Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Just Remember, Folks. (Score 1) 126

They're announcing this shortly before the Model 3 goes into production, which will be a mid-budget vehicle.

(Also worth noting: the AutoPilot++ or whatever it's called, the version that's supposedly SAE 5 level that'll be released before the end of the year, isn't free. It's an extra people will have to pay for. If you assume SDC technology will reduce accidents by 66%, and if regular insurance is $1000 a year, then they need to price this at around $3,000 assuming a normal average ten year lifespan of each vehicle. IIRC that was the ball park for the price for the SDC add-on they're going for, so this is quite believable. You're not paying for the technology - that's already paid for, you're buying insurance for the lifetime of the vehicle.

Comment Re:For variable values of "practical" and "relevan (Score 1) 128

So out of 172 root CAs only 14 include any path length restrictions, and even the ones who do still allow some chaining.

O_o

We're doomed.

I don't think the SHApocalypse will be tomorrow. This was an identical-prefix attack instead of a chosen-prefix which constrains the attacker considerably, and the computation required is much higher even to generate simple collisions. However, (again, please correct me if I'm missing something) it does seem plausible that that further weaknesses will be found which provide just enough leverage to forge a signature with one of those 172 CAs, and we may eventually see a rogue sha1WithRSAEncryption CA issued.

I concur, completely.

Comment All-In-One likely to be the future norm (Score 4, Insightful) 126

If you bought a chauffeur service you would expect the service to pay the chauffeur, maintain the car, and maintain the insurance. This isn’t much different (other than you own the car). Tesla is large enough to create the shared risk pool that insurance is founded on. Better yet, by also being the insurance it incentives them to make their cars as safe as possible. I don’t image regular insurance companies are too happy about this and will propose various strawman arguments in an attempt to keep Tesla and others from doing this once self-driving cars really get popular. In fact this all in one model is about the only way self-driving cars will be able to work. Self driving cars will only be safe as long as they are always maintained in top condition. Sensors have to be functioning and calibrated. Brakes have to be in good working order to maintain the cars safe expected stopping distance. Software upgrades are needed. Etc...

Once driver error is not the major factor in accidents it just doesn't make sense to keep the old insurance structure as the fault will almost always be with the manufacturer. This does of course reduce the insurance company's incentive (in this case the manufacture) to really go after claims due to negligence, though that will still be a private legal suit option. Let make sure providing the insurance doesn't also take away your right to sue.

Comment Re:Call me crazy... (Score 1) 79

Well, they're both solutions. But they run afoul of questions. Which users benefit most from each solution? And if someone benefits most from the massive battery with conservative display and processor specs, can you sell it to him?

I'll tell you right here that I'd much prefer LG's approach, but I'm an engineer. I think about my requirements differently than most people.

Comment US Life Expectancy is 91.9 years (Score 3, Insightful) 99

If you're a woman in the top 1% by income. If you're a man in the top 1% it's 88.8 years.

If you're middle class you live about 78.3 years if you're a man, which is big step up from 1980, probably because of smoking. If you're a woman you live 79.7 years, a decline of a few months since 1980.

Now if you're a poor your life expectancy has declined since 1980, to 76.1 for men and 78.3 for women.

So here's the picture: if you're rich, medical advances since 1980 have increased your expected lifespan by about seven years. But those advances haven't had any effect on middle class lifespans. If you're poor you apparently are having difficulty paying for medical care at all, which is not surprising because health care costs have consistently outpaced inflation since the mid-70s. If you're a working poor American health care inflation meant you basically screwed by the 2000s: you were too rich for Medicaid, to poor to avoid medical care.

One more thing: US has a GINI coefficient (measure of income disparity) of 45. That's the highest in the industrialized world, and much higher than it's low point of 34 in 1969. Basically all of the income growth sicne 1990 have gone to the top quintile, in fact the lion's share to the top 5%. People at the 80th percentile by income and below have seen basically zero income growth when adjusted for inflation. And since health care inflation rises faster than inflation, it means 80% of the the US has seen a cut in its disposable income.

Comment Re: Fake News (Score 1) 261

1. That was just an old theory, and not a widely accepted one.

2. Given what we've just seen, it demonstrably isn't.

That doesn't mean that there aren't compounds formed at great pressure that can remain stable at moderate pressures and represent very dense energy sources - there surely are. Metastability is a very real thing. But apparently not in the case of metallic hydrogen at ~STP.

