Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Well yeah (Score 1) 331

That's actually a good argument for the Universal Basic Income. No punishment for seeking independent income, no way to cheat for it since every citizen is entitled to it.

Part of the depression of government dependence is probably related to various bureaucrats lording it over you and the knowledge that if you manage to make a bit of money independently, you could lose all support and end up on the street.

Comment Re:Well yeah (Score 2) 331

That's why we need a safety net that makes it more or less OK if robots take your job.

Don't forget that they can even indirectly take your job or at least cut into your pay. Imagine if robots take 25% of the jobs out there. Some small fraction of those people will then be applying for your job, and they'll probably be cheaper than you.

Comment Re:For variable values of "practical" and "relevan (Score 1) 132

So out of 172 root CAs only 14 include any path length restrictions, and even the ones who do still allow some chaining.

O_o

We're doomed.

I don't think the SHApocalypse will be tomorrow. This was an identical-prefix attack instead of a chosen-prefix which constrains the attacker considerably, and the computation required is much higher even to generate simple collisions. However, (again, please correct me if I'm missing something) it does seem plausible that that further weaknesses will be found which provide just enough leverage to forge a signature with one of those 172 CAs, and we may eventually see a rogue sha1WithRSAEncryption CA issued.

I concur, completely.

Comment Re:Call me crazy... (Score 1) 83

Apparently that's part of the solution here. That's why the specs aren't bigger.

Personally, I could use a bit more storage, but it seems fine as-is. I don't need a phone that can do CFD in the background, I just need it to communicate. Voice, text, email, some light web browsing, and an SSH client. It should be fine for that.

Comment Re:Huh? (Score 1) 244

If your statement applies to a 27 year old man, it applies to an 80 year old woman. Both in this scenario would have bought a self-driving car from an auto manufacturer. I chose her as an example to highlight for you the absurdity of expecting the end user to have the engineering expertise necessary to be liable for not choosing their mass market self-driving car carefully enough.

But if you prefer, what failure of expertise might a 22 year old liberal arts major show in choosing a m,ass market autonomous vehicle would attract liability for an engineering failure?

Perhaps the real reason you're upset is that your argument hinged on an unreasonable expectation of the consumer's engineering knowledge.

As for your comment about DRIVER error, that would be the autonomous system designed by the auto maker. It would not be the person who punched in the address of the university and pressed go before cramming in an extra 30 minutes of studying for the exam.

Comment Re:What should happen and what will happen (Score 1) 132

Using memory dependent hashes works better if one is a small server since one will rarely have a lot of people sending in their passwords at the same time, so the RAM space you need isn't that large. If you are a large organization then this doesn't work as well because you then need room to be able to do many such calculations functionally simultaneously.

Meh. If you are a large organization, you can afford more.

Anyway, the point is that you should turn it up as much as you can afford.

I agree that there's a linear v. exponential difference there(although for many of these it is more like linear and subexponential due to algorithms like the number field sieve),

Yes, NFS is subexponential, but not very "sub". And anyway, RSA is old, broken crypto which should be migrated away from.

but the rest of your comment is essentially wrong. We keep keys just long enough that we consider it to be highly unlikely that they are going to be vulnerable, but not much more than that.

I hate to resort to appeal to authority, but the actual analysis required to prove it is way more effort than I have time for this morning. Take a look at keylength.com, it has a host of authoritative references.

In fact, it would be a lot safer if we increased key sizes more than we do, but there are infrastructural problems with that. See e.g. discussion at http://crypto.stackexchange.com/questions/19655/what-is-the-history-of-recommended-rsa-key-sizes

Heh. In my previous reply I actually typed a long section about why RSA is a weak counterexample to my argument, but deleted it because it's nitpicking. Since you chose to pick that nit...

It's a valid counterexample because RSA key generation, and, to a much lesser extent, RSA private key operations, are computationally expensive enough to stress low-end devices (an issue I often have to deal with... I'm responsible for some of the core crypto subsystems in Android). But it's a weak counterexample because RSA is not modern crypto. It's ancient, outmoded, we have some reasons to suspect that factoring may not be NP hard, using it correctly is fraught with pitfalls, and it's ridiculously expensive computationally. And even still, the common standard of 2048-bit keys is secure for quite some time to come. As that stackoverflow article you linked mentions, the tendency has been to choose much larger-than-required keys (not barely large enough) rather than tracking Moore's law.

So, yeah, if you use an outdated, ridiculously expensive algorithm, and you do it on very low-spec hardware, and you want it to be secure for a very long time then, yeah, you might end up having to use barely-large-enough key sizes.

Don't do that. For asymmetric crypto use ECC. Preferably with an Edwards curve, so you don't have to deal with niggling suspicions that the curve is weak in some obscure way known only to the NSA.

Comment Re:Hard wired (Score 1) 175

As hunter-gatherers (you know, in the time before writing and the invention of religion)

Before writing, yes. I strongly suspect that religion existed even then. All of the hunter-gatherer societies that survived to historical times had religions, often quite sophisticated ones.

Comment Re:Huh? (Score 4, Insightful) 244

In general, liability goes to the entity that could and should have done a better job avoiding the incident. So tell me, if an autonomous vehicle crashes, who could have done a better job avoiding that, the manufacturer that marketed the car as safe and their development team, or the 80 year old lady who bought the autonomous vehicle because she was no longer allowed to drive? What is it that you think the lady could and should have done better but failed at to attract a portion of the liability?

Comment Re:The owner should be liable (Score 1) 244

The problem with the owner being liable is that if a self-driving car does serious injury to someone else then most people won't be able to afford to pay; then the burden will end up on the taxpayer.

The important thing is that whether you are driving a self-driving car or not, you carry valid liability insurance. Then it's up to the market to decide what to price the insurance premiums at.

Slashdot Top Deals

Each new user of a new system uncovers a new class of bugs. -- Kernighan

Working...