different paradigms and therefore contribute new ideas to software development. That sort of exploration and research I think is important. I don't think we should be so quick to assume Java/C++/Python/whatever is the only language that is ever needed (which maybe is not what you meant, so I don't mean to attack you comment, just writing a thought that popped in mind based on yours).

A large amount of the languages these days seem to be more "domain-specific", that is, not very different from some underlying language, just adding some syntactic sugar for some specific problem or complaint while ignoring other drawbacks. I suppose that iteration is good though, as its catching the most important -- and serious? -- errors and making it easier to avoid those problems. 'm partial to investigating totally new concepts to see if we can build more resilient and secure software than to keep iterating what is already known to have drawbacks, but it's probably good that we do research from both ends -- incrementally improve what we have to take away certain known bugs and get it out the door *now*, while researching new ideas that perhaps will do away with whole classes of bugs for good (as well as make more powerful software in general).

Comment PGP Reset Emails (Score 1) 118

I've wondered why services don't allow you to do something like add a PGP public key, and all notifications from that site are sent encrypted to that key. If someone gets ahold of your reset email, well unless they have your private key and passphase, they're still out of luck. Furthermore, legit email notices could be signed by a known public key of the site.

OK, it was a bit rhetorical perhaps, as I know not many are familiar with PGP to use it. Outlook doesn't support it out of the box so that cuts out a lot of users right there. And even people technical enough to know what its doing don't always like it.

And I guess the problem then would be people saying "I forgot my PGP passphase, please help!". So maybe it wouldn't actually solve much and still be prone to social engineering. But still. In 2016 I would have thought we'd have a better handle on privacy and security.

Comment Do you understand how UBI/SNAP work? (Score 2) 440

Many people will take their UBI and immediately spend it on drugs, alcohol, gambling, or bling, while ignoring the monthly rent, the electric bill, buying groceries for the children, etc.


Do you have evidence this is true for welfare and other checks, or is it just how you feel? I suspect you've never been in the heartbreaking situation (which I'm glad you haven't experienced it!) of having so little income that you have to decide between food and the electric bill. I'm sure there are some outliers that can't be helped and will spend on drugs but you need to understand this is a small minority compared to all poor people.

So the various government agencies will continue to expand and spend even more money on housing, food, medical care, etc. The UBI won't even make a dent in entitlement budgets. Instead, it will become "free money" to be squandered on a thousand other things besides basic human needs.

Again, citation? Has anyone's plan specifically said "We will grow government larger and larger"? Most of the proposals I've seen have been the opposite; if you make a fair tax system (stop giving tax handouts to the rich) and implement UBI instead of the hodgepodge of programs we have no (SS, medicare, medicaid, etc.), we'd save billions by eliminating duplicate administrative costs.

Now my concern is that many people are employed by the federal government, so the real cost will be all the people worried about losing their jobs and becoming poor. But if there's UBI, they won't lose their home if laid off. And, its possible we could pivot many of these jobs to other agencies -- for example, more workers in the justice dept to reduce the time we wait for hearings/court cases, or to the VA to get caught up on paperwork and get veterans help, or even dept of the interior and let them clean up state and national parks or become EPA inspectors to actually enforce our laws. Random ideas here, but the point is that government will likely be reduced, and worst case, be about the save size but massive amounts of people repurposed to things that need to get done but aren't under the current bureaucracy.

Anyone who doesn't think it won't happen need only look at inner city schools in the U.S. In theory, every child should be getting meals at home thanks to government SNAP benefits to their parents or guardians. In practice, schools give many kids a free breakfast and lunch every school day, and even give them food bags to take home for the weekend, because Mom or Dad can't be bothered to buy food for the kids with the SNAP money. Where does the money go? No one knows or even attempts to find out. They just give the kids free food and cross their fingers.

What do you mean "Where does that money go?". I don't even know where you got this from.

As someone that was personally on SNAP in the past (long story, but basically as a new college instructor, you actually make so little money that I qualified for SNAP for a while. True story.), I can tell you that it is not a check in the mail of free money. You get a debit card that is pre-loaded with a small amount of money (a maximum of $200 per month for an individual; I challenge you to keep your food budget under $200 per month = about $7 a day. You do get more money for each dependent you have, but it's a small increase.). This card can ONLY be used by stores that accept SNAP, and it is restricted to ONLY purchase food items. For example, you cannot swipe your SNAP card to purchase lottery tickets or alcohol. You're not even allowed to buy "prepared food" (meaning like food you'd get from a restaurant; so you have to buy frozen foods or canned foods only, and cook at home).

Anyone on SNAP that can't feed their kids is probably running up against that roughly $7 per day limit. Even if you double it to $15/day for a family, can you spend $15 per day consistently? A pound of chicken is pushing $10. Milk is a few dollars. A box of cereal is pushing $5. You easily go over $15 with a single meal, let alone 3 meals a day. You have to be creative and buy the cheapest (and therefore crappiest and unhealthiest) food available to make it stretch. And even then it probably doesn't go far enough. Even if you do make it work, you're eating terrible quality foods, not enough vegetables, lots of things with corn syrup and sugar -- over time, it contributes to health problems which cause even more side effects since the person can't afford their healthcare. Since many Republican governors refused to expand Medicaid, there's a large amount of people that don't get Medicaid but private insurance won't cover them because they're assumed in the healthcare law to have Medicaid. They're trapped in a "donut hole" so to speak. It's not just old people's prescriptions.

School lunches are not evidence of people abusing SNAP benefits; rather, they are evidence that SNAP doesn't go far enough to actually help people. It's hard to say if a program is successful or not when many people (I'm mostly thinking of you, Congressional Republicans) don't even allow the program a chance to work as intended. I think a UBI rolling up SNAP, welfare, and other benefits, that is sufficiently increase to be a true living wage (or at least close to it) is absolutely what we should shoot for, and seriously try.

The UBI will not change human nature. It will instead become one of the biggest entitlement boondoggles in the history of civilization.

In my experience, human nature often means people and strangers helping each other out. We're social creatures and like to live in "tribes" where we can help each other. I feel bad for anyone that is so convinced that humans are nothing but laziness and evil when it clearly isn't true. Not that there aren't problems, and some people are bad apples, but on the whole, its not near as dark and gloomy as you suggest. We'll be fine as a civilization as long as we actually start doing the right thing and helping each other, instead of rationalizing why its ok to let people suffer and die.

Comment Re:Life Liberty and Really? (Score 1) 460

They aren't changing anything. They are quoting from John Locke, not the Declaration of Independence (which changed Locke's quote from property to pursuit of happiness).

Came here to say this. Locke's philosophical ideas likely contributed a lot to how the founding fathers approached rights and freedoms when setting up the country.

Slashdot Top Deals

Nothing is easier than to denounce the evildoer; nothing is more difficult than to understand him. - Fyodor Dostoevski