Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:"Business People" (Score 1) 192

This is the Keynesian beauty contest:

It is not a case of choosing those [faces] that, to the best of one's judgment, are really the prettiest, nor even those that average opinion genuinely thinks the prettiest. We have reached the third degree where we devote our intelligences to anticipating what average opinion expects the average opinion to be. And there are some, I believe, who practice the fourth, fifth and higher degrees.

Comment Re:Latency vs.Bandwidth (Score 4, Informative) 73

It depends what you mean by fastest. As you note we have a perfectly good word for "the time it takes for a bit to make it out the other end" - latency. Most people probably intuitively associate bandwidth with speed, though, because it's most directly relevant to what they do, which is try to transfer quantities of data. If it takes 1 minute to download a movie on one connection and 10 on another, but both are identical latency, most people will say the former is 10 times faster - because it is, for what they use it for. A gamer who has specific needs might prefer a lower-bandwidth but lower-latency (or jitter) connection, but probably wouldn't call it faster - they'd say it was lower latency because they know most people associate speed with bandwidth. Your dump truck wouldn't be called the fastest, but if the typical person had a mountain of soil they wanted moved and called up the earth-moving companies to give them a bid, the one with the biggest trucks would probably be able to bid the shortest time.

Of course, if it's a more direct routing, it may indeed be the lowest-latency link between those two points.

Comment Re:Just a few notes (Score 1) 170

Yeah the Phenom thing is a good one, we were trying to figure that out earlier in hangar flying. (Also a PPL.)

This is certainly a military "area denial" test, with the secondary effect of "aviation users, let us know if there's any gotchas we didn't know about as we move to GPS-only" (NextGen). Probably there will be no actual impact, and if there is, between pilotage, dead-reckoning, and VORs pilots should be just fine. If they aren't, they really shouldn't be flying anyway. IFR makes things slightly more interesting, but then again they have ATC to work with.

Aviation GPS is unlike your car or phone, and it comes with a wide range of self-monitoring built in. First RAIM and now WAAS can tell you if you're experiencing a degradation of sufficient magnitude to mess up your navigation - in particular, a RNAV approach - and you need to switch to an alternate (or go missed, for the approach case).

The interesting thing here is that WAAS will be affected, but the FAA doesn't require you to have a non-GPS backup to operate under instrument flight rules (IFR) if your GPS is WAAS. So I guess if you're IFR you should just not go there...? Or have a backup... (for this one case)? That's the only thing that's weird to me. They need a better story here.

The military does these things all the time. Not sure why this one is making the news - here's an identically-sized one from 2015 (the reason for the identical size rings is just line-of-sight plus earth curvature to those altitudes)

Comment Re:Mysterious ways of the government (Score 1) 170

Selective Availability (the system you're talking about) was turned off permanently in the year 2000 by Clinton, and the new satellites don't have the capability.

The rationale was that GPS is too useful and too important to screw it up globally, and that it was easier to just deny adversaries the capability on an area basis rather than a global basis. Like, say, what they're doing now as a test.

SA didn't even work that well since people were working around it - basically discovering the error and broadcasting a correction, using systems called DGPS.

All paraphrased from the wiki, of course.

Comment Totally reasonable (Score 4, Informative) 216

I am a private pilot and the only tortured thing here is how the service tried to get around "holding out" and "compensation". Obviously the FAA doesn't see it this way. If you are a private pilot you're held to a lower standard - of training, medically, during the examination, and for the aircraft - than a commercial pilot. Which is held to a much lower standard than an airline pilot. It's not really that safe, either - the GA fatal accident rate is comparable to motorcycles, and that doesn't include a bunch of PPL cowboys feeling pressured to go in marginal conditions, which this service would surely promote. Would you jump on the back of a random motorcycle with an unknown driver?

A bunch of people have said that you can't be paid to fly. It's worse than that - you can't receive any benefit in exchange for your flying. All you can do is offset your losses. The safest thing is to pay your own way, then everything's legal. If you split costs with your buddy and he buys you a steak dinner, the FAA will kick your ass. Yes, this has happened. So too did they punish the guy who ferried his bar-owning friend's customers to the bar "as a favor" when the charter flight fell through. Even though they couldn't find any direct compensation, they still won on the theory that "there's no way someone is out $2k without at least a quid pro quo, and in any case think of the passengers who were expecting a charter flight to commercial standards"

Most people are used to licenses - rights - that can't be easily taken away. Like your drivers' license - that's a court case if they want it. Being a pilot means you have a certificate and it can be taken away much more easily (i.e., no courts involved) if the FAA feels it is appropriate. And they have no trouble convincing the oversight (the NTSB administrative law judges are the highest you can go) that their interpretation of the "holding out" rules is the correct one.

Flytenow didn't shut down because the FAA said "no", at least not directly. They shut down because once the FAA publishes an opinion of how they see the regulations and intend to enforce them, you'd be stupid as hell to fly if they said "we think this is against the rules and will prosecute people for doing it". It'll stick, too, barring "arbitrary and capricious".