Assuming that this actually even was metallic hydrogen; even that is somewhat in dispute.

Comment Re:So, America might have a lower life expectancy. (Score 1) 99

Why single out one cause, when there's obviously many.

Take food. I live near a supermarket that is probably three times the size of the one my parents went to, but the produce section is smaller, the meat and dairy sections about the same size. The surplus acreage is taken up with cheap, calorie dense, no-preparation convenience food.

Or the fact that Amercians spend more time in cars than they used to, on average over 290 hours a year.

Here's another interesting fact: research shows that the portion size you choose is positively correlated to the size of the package you serve yourself from; this doesn't happen consciously, it's just that a cup of cereal from a 9 ounce box appears like a lot more than a cup of cereal from a 21 oz box.

The huge sizes are driven in part by an attempt to cut down on trips to the grocery store. American home kitchens are the largest in the world, and most of that is needed for storage because we don't do very much food preparation.

So if there's a single root cause it's the pursuit (sometimes failed) of efficiency; we have the wealth to try to reduce labor and time spent doing things, but our bodies are designed to spend time doing things.

Comment Re:The solution is simple. (Score 1) 313

The problem may be the while Garcina Cambogia causes 30% more weight to be lost, 30% more of zero is still zero.

If that's what happens anyway it's somewhat problematic to use the word causes -- unless it's a different 30% in each case that would have happened otherwise. It's a bit like Woody Allen's the Great Roe: "A mythological beast with the head of a lion and the body of a lion, though not the same lion."

Comment Re:What should happen and what will happen (Score 1) 128

Using memory dependent hashes works better if one is a small server since one will rarely have a lot of people sending in their passwords at the same time, so the RAM space you need isn't that large. If you are a large organization then this doesn't work as well because you then need room to be able to do many such calculations functionally simultaneously.

Meh. If you are a large organization, you can afford more.

Anyway, the point is that you should turn it up as much as you can afford.

I agree that there's a linear v. exponential difference there(although for many of these it is more like linear and subexponential due to algorithms like the number field sieve),

Yes, NFS is subexponential, but not very "sub". And anyway, RSA is old, broken crypto which should be migrated away from.

but the rest of your comment is essentially wrong. We keep keys just long enough that we consider it to be highly unlikely that they are going to be vulnerable, but not much more than that.

I hate to resort to appeal to authority, but the actual analysis required to prove it is way more effort than I have time for this morning. Take a look at keylength.com, it has a host of authoritative references.

In fact, it would be a lot safer if we increased key sizes more than we do, but there are infrastructural problems with that. See e.g. discussion at http://crypto.stackexchange.com/questions/19655/what-is-the-history-of-recommended-rsa-key-sizes

Heh. In my previous reply I actually typed a long section about why RSA is a weak counterexample to my argument, but deleted it because it's nitpicking. Since you chose to pick that nit...

It's a valid counterexample because RSA key generation, and, to a much lesser extent, RSA private key operations, are computationally expensive enough to stress low-end devices (an issue I often have to deal with... I'm responsible for some of the core crypto subsystems in Android). But it's a weak counterexample because RSA is not modern crypto. It's ancient, outmoded, we have some reasons to suspect that factoring may not be NP hard, using it correctly is fraught with pitfalls, and it's ridiculously expensive computationally. And even still, the common standard of 2048-bit keys is secure for quite some time to come. As that stackoverflow article you linked mentions, the tendency has been to choose much larger-than-required keys (not barely large enough) rather than tracking Moore's law.

So, yeah, if you use an outdated, ridiculously expensive algorithm, and you do it on very low-spec hardware, and you want it to be secure for a very long time then, yeah, you might end up having to use barely-large-enough key sizes.

Don't do that. For asymmetric crypto use ECC. Preferably with an Edwards curve, so you don't have to deal with niggling suspicions that the curve is weak in some obscure way known only to the NSA.

Comment Re:Hard wired (Score 1) 172

As hunter-gatherers (you know, in the time before writing and the invention of religion)

Before writing, yes. I strongly suspect that religion existed even then. All of the hunter-gatherer societies that survived to historical times had religions, often quite sophisticated ones.

Slashdot Top Deals

Lo! Men have become the tool of their tools. -- Henry David Thoreau

Working...