If you can find an example of people "lawyering" with the FAA and succeeding, I'd like to see it. There's plenty of examples of people thinking they've found a loophole and are smarter than the FAA lawyers - but they all forget that the FAA isn't bound by the letter of the regulations (they're not laws!) and that they're allowed to punish people for what they meant to say so long as it's reasonable regardless of whether it's explicitly written down. The FAA's intent is very clear - you can go camping with your buddy and split the costs, but you can't be a charter service. If they think you're basically being a charter service, they'll burn you regardless of how you try to wiggle out of it.

Comment You've been warned: biometrics might not be secure (Score 4, Interesting) 224

See this Slashdot article from October 2014: Virginia Court: LEOs Can Force You To Provide Fingerprint To Unlock Your Phone. And that's not the first.

(IANAL.) The idea is that forcing you to reveal something you know (passcode, etc) is testifying and thus could be self-incrimination and not constitutional, but that forcing you to provide something about yourself is totally kosher. The analogy is being compelled to give up a key or DNA vs a safe combination - the former is searchable, the latter is not. Fingerprints are routinely taken upon arrest, even if the person is released without charges. Physical descriptions or stuff on/about you is not testifying. The argument to make here is a fourth amendment one about being "secure in ones papers" - but they have a warrant so that doesn't do any good anyway.

What it comes down to is the fifth amendment is a very important, but very circumscribed, right - not a get out of jail free card. Which shouldn't have been a surprise, really, otherwise the police would never be able to prosecute much of anything.

Comment Re:It's not just Bash... (Score 2) 160

Actually it's apparently not a port. You could copy a regular ELF binary from your Linux system and it would run just fine. The kernel is actually implementing the Linux syscalls, more or less. IIUC it's a peer to Windows in the NT kernel.

This isn't the first time people have done this. The old Services for Unix implemented a lot of the primitives like fork() but still required recompilation. People bolted on an ELF loader and dynamic linker to that and were able to get stuff working.

Comment Re:Slight correction "devices", not "employees" (Score 3, Insightful) 41

To provide a little more color, there's a proxy that checks client-device certificates and acts as a bastion between the internet and the internal networks that tools run on. Of course, Google is a bit special - with limited exceptions, our internal tools are just like normal Google software and run on Borg (or our cloud platform) and use most of the same backend infrastructure (Bigtable, etc) and connect to the internet and other services in the same way as everything else we run. For internal apps, there's just an additional level of access control that checks the certificate. And getting a certificate is tightly controlled with asset tags or employee credentials (which include hardware tokens). You can get your email and calendar (and certain other internal apps) with just your Google login and no certificate, but most but not all of the internal tools (such as the bug dashboard, code review, source code search, most dashboards, etc) require a separate SSO login that does check for a certificate. Command line tools work completely differently because they send RPCs instead of using HTTPS.

My mother works for a bank, and despite similar level of infosec risk, Google's security policies are dramatically more workable. She can't print locally without special permission - I could read the source code for the company on my phone, if I was willing to have a typed password. The only real restriction is "no source code on a laptop", you have to SSH in to your desktop or use a web-based (and very good) IDE instead.

Basically, the traditional non-"BeyondCorp" network (including VPN) is just another security by obscurity. It doesn't work when APTs are targeting you - all someone has to do is sneak a wireless AP into the wall near the loading dock, and it comes down like a house of cards. Device-level security is the only strategy that doesn't completely fall over in that kind of threat model. And it has obvious convenience benefits to boot.

Comment Re:The Victorian Internet (Score 1) 49

I've read that book several times. Well worth the read - talks about the development of the Morse electric telegraph from the earlier mechanical and needle designs, the extensive pneumatic tube links between post offices, and the first undersea cables and some of the technical rivalries that developed. It even talks about multiplexing and ciphers and stock tickers and so on.

One of my favorite stories is how comparatively late Morse&c were to the party. There were working electric telegraphs but they were fantastically complex, using multiple wires to move needles around to point at letters. There's the famous story about developing the code by going through a bin of printer's type to figure out letter frequencies (which is why 'e' is the shortest encoding). Morse's one-wire telegraph was the most straightforward and reliable - but even Morse started out overly complex with a tricky machine that drew the dots and dashes on moving strip of paper. It didn't occur to them that before long operators would simply use the ticking sound to hear the code. In retrospect the telegraph would've happened much sooner if people had realized it didn't have to be so complicated in order to work.

Comment Re:Hudson (Score 1) 138

Funny joke, but the Hudson is actually much cleaner. You can even eat the fish out of it (though they don't recommend it more than a few times a month for pregnant women, at least last time I saw a sign).

Back when they started putting in all the piers in NYC, there were no shipworms. You had these 100+ year old wooden piers that were like brand-new, and nobody gave it too much though. "There's just no shipworms in the Hudson, I guess" - people certainly were no strangers to the risk of putting wood in water. But in the late 80s-early 90s the river became clean enough that the teredos came back and ruined a bunch of these old piers and in very short order (10-20 years). Turns out the worms (actually a kind of clam) are very sensitive to pollution.

Slashdot Top Deals

Congratulations! You are the one-millionth user to log into our system. If there's anything special we can do for you, anything at all, don't hesitate to ask